Harvard bomber caught because he used Tor

Slashdot got this one wrong. As usual, Schneier got it right, which merely highlights the importance of trusting in individuals rather than organizations for due diligence and competence:

Eldo Kim sent an e-mail bomb threat to Harvard so he could skip a final exam. (It’s just a coincidence that I was on the Harvard campus that day.) Even though he used an anonymous account and Tor, the FBI identified him. Reading the criminal complaint, it seems that the FBI got itself a list of Harvard users that accessed the Tor network, and went through them one by one to find the one who sent the threat.

This is one of the problems of using a rare security tool. The very thing that gives you plausible deniability also makes you the most likely suspect. The FBI didn’t have to break Tor; they just used conventional police mechanisms to get Kim to confess.

Tor didn’t break; Kim did.

Bruce Schneier
Tor User Identified by FBI

(Okay, that last line was a little stupid. He’s saying that PEBCAK. Even that isn’t really true here.)

About Aeoli Pera

Maybe do this later?
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s