back to article Harvard kid, 20, emailed uni bomb threat via Tor to avoid final exam, says FBI

A Harvard student used internet privacy tools to send a bomb threat to his university in order to avoid taking a test, it was alleged today. Prosecutors in Massachusetts accuse sophomore Eldo Kim of firing off an anonymous email that claimed there were a pair of explosive shrapnel-packed devices on campus. It is alleged the …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge
Holmes

This is why Tor was/is never going to work

You might be able to encrypt the contents of a message, but someone is always going to be able to watch you get on or off the system.

Which is probably the real reason why the NSA helped build it in the first place. They knew the dope dealers and wannabe terrorist idiots like young Mr. Kim would be drawn to Tor like flies by the promise of easy anonymization, making it easier to track them and map their activities.

2
16
Silver badge

Re: This is why Tor was/is never going to work

@Andy Prough:

I agree with you. I had higher hopes for Tor, but we need a much more comprehensive approach to secure communications. I am not sure why everyone cannot see the need for it, but we need pervasive encryption everywhere. Making point to point communication untraceable should be a fundamental part of infrastructure. Rather than aiding and abetting rogue regimes attempting to illegally monitor and control speech, network infrastructure companies like Cisco should be working diligently to ensure that intercepting communications is as difficult as they can make it.

The state is an adversary in any rational threat model. Creating a system that actually aids adversaries is poor security design indeed.

5
8
Anonymous Coward

Re: This is why Tor was/is never going to work

The NSA didn't build Tor - it was the US Navy. And the NSA can not in general track people through Tor, as their own internal briefing leaked by Snowden makes clear - google "Tor Stinks" if you haven't read it yet. If he hadn't been so careless as to start up Tor, immediately send the threats and then shut Tor down again, they wouldn't have had grounds to suspect him.

11
2
Silver badge

Re: This is why Tor was/is never going to work

@AC - 02:41 - Keep telling yourself that Tor will keep you anonymous and that the NSA wasn't involved in its design. I'm sure everything will turn out just great for you.

But you should see I wasn't saying anyone would track you "through" Tor. They don't have to. All anyone has to do is monitor the on-ramps and off-ramps, which is why the whole concept is completely idiotic to begin with.

It's like a thief breaking in and out of a building via the front door in broad daylight on a busy piblic street. He says to himself, "well, as long as I turn off the lights inside when I'm robbing the place, the security cameras can't spot me". He's missed the whole point - everyone saw him break into the front door with an empty duffel bag, and come out 20 minutes later with a full one. No one has to have video of what he did inside.

5
6
Silver badge

Re: This is why Tor was/is never going to work

"All anyone has to do is monitor the on-ramps and off-ramps, which is why the whole concept is completely idiotic to begin with."

It does get a little more idiotic and a lot simpler when you have folks who don't think it through. Let's be honest, if you're trying to hide your tracks you probably should be smart enough to ensure the network sending the threat wasn't the same one to receive it.

In that respect your analogy is a bit off. It's more like he used his access card to enter the building in the middle of the night, rob the joint, and then hit the electronic lock on his way out. All the next person who goes in has to do is look at the access log and they have a pretty good idea of what happened when it turns out that his key card is still in his pocket. It's not an inherent failure of Tor, it's a failure to understand how things work. The kid might as well use Tor for Google Cloud Print.

8
0
Anonymous Coward

Re: This is why Tor was/is never going to work

"Which is probably the real reason why the NSA helped build it in the first place."

Not hardly. But, I've been informed that TOR has been penetrated, ages ago.

NSA data would contaminate any criminal case, as the NSA is part of the US DoD and prohibited from operating in any form of domestic law enforcement.

Of course, the FBI does have their own group that does similar...

And agents working alongside NSA types, who advise them...

And certain foreign interests have been caught dead to rights doing rather unpleasant, amoral, unlawful things that are just this side of acts of war via TOR.

Which is why TOR got broken into.

0
3
Bronze badge

Re: This is why Tor was/is never going to work

"Making point to point communication untraceable should be a fundamental part of infrastructure."

Sorry, but on my networks, I want to know where traffic originates and where it goes to.

It makes threat detection much, much, much more possible.

Before sensitive company documents find their way to the competition.

7
1
Anonymous Coward

Re: This is why Tor was/is never going to work@Andy Prough

It's not often you see @Andy Prough talking with some semblance of sense instead of going off on an anti-Apple rant.

Well done @Andy Prough.

1
2
Silver badge

Re: This is why Tor was/is never going to work

If he hadn't been so careless as to start up Tor, immediately send the threats and then shut Tor down again, they wouldn't have had grounds to suspect him.

Which demonstrates the major weakness in any secure network - the users. Look at the stories about the Bletchley Park work, almost every break they got came from someone doing something careless because they didn't understand how cryptographic systems work. The same will be true of any supposedly-secure internet scheme, the majority of the people who use it will just assume it's secure because it says so, and will have no clue that the way in which they use it will break that security. Any such general-purpose setup is efectively broken before it gets going for anything but the most trivial level of protection.

3
0
Anonymous Coward

Re: This is why Tor was/is never going to work

So blocking torrent sites only drives up the amount of Tor Traffic, and, once everyone is on, who are you going to watch? - stupid UK website blocks... teaching every low level criminal to use the tools of the higher level is hampering your security...

0
0
Silver badge

Re: This is why Tor was/is never going to work

"The state is an adversary in any rational threat model"

If you prefer not to have a state, might I suggest Somalia or Afganistan as possible destinations.

4
1

Re: This is why Tor was/is never going to work

No, no, no ... this idiot used tor from the campus wifi <---- that was asking for trouble.

Now, the email service gave the IP to the FBI, that was used from 20:15 to 20:30, FBI figured it might be tor, then they looked at the campus logs for tor connections at that time and found Kim .... easy. They probably never even had evidence of the contents ... that, they will get from the NSA later ...

2
0
Silver badge

Need to stop more than Tor

Lots of things were involved in this incident. No doubt they used electricity during this time and were aided and abetted by food and shelter. The fact that they were not actively under surveillance was a contributing cause. I think if we do a little digging we will discover that he got tools and ideas from the Internet and somehow was able to make sense of them; perhaps by leveraging early terrorist training in reading and writing. No doubt we could have at least slowed them down by ensuring they did not have access to plumbing and sanitary facilities.

Many things are implicated in any activity. The emphasis on Tor is an attempt to make a case against personal privacy, not because it is peculiarly enabling of crime and of no value otherwise, but because it threatens the entrenched power structure.

Most people are not going to get it, but the Commentardia should be easily able to make sense of this and should be communicating this to their fellows. Stopping private communications is net detrimental just like pulling down any other necessary infrastructure; perhaps more so.

7
3
Bronze badge

You're hardly a kid at 20

If it really was him, bloke should have known better and studied for the tests, or taken it like a man and tried again next semester.

Crash-course on adult life and consequences of actions, anyone?

13
1
Silver badge

Re: You're hardly a kid at 20

One of my mum's pet peeves too: news commentators referring to clearly-adults as 'boys', 'kids' etc. She feels it doesn't encourage adults to behave like adults by giving them a get-out label.

9
1
Silver badge

Re: You're hardly a kid at 20

You're only young once but you can be immature forever.....

8
1
Silver badge

Re: You're hardly a kid at 20

It happened in the US, whose legal drinking age is 21…

In any case, while the (likely now former) student's biological age was 20, no adult would do something so childish as to call in a bomb hoax just to avoid an exam, and not expect the bombshell to blow up in their face.

That said: what they have now is circumstantial evidence; traffic that left the university network for the Tor network, co-incidentally at the same time, incoming traffic from the Tor network to the university mail servers.

If the "kid" was smart, he'd have put a delay in the transmission and done it from an outside Internet connection.

4
0

Re: You're hardly a kid at 20

If he was really smart he would have been able to just sit the exam

15
0
Bronze badge

Re: You're hardly a kid at 20

"Crash-course on adult life and consequences of actions, anyone?"

Not much of a crash course. He'll depart that course with a BS in unpleasant life, might get his masters if he gets into any trouble in prison.

0
0
Bronze badge

Re: You're hardly a kid at 20

"One of my mum's pet peeves too: news commentators referring to clearly-adults as 'boys', 'kids' etc."

I'll plead guilty on using the term kid in reference to the 30 and under crowd.

But hey, when you are military (retired now) and serve with men who are younger than your children by a lot, you tend to call them kids.

Knowing full well that they're men, but...

"Hey, does that new Lieutenant kid's parents know that he's out playing Army?"

1
0
Bronze badge

Re: You're hardly a kid at 20

"That said: what they have now is circumstantial evidence; traffic that left the university network for the Tor network, co-incidentally at the same time, incoming traffic from the Tor network to the university mail servers."

Even SNORT detects TOR traffic, with the originating internal IP to the external IP.

Traffic analysis of the TOR network can do the rest.

But, the point is, start the traffic, it is logged that TOR was initiated at time X from IP B to TOR node Y. Disconnection from TOR at time A from IP B was also logged.

Circumstantial, but much tighter.

Message traffic from TOR to Gorilla at time C, if not lagged to send later, Gorilla immediately sends to university server at time C+ a few milliseconds at worst case.

Not a really brilliant plan.

1
0
Gav

circumstantial evidence

Except they presented their circumstantial evidence to the student and he coughed.

I think it was also a bit more conclusive. They could track the Tor traffic to a single network access point, one that he was connected to at the time along with a handful of others.

His mistake was in thinking that just because no-one could see what he was doing on Tor was enough to disguise the fact he was on Tor.

1
0
Bronze badge

Re: You're hardly a kid at 20

Some years ago (probably before 9/11 added to the paranoia level), I would see people milling around outside an office building in downtown Washington, DC. It turned out that the building they worked in kept getting bomb threats, requiring evacuation and search. Presently it turned out that two men were responsible for it, one of whom worked in the building. The other would call in a bomb threat so that they could have a good long lunch.

On the one hand, I'm pretty sure that both were over 20. On the other hand, I was also pretty sure that they weren't Harvard material.

0
0
Silver badge

Re: You're hardly a kid at 20

Given that our brains aren't fully developed until we're 25 I think it's appropriate to call a 20 year old a kid.

Also, given the same fact, fathers throughout history have been correct in their assessments that their daughters' boyfriends haven't had a full share of grey matter. A bit off topic perhaps, but it's a fun little tidbit.

2
0

Yes, a Harvard kid should know better. The use of PAYG GSM internet access and non-US VPN service, connected to a new-build Linux VM deleted after the task, would've been the way to go. Rookie mistake!

7
0
Bronze badge

If he had those kinds of skills, he'd be going to a real school, like the one down the street.

8
0
Silver badge

Going to Harvard, or any of the upper echelon US schools, is not an indicator of intelligence, wisdom or capabilities. If you've got the financial means to go, they'll let you in.

That's not to say all the students are stupid kids with wealthy parents, but it's not to say a lot of them aren't either. Some of the most useless people I've ever met went to Harvard, Dartmouth, Stanford and Yale. They hand out degrees to all paying customers students just like most other non-technical US universities.

10
0

Actually, you want slax livecd with copy2ram and use PAYG GSM - the linux distribution is in ram, gone after a reboot. Better, (PAYG GSM sim might be bought from store = video surveillance) You could also use slax with wifi, change your mac address, then connect to tor from outside a mc d with a hoody from the bushes, just make sure no video surveillance gets you and they will never get you.

0
0

To me it seems the fact you used Tor at the time of the transmission of the email, doesn't actually prove that it was you who sent it. At most it proofs that coincidence exists.

Just like a broken clock that indicates the right time twice a day, doesn't prove that it's working every now and then.

The real proof in this case is probably that he cracked in front of police pressure, and has admitted to committing the fact.

2
1
Silver badge

If he cracked under police pressure, then it wasn't coincidence, it was circumstantial evidence.

;-)

Steven R

1
0
Anonymous Coward

Tor is known to be vulnerable to this kind of traffic-correlation analysis, and the FAQs warn about it. If he'd been running a middleman node constantly for a while in advance, nobody would have been able to spot a slight bit of extra traffic at the time he used it to send the emails.

0
0
Rob

Thanks...

..."a broken clock that indicates the right time twice a day" I now have the tune by orbital swimming around my head, probably for the rest of the day.

0
0
Bronze badge

Hoodie, sunnies and cheap tablet

Is all that is required. Lob up to your local cafe/library that offers free wifi, and use Guerilla from there.

Switch off, and dont use the tablet for anything 'net related again, unless you plan to send more hoaxes.

0
0
Silver badge

Re: Hoodie, sunnies and cheap tablet

All that's required is to be prepared for the exam. If you can't even do that then you'll be of no use to me, or anyone else who has those jobs things to give people.

Not that doing well in school, or even going, aren't required for you to be a valuable workplace contributor, but if you do choose the university route and then can't even prepare for your primary task you're pretty worthless, degree or no. It doesn't matter what you do, but whatever it is you've got to do it to the best of your abilities or don't do it at all.

4
1
Silver badge
FAIL

Missing the obvious...

Reading the article and the referenced criminal complaint points out that they were unable to backtrack via Guerilla Mail and/or TOR. All they knew was that TOR was used. It would appear that the Department of the Obvious took over... suspect a student. Check of server logs and bingo, they have someone "of interest". Short interview and he confessed.

So TOR did its job.. he was hidden. Stupidity became the downfall as he had to log into the wifi. I guess he didn't think ahead about the login part. If he'd went off campus, he might not have been caught.

So, yes, now the media will holler and scream about TOR. If they scream about the stupid act of logging in, they give anyone another method to do a crime and getaway.

Maybe it's a good thing we don't have laws that would add jail time for being stupid. Or maybe we should. I'm torn on this point. At the very least, he shouldn't be allowed to breed...

4
0
Silver badge

Re: Missing the obvious...

The stupid part was confessing. Last time I checked TOR wasn't illegal. He might have been ordering drugs for a frat party, looking at weird porn, pirating a movie or looking up his favourite Jihadist website.

Plenty of reasons to use TOR.......

2
0
Bronze badge

Re: Missing the obvious...

"So, yes, now the media will holler and scream about TOR."

At least in the US, most of the media don't even know what TOR is.

I'd not be in the least bit surprised to hear it reported as toro.

A least until the lawnmower company complains.

"Maybe it's a good thing we don't have laws that would add jail time for being stupid."

Well, if we criminalized stupid, we could clear out a hell of a lot of lousy politicians, all over the world, in no time flat!

1
0
Bronze badge

Re: Missing the obvious...

@Thorne

"The stupid part was confessing "

As the suspect was so inept, I imagine that checking out his laptop, etc. would provide more substantive evidence if necessary.

0
0
Silver badge

Re: Missing the obvious...

"The stupid part was confessing. "

Only stupid if voluntary. Given that the police spend a lot of time interrogating people, they are usually as good at it as you will be at your jobs. Keeping a completely straight face, and telling a coherent and unchanging story when being questioned by the police is not as easy as it seems, and I'd wager that any non-career criminal will struggle to avoid dobbing themselves in it.

0
0
Bronze badge

Re: Missing the obvious...

Agreeing with you guys on most things, yet we don't know how competent the interrogators are, what kind of methods..cough-cough.. tortures they might employ. Not sure if I wouldn't confess of stealing the pope's watch if becoming a suspect.

-- Using Tor at the same time some message was sent, so what? Bomb threat, what is it? Wait, wait why are you putting this plastic bag on me, I can't breath.... I will confess, I did whatever you say, please, let me breath!!!

0
0
Bronze badge

He made one big mistake

He connected to Tor using the campus network. These campuses tend to use routers that log all student traffic for obvious reasons (*cough*to suck up to the RIAssA/MPAssA*cough*)

One would think that it'd have played out differently if he had used a nearby Starbucks or McDonalds wifi.

That said, all that to avoid a final exam? Might as well just suck up and take it or go the old route of calling in sick. It's as if his parents threatened to kill him if he fails the exam or something.

2
2
Silver badge

Re: He made one big mistake

"That said, all that to avoid a final exam? Might as well just suck up and take it or go the old route of calling in sick. It's as if his parents threatened to kill him if he fails the exam or something." - At the end of the day of course you're right; but you should never underestimate how unbelievably tempting it becomes in a pressing situation to avoid a course of action with a known grave consequence by doing something potentially much more grave under the prospect of nobody ever finding out you did it.

Not that I approve of such conduct, mind you; but I absolutely can understand it.

0
0
Bronze badge

Two... Words...

Epic FAIL

0
0
Bronze badge

Re: Two... More ... Words...

Social FAIL

(Well, TWO more:

Academic FAIL)

1
0
Hoe

Hmmm?

I thought Harvard was for intelligent people?

0
0

Re: Hmmm?

A mistake many people make, including the faculty.

10
0

If there's a proxy server between the campus WiFi network and the Internet at large as is often the case for this kind of setup blocking pr0n and so forth then he's going to be buggered. Does not matter what services were used to send the mail, from login to logout every URL visited was probably recorded.

1
1
Silver badge

Acessing Tor from the campus system...

...was a bad mistake, but doing it from a (nearby) library or internet cafe instead has its own pitfalls.

Most such places are covered by cameras, so if the FBI/NSA failed to find a Tor access on the campus system at the right time, their next step would be to widen the net and start checking all the nearby wifi hotspots for Tor logins at that time. Most places that offer public internet access are covered by cameras, so then all the FBI/NSA would have to do is run the camera footage of the relevant computer and its user past Facebook's facial-recognition database and they'd nail him.

The only way around this is to effect some kind of disguise that could fuck up Facebook's facial-recognition software (false beard, new haircut, makeup possibly?) and/or to do the deed from a much more distant location.

Yes, I'm a lot more concerned about the invasive ubiquity of Facebook's facial-recognition system than any putative ability of the authorities to backtrack through Tor. You don't even need to be on Facebook yourself to be on it; any idiot with a camera who knows who you are, can put your picture on there with an identifying tag. It's a system far more ripe for tracking abuse than compromised Tor exit nodes and access logging.

1
0
Anonymous Coward

Re: Acessing Tor from the campus system...

To be on Facebook in the first place suggests some kind of tardo.

1
1
Bronze badge

Sad... This "kid/adult" otherwise was SMART, but apparently not smart enough

If it was him, then he wasn't smart enough to write his way into a legit excuse to defer the exam.

According to this:

http://www.thecrimson.com/article/2013/12/17/eldo-kim-threat-profile/

It seems to me that he had quite a promising future ahead of him. Something must've derailed his studies or studying enough to get him off track to not be ready for the exam/s.

Tragic waste. And, he's just adding yet another bit of injury to the recent string of exchange/foreign/immigrated student crimes by someone hailing from Korea. One recent one coming to mind is the med or nursing student who gunned down multiple people in Oakland, CA in late 2011 or early 2012. But, this one didn't kill anyone, only sent dangerous threats.

What he probably had not put into his calculus was the likelihood of the recent Boston Bombing incident putting Massachussetts on an ever-high alert, meaning probably EVERYONE in MA is being sniffed more aggressively. He should have taken the exam fail rather than epic/social fail.

Probably, though, since it seems he was in the USA at age 16, he has not yet served nor chosen a nationality, as all able-bodied South Korean males not in a special exemption status (father was a hero; missing rear molars; missing a trigger finger; colorblind; misaligned joints/arms/feet; last surviving son in a family; and a bunch more that exist), he probaby will be released from having to serve if his has not chosen a country by age of majority. His parent probably are reeling to and fro in agony.

Sad.

0
0

Page:

This topic is closed for new posts.

Forums