Learn from this fuck-up. Don't confess to LE if all they know is that you accessed Tor.

http://cbsboston.files.wordpress.com/2013/12/kimeldoharvard.pdf

In case you didn't hear: On 12/16, Harvard evacuated four buildings because of a bomb threat. As I expected, some snot-nosed kid wanted to avoid a final exam. As I also expected, the perp sent the threatening emails using Tor. LE questioned him because he accessed Tor on the day of the bomb threat. He pisses his pants and confesses. Moral of the story:

1) Accessing Tor (which other Harvard students were no doubt doing at the same time) is not in itself evidence of a crime. 2) Take your final exams on time like a real man or woman. 3) Be a good person. Don't screw over thousands of other people because you forgot to study your phylogenies.

But most importantly--for this community--just remember that Tor is there to protect you, not to be a red flag. Access Tor loudly and proudly (don't actually, but you know what I'm sayin')... basically, if someone questions you about it, don't just assume they know everything. Be confident and be smart.

-MrF


Comments


[32 Points] CouncilAnderson:

What a cunt. If you're going to be hardcore enough to try and gain a life advantage by fucking over tons of people, you should be hardcore enough not to roll over like a little bitch.


[6 Points] evildoppelganger:

Obligatory posting of that YouTube video.


[7 Points] sharpshooter789:

Use a VPN to connect to tor. Then the ISP will not know you are accessing tor. That kid is a dumbass for not keeping his mouth shut.


[5 Points] Cheemo_Acosta:

"Better call Saul!"


[4 Points] Kyle_Crafty:

The same can be said for about any crime. Don't confess unless you KNOW they've got something tangible against you. (EDIT: meaning in court with video undenyable proof with lawyer permission..)

This is what got me arrested when I was younger. Gullible friend seeking me used a credit card I was told was my friends father or grandfather (don't remember) and I spent 50 bucks on it after being told I had permission. Later the police assumed it was me because they knew I regularly buy the product that was purchased with said card. They SAID they have proof but I was never once shown it but being afraid that by denying it I was lying (and ultimately making my crime worse) I confessed and now have a misdemeanor (which isn't TOOOO bad but it's on my record all the same and every job application so far has asked for misdemeanor records.)

Ninja edit: I regularly visit here because I love watching the drama that flows from the darknet market places. I do not partake in the online distribution of drugs.


[5 Points] None:

NEVER CONFESS. Don't even say anything to a pig except "I want to speak to an attorney". Even if they have all the evidence in the world.


[2 Points] paregoric_kid:

What a pussy.


[1 Points] MilkyRoadGalaxy:

Another thing stemming from this: your Tor activity should probably be such that it is not easily linked to your activities on .onion markets and the like. I'm sure some of us have a habit of opening TorBrowser (or Tails) to get onto the .onion marketplace of your choice and conduct business there, then shutting down Tor after you are done. If an adversary (probably law enforcement here) had some kind of monitoring of your network connection, it's possible that they could connect your network traffic with certain activities that you may not want them to discover.

Say an officer was watching the network traffic and online activity of a person suspected of being a TorMarket seller. The suspected seller rarely used Tor for activities not having to do with drugs, and always made sure to shut off the computer (and Tor) once they were done with business. They may be able to find that when this individual's network starts running Tor traffic, he usually becomes active on TorMarket (eg: the "last online at" time, and activity like posting items and answering messages, etc). I'm probably oversimplifying the actual techniques they use, but this is more to explain the concept.

Most likely the actual content of his activity is still encrypted and unknown to them; it would take a shitload of resources that even law enforcement is short on to compromise the Tor network. However, even if one is oblivious to the user's communications, it's probably not difficult to figure out that they are connecting/connected to Tor. They could identify Tor traffic by the protocol's characteristics, or simply look for connections to publicly-known Tor node IP addresses. Of course, that only establishes when the user is connected to Tor; it's up to the adversary to figure out how much significance (if any) this data holds.

What would be the best way to change this? I would say start running Tor on a regular basis when you are not doing "darknet stuff". You can even choose to run a Tor node if you want; while a lot of people probably don't want to run "exit nodes" and deal with abusive Tor users, you can run an "internal" node that serves as yet another route of connectivity to the Tor network. That would bring constant Tor traffic, and would benefit the network too.

You could start using Tor for more of your internet activity, especially stuff that you might not want publicly known. I think this could go a long way to help remember that Tor is not just a tool that people use to break the law, but also for real privacy reasons. Do know that some sites ban Tor users due to abuse, but basic web browsing and the like will still work. Maybe consider mixing up the locations where you access Tor (if that is relevant to your personal situation) or using a trustworthy VPN provider if you wish to do so. With the ongoing revelations related to the NSA such as PRISM and the like, you can't be too cautious.

I don't know about this kid, but maybe he assumed that the police did know something more about him than that he had used Tor, or just lacks an understanding of how one should conduct themselves around the police when they've committed a crime. The Tor link wasn't in itself evidence of wrongdoing, but chances are that most machines on campus had never even accessed Tor, and even fewer are on Tor at any given time. If they identified the poster of the threat as being on a Tor exit node, then there is a good chance that he's among the handful of people on campus that were on Tor at the time.