dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
496

Link Logger
MVM
join:2001-03-29
Calgary, AB

1 recommendation

Link Logger

MVM

Failing grade: Alleged Harvard bomb hoaxer needed more than Tor

quote:
So how did Kim, who also reportedly used an anonymous, temporary email address from a service called Guerilla Mail on his MacBook Pro Laptop, get caught?

While Tor might hide a user's IP address, there are other ways law enforcement officials can identify people who try to hide their identity online, said Chester Wisniewski, senior security advisor at Sophos.

"You can still, with a reasonable amount of certainty, identify someone by things like the version of Web browser they're using, along with the exact model of computer they are connecting with, combined with 10 or 12 things we leak all the time by just using the Internet," he said, pointing to factors like the version of Flash or Java that someone might have installed on their browser.

Most universities also require students to register their computers in order to use their wireless network. That could have helped narrow the field considerably. If, for example, only 10 students were connected to Tor through Harvard's Wi-Fi, said Wisniewsk, the FBI could identify those computers and their owners, and then knock on those 10 doors until they found their suspect.

Bruce Schneier, a security expert and fellow at the Berkman Center for Internet and Society at Harvard Law School, thinks that is probably what happened.

"Basically, if you're using a tool that gives you plausible deniability, it also makes you the most likely candidate," he wrote in an email to NBC News. "And while the FBI might not be able to prove you were the Tor user that made the bomb threat, they can revert to conventional investigation mechanisms to bridge that gap. Tor didn't break; Kim did."
»www.nbcnews.com/technolo ··· 11767028

I guess this is one guy who won't be getting a job at a security company once he is released.

Blake
DarkSithPro (banned)
join:2005-02-12
Tempe, AZ

DarkSithPro (banned)

Member

Let me guess. They found him by his computer MAC address, in which they don't want to admit in the article.

macaddys
@verizon.net

1 recommendation

macaddys

Anon

Umm but MAC addy gets scrubbed after the first hop, mostly your NAT.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to Link Logger

MVM

to Link Logger
quote:
"...sending out a fake bomb threat, all so that he could get out of taking a final exam, according to an FBI

affidavit."
Fail #1 right there.

Willing to bet the University uses either captive portal or dot1x, or a combination of the two, but the article's
too thin details to definitively say for sure... probably don't want any other wouldbe test dodgers pulling the
same stunt again.

Regards