Use of Tor helped FBI ID suspect in bomb hoax case

Discussion in 'privacy technology' started by lotuseclat79, Dec 19, 2013.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Use of Tor helped FBI ID suspect in bomb hoax case.

    -- Tom
     
  2. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    His mistake? He confessed. I would highly doubt they could pin it on him because of his use of Tor at the time. He could just say, he was looking at his emails or researching a project and he uses Tor because he does not trust the schools internet, he could even say look at what trouble the school internet got me into now which is case and point of why i use Tor. I really don't get why he confessed, is he stupid? What gets me is this kid was going to Harvard, how in the world can he be going to such a good school and be so stupid, hell.... I would most likely not get into Harvard, and why? I seem a lot smarter then this guy.
     
  3. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I agree. Disregarding the two main security principles he blew off, you never talk to the police.
     
  4. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    They might have narrowed down who it was using the activity records stored by computer. If he ran Windows, it would have stored all they needed. With a bomb threat, they probably could have forced the users to give them access to their equipment.
    Intelligence and sense often don't go together.
     
  5. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    I am more in the belief that memory for books is more a requirement for higher education then actually being independently smart, you can be a complete moron and memories the works of Shakespeare if you have a good memory. Yet can they write a play themselves? Probably not, they would just re-hash a copy of what they read.
     
  6. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    Yup, you always got a lawyer. Even with traffic stops you can contest them with a lawyer. No need or reason to corporate with LE that abuses its powers in the first place.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    If he had accessed Tor through a plain-vanilla VPN service, popular among fellow students, he would not have been targeted.

    And yes, he did confess, which was extremely stupid. However, police are well-trained in psychology to read guilt. And, they're also well-trained in how to manipulate suspects into confessing. There's the classic "good cop, bad cop" dynamic, where the "bad cop" scares the **** out of you, and the "good cop" then promises to protect you from the "bad cop". That's also a classic torture routine.

    Most people have no clue how to deal with that. It's not so bad for the innocent. They can just be natural. But, for the guilty, it's much^N harder. It takes skill to convincingly feign innocence, and resist the temptation to bargain. There is no bargaining, only evidence collection. If there's any bargaining to be done, your lawyer will handle that, at the appropriate time.

    As Ted Smith noted on tor-talk: "The moral of the story is, never talk to police other than to say you want a lawyer." That's the appropriate answer whether you're innocent or guilty.

    In this video <http://www.youtube.com/watch?v=6wXkI4t7nuc>, a "law school professor and former criminal defense attorney tells you why you should never agree to be interviewed by the police." I've also seen one by a former police officer that was very informative.
     
  8. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    Thank you.
     
  9. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Just throw around the words deformation of character and psychological distress and repeatedly ask for a lawyer if you get aggressive questioning. It makes them question what you will do if they have the wrong guy.
     
  10. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Yup, VPN has become must have these days, even for Tor use, IMO.

    I also chuckle at the debates we used to have about the need to spoof MAC addresses and machine names :D
     
  11. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    174
    Location:
    io
    Incredible he talked but yeah anyone can pressure anyone into saying anything now a day's and they are masters are it.
     
  12. MilkyNine

    MilkyNine Infrequent Poster

    Joined:
    Nov 29, 2013
    Posts:
    25
    Couldn't the FBI just subpoena the VPN's logs to get to the IP address of the Tor user (Your isp)?

    Your isp---->VPN----->Tor network----->Target Website.

    They could simply subpoena the VPN's logs to get to your ip address (your isp)? Chaining multiple VPNs behind Tor would seem like the only solution.
     
  13. Stifflersmom

    Stifflersmom Registered Member

    Joined:
    Jan 3, 2013
    Posts:
    45
    1) Not if the VPN doesn't keep logs

    and

    2) Not if the VPN is based in a non-U.S. country (it's possible, but more difficult)
     
  14. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    But if other students are using VPNs at the same time they would have to request all of them. A decent VPN provider won't just hand out info to someone just for asking or just to satisfy some fishing expedition.
     
  15. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    strong first post.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    As I understand it, the police knew from email headers that the sender was using Tor. And the perp was reportedly the only Harvard student using Tor at the time when the email was sent. So they interviewed him, and he confessed.

    If the perp had accessed Tor through a VPN service popular among Harvard students, admins would have reported to the police that nobody was using Tor when the email was sent. The next step would have been getting logs from all of the VPNs being used. And unless the perp had a unique public IP address, it would have been impossible to distinguish him from other students using that VPN service.

    That would also have helped.
     
    Last edited: Dec 22, 2013
  17. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163

    Going somewhere else, to send, gives Harvard nothing. Spoofing MAC and Host Name, disallows any correlation even if they happened to hone in this guy, and inspected his gear (not accounting for other obfuscation techniques he may or may not have done). Using an email provider that strips headers, doesn't log, in a foreign country, maybe with a sending delay - prevents this too. Then there is BitMessage to email gateway, I think.

    Ah well, the kid sent a bomb threat - not cool, so glad he was dumb.
     
  18. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Not too bright. Using your school's wifi for such a thing... not smart. Schools do a lot of monitoring and logging.
     
  19. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Forget the confession. Forget the use of school wi-fi. The bomb hoax act in order to miss an exam already proves stupidity. If the guy whom confessed really was responsible, he really asked for it when he got caught. Causing unnecessary panic and wasting police time on hoaxes isn't funny. There are valid reasons to use Tor. This one isn't.
     
  20. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802

    why its still an extra layer , cant hurt ;) and yes the guy had it coming , a harvard student, just brilliant , made my day xD
     
    Last edited: Dec 25, 2013
  21. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Just because some kid at Harvard isn't up to date on all of the latest and greatest concerning anonymity doesn't mean that he isn't smart. How many kids would know to use Tor coupled with an anonymous email in the first place? Sure had he connected a VPN first they could not have tagged him as a suspect. Or had he connected to some other public wifi (no camera in view) they would have not been able to trace him. But really, had he maintained his innocence I doubt that he would have been convicted anyway. It was just a lucky shot for LE. Unless of course they could have found some record on his computer of what he did. I don't know what kinds of records would have been left on his computer. But anyway, there aren't many college students at any university that would know the depth of the kinds of things that are discussed here.

    The one example though that I can think of that is truly dumb is the 19 yr old who did some hacking while connected to hidemyass. That was truly stupid. And he was supposedly a member of Anonymous. It just makes me wonder if anyone could claim to be a member.
     
  22. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Yeah that is really bad. I can't imagine doing something like that. Can you say, "Personality Disorder"?
     
  23. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    well sure you have a point not many outside security/privacy advocate forums have access to as much knowledge as do we , that sure as hell dont excuse his ~ Snipped as per TOS ~ to go on just doing whatever he thinks is best just to skip taking his final exam without doing the dirty work first aka doing his research of what hes actually playing with and what the consequences might be not to mention if hed actually plan on getting out it unscathed to learn a thing or two about the use of pcs and the internet in general , perhaps

    using some common sense wouldve helped as well , like using all that free time and energy he has and actually do what he signed up for and go and sit on his ~ Snipped as per TOS ~ and learn his stuff , and couldve avoided all this , but i recon him sending a bomb threat he must have close to no sense whatsoever anyhow and makes me wonder how in hell hes gotten into harvard in the first place , kids these days :rolleyes:
     
    Last edited by a moderator: Dec 27, 2013
  24. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    880
    Location:
    Triassic
    Well said. However, money can buy anything, even access to an Ivy League University. If mommy and daddy have lots of the green stuff, an expensive lawyer will plead affluenca and junior will have 'victim' pasted across his forehead in no time. A huge fine to pay for costs endured by the taxpayer and a huge donation to the university will ensue. Who needs smarts when you can buy it.
     
    Last edited by a moderator: Dec 27, 2013
Loading...
Thread Status:
Not open for further replies.