54 comments

[ 2.8 ms ] story [ 122 ms ] thread
http://www.scribd.com/doc/192157170/Eldo-Kim-Complaint

It sounds like they determined from the email provider that the message came from a Tor exit node, then from there they looked for who had made a connection on Harvard campus to known Tor relays. He had, so they interviewed him and he confessed to everything. I don't see any strong indication of a weakness in Tor from this, but it's a bit concerning that you could be interviewed for having used Tor at the same time as something like this. I run a relay full-time, I don't know if this is better or worse for me.

This basically adds no new information about Tor, except what we already knew -- that you should really have a private bridge, and that Tor traffic is readily discernible from normal traffic (hence, avoid using it on networks where authorization is linked to your identity!). The affidavit doesn't say how they linked the GuerillaMail address to Tor, presumably they used a subpoena.

He could have easily avoided detection (not to say that would have been a good thing) by using something like SkypeMorph (https://crysp.uwaterloo.ca/software/CodeTalkerTunnel.html)

Or just not confessed; him using TOR around the same time is not going to be enough to convict him.
This. It sounds like he folded as soon as he was interviewed by law enforcement. Don't underestimate the power of the $5 wrench. http://xkcd.com/538/
Yeah, and they didn't even need the wrench.
Seriously, enough with the XKCD 538 fallacy. That is not how interrogations work. It just isn't. Violent torture is not how you get people to provide information.

Actual interrogations are far more cunning and complex, involving psychological tricks and play against weaknesses in the human mind. Perpetuating this "they'll hit you until you confess" bullshit stops people from learning actually useful information about how to resist interrogations.

The comic is not literally suggesting that interrogations imply violence any more than it is literally suggesting that any violence must be done specifically with a wrench.

Pedantism and comics do not go well together. The format is not meant for conveying exactingly precise information. Interpretation is required.

The comic does actually suggest that, and the comment I replied to specifically suggested that.

This sort of interrogation typically starts with "we know you did it, so why don't you make things easy for yourself...", not "break his finger so he knows we're serious".

The XKCD 538 fallacy is the delusional belief that torture and threats of violence are how people are coerced into confession during an interrogation. That is not the case. Perpetuating that fallacy actually helps interrogators, since the fear of "confess or else you'll get the wrench" is implanted in people's minds. Since that is not how things actually work, it is counter productive. It does not help anyone except the authorities. This is why I say stop perpetuating the fallacy. Seriously.

The person who posted that comic was not literally suggesting that a $5 wrench was used. The FBI asked the guy some questions, and he folded. The XKCD comic was referenced because he rightly understood the comic to be making a general statement about the worth of cryptography when you consider the human element.

Seriously, you are not telling anybody here anything they did not already know.

I think you're reading into the $5 wrench a bit too literally. It's not about perpetuating the idea (false or not) that torture is an effective means of procuring intelligence. The point of the comic—at least to me—is about tunnel vision w/r/t security. Someone might invest a great amount of time and effort on encryption, but then look past the fact that the encryption is only as strong as the password that protects it...or that the password is only as secure as the place it is stored (lastpass, 1password, or even your brain).

There are many creative ways to circumvent encryption, and one of those ways could be something sinister like a wrench-torture, but it could also be through social engineering or psychological craft. The wrench is just an extreme example, maybe even a metaphor.

Interesting. Isn't Skype owned by M$ though.. ?
(comment deleted)
The GuerrillaMail to Tor link is explained by the last line in GuerrillaMail's TOS (https://www.guerrillamail.com/tos), which says that they inject your IP address into the email's headers. So there was no subpoena required. The use of GM was a no-op in this case.
It's not damning at all to have used Tor around that time, but it's not a huge leap of logic, either.
Running TOR at the same time the message was sent. Plus The police do not have to have probable cause to speak to you. Of course what you say back is entirely up to you.
In addition, I imagine a list of students who had finals in those buildings around that time also entered into the equation. Talking to the guy using tor at the time, who had finals at the time, is a no brainer.
he wouldn't have gotten nabbed in a court of law -- all you need is a motive.
I doubt that the "finals list/tor usage" combination would have been enough to convict him, but I suspect it would have been enough to get a search warrant for his computer.

I don't know if he used the Tor Browser Bundle, and if that is even all that clean from a forensic standpoint, but I certainly wouldn't trust it to conceal what I did.

Maaaybe he'd have a chance if he used a LiveCD that they could not find evidence of him ever having. That is a very strong "maybe".

Here's what the young lad should have done, had he had really thought about this: Use a LiveCD to boot with Tor on it, and also tether his cell phone to his computer, so he wouldn't have to go through the campuses wifi. Then the only way they'd have know he used a Tor would be if they checked every student's phone usage -- which would take too long -- and therefore they'd never have found him. Or if they did, they couldn't prove he did it because he used a LiveCD and tor had no trace on his machine.
Or he could have just not emailed a bomb threat.
Serious question: why do people talk so highly of a security protocol which even Harvard students fail hard at actually using in real life? If people who are the global 99.999'th percentile of tech literacy lose their lives and careers relying on this stuff, in what way is it a meaningful solution to third-world victims of repressive governments?

I'm assuming at this point that thousands of Syrian, Egyptian, Iranian, Chinese, etc. dissidents are dead from misplaced trust in Tor and other crypto magic, and no one's the wiser.

The "failure" you mention here is his confession.

If all they had to go on was what's in the article -- that "the person who used Guerilla Mail used Tor to access it" and "[Kim] used Tor around the same time the e-mails were sent" -- that's not enough to charge him with a crime.

It's enough to go and talk to him about it, but if he had wanted to, he could have protected his identity (but possibly prolonged the investigation, depending on what other resources the agent had) by simply denying that he had anything to do with it.

Obviously the point at which a hostile government thinks you're a top suspect and interrogates you is the weakest link in the security chain. This guy had it comparatively easy: his interrogators weren't torturing him to death.
To answer your initial question, people talk highly of Tor because if used properly it can move the weakest link from the technological into the interrogation room. Had he not used tor and had just signed into his email normally, they really wouldn't have needed a confession.

Nobody but a fool thinks that Tor (or any other piece of technology) is a silver bullet. It is just a tool, and like any tool, has intended uses and numerous shortcomings when you use it without knowing what it is for.

Trying to use Tor to protect you against interrogators who are convinced of your guilt and willing to torture you to death is like trying to toast your bread with a hammer. Completely nonsensical, though that does not mean a hammer is a bizarrely useless contraption invented and touted by fools. Asking what the point of Tor is if it cannot protect you from that is like asking what the point of body armor is if stepping on a landmine still blows your leg off.

"Had he not used tor and had just signed into his email normally, they really wouldn't have needed a confession."

Had he not used Tor, he would never have sent an email: he wouldn't have felt secure.

"Trying to use Tor to protect you against interrogators who are convinced of your guilt and willing to torture you to death is like trying to toast your bread with a hammer."

It's Tor [traffic analysis] that led integrators to him in the first place.

Also, Tor is frequently advertised for use against repressive governments.

> "Had he not used Tor, he would never have sent an email: he wouldn't have felt secure."

That is unknowable, certainly not certain. Plenty of people called in bomb threats before Tor was invented. Hell, he may have just pulled the fire alarm instead.

> "It's Tor [traffic analysis] that led integrators to him in the first place."

Tor is not safe from traffic analysis; it is pretty trivial to figure out if someone is using Tor. This is a well known limitation of Tor that must be understood by anybody using it, particularly if they are living under a repressive government.

If you are using Tor with the expectation that nobody will be able to tell that you are using Tor, then you are trying to hammer bread into toast. That is simply not what the tool is for.

It is certainly possible that the Tor project needs to work harder at making sure people understand this.

That's ridiculous. If police find a print of XYZ-brand shoes near a crime scene and start keeping their eyes open for people who have XYZ shoes, they're not trying to oppress people with a certain taste in footwear. there seems to be a misconception about that police need probable cause before they even ask questions, which is nonsensical.

Edit for clarity: I don't think that following up obvious leads is evidence of government hostility. After all, if Harvard called up law enforcement to advise of a bomb threat and were told not to bother unless an explosion had taken place, most people would consider that pretty remiss (especially given Harvard's proximity to Boston).

(comment deleted)
It's "hostile government" when analyzing the failure of Tor, because the tool should have kept this kid off of the suspect list.

I'm guessing you don't even believe this to be a laudable goal, and that's precisely why we need anonymity tools.

Oh, for god's sake.

First off, don't put words in the anigbrowl's mouth.

Second off, it's not government hostility to investigate a bomb hoax that costs a lot of people money and inconveniences a ton of people. This guy wasn't engaging in civil disobedience.

Third off, the dude could have just walked to any of the dozen coffee shops in harvard square with free wifi and done this all in the clear, and been fine. Tor cannot and will never prevent traffic analysis if you're dumb enough to plug into the organization you're hoaxing's network. Tor created reasonable doubt, that's all it could do in this case, as a matter of physical limitations.

What specific words did I put in his figurative mouth? anigbrowl took a technical point about anonymity opsec and responded to it as if it were a political plea about the police, and you're doing the same. So I'm guessing that both you and him don't consider this a failure of Tor because you consider the "right thing" to have happened in the larger situation.

As I had said, it's a "hostile government" in the context of security analysis. Sorry, there just isn't a technical distinction between this kid and a dissident. To take a principled stand of saying dissidents should have the means to communicate freely, you also have to assert that you'd like for this kid to not get caught. Understandably this is a hard thing to do, given the chaos it would cause (is causing) in the short term.

Well, sorry, I read it like you were the one injecting politics about 'government hostility' into it, regardless of Tor or SSL, ssh keys or whatever methods are involved. You seemed to be attributing motives to the previous poster with comments about "maybe you prefer it that way" which seem to place him on the side of surveilling fascists, and I thought that was unjustified but maybe I misread it. If you're not getting political about it, then neither am I, and sorry.

On a technical level.. I don't see how Tor could have performed better here. It's physically impossible for them to mask the fact that this guy connected, through the harvard network, to the tor network. The rest of it is between the police and the guy. If they had gotten proof that it was his specific machine that sent the emails through some weakness in Tor, then I'd lay some blame with Tor.

I disagree that I have to root for this kid not to get caught. Tor didn't fall down, and I'm not rooting for Tor to fall down. He could have stonewalled the cops, or he could have taken the most basic precaution on earth of not doing it from his frickin dorm room, Tor or no

EDIT: Actually, maybe they'd be able to correlate his mac address if they subpoena'd whatever coffee shop the email came from. That's a much bigger fishing expedition for "any coffee shop that connected to a tor node that day", though. But anyways, my point is that Tor can't be held responsible for things it will physically never be able to mask.

I'd just gotten done typing why it's impossible to convince most people this stuff matters, and was responding to a comment that seems to be written with the assumption that man-made laws are the ultimate authority. So I'll admit to being a bit presumptuous, but I really do believe it to be a fact that most people will never see the need for technically-granted anonymity, and that these opinions simply aren't relevant when discussing such software.

Back to the technical, isn't this the point of Tor "bridges" ? Of course these don't work out of the box - they require finding out the address of one out-of-band and manually configuring it. Wider casual adoption of Tor would have also fixed the problem in this case (if the resulting Tor user list was too long to question everybody).

The whole point is that ending up on a shortlist means you are essentially caught. This kid may have gotten off by playing it cool. But translated into the dissident scenario, it's still a loss.

Given the proliferation of surveillance cameras, the coffee shop scenario becomes much harder. Assuming after-the-fact facial recognition is standard these days, it would only work if there were enough other Harvard students also on tape. Low latency is the mortal enemy of mix networks.

I do appreciate the arguments about why anonymity matters. You might find it interesting to consider the similarities fo debates about services like the penet remailer (http://www.textfiles.com/hacking/INTERNET/na.txt and http://en.wikipedia.org/wiki/Penet_remailer).

With time, I've come to the conclusion that the ability to (re*-create such tools is more important than any individual instance of such a tool.

I've come to the opposite conclusion. Adopted systems in continual use are what is important. I could setup any number of service 'anonymizers' within a day, but if an individual operator can even be short-term trusted, they certainly can't be relied on. Only by getting an overwhelming number of not-heavily-invested node operators can one bootstrap reliable trust.

I want to live in a world where the routine use is anonymous, with nyms only connected voluntarily. Of course people have to be smart enough to not post 'my name is XXX' in-band, but they shouldn't have to go to a distant coffee shop. If privacy takes work, that means it's only accessible to the few willing to put in that work, and will be viewed as an aberration by everyone else. It's only by making it easily accessible to everyone that it can become societally accepted.

Look, not that many people use Tor in the overall scheme of things. If you find a bomb threat that seems to have originated from a Tor node, and you find that a few people on the campus network were using Tor around the same time, that's the obvious clue to follow. ISTM that you wish Tor were so good at anonymity as to spoof its origins to the webmail program from where the threat were issued, but that seems an unrealistic thing to ask. It's just a protocol, things like time-shifting or IP obfuscation are surely up to the person using it.

To take a principled stand of saying dissidents should have the means to communicate freely, you also have to assert that you'd like for this kid to not get caught.

Realistically he would have been better off to call it in using a payphone (to the extent that he considered a hoax bomb threat a matter of necessity). I don't think you can automate away a complete disregard for security.

I see your point because the fact he used Tor at all led them to him. But it sounds to me like he cracked under police pressure, otherwise they might not have had anything at all on him.
How did you arrive at the conclusion that because someone is a Harvard student, they're at an intellectual pinnacle and more specifically, are the global 99.999'th percentile of tech literacy?
Well, it starts with being one of the best tools we currently have to preserve freedom of communication, so getting it in wider use is a good thing. But it's hard to get across the necessity of general free communication to most people basically by definition - otherwise they'd just fix things by voting and technical approaches would be unnecessary. But the democratic mob isn't looking to protect individuals from its wrath, and nuanced arguments about assigning an appropriate context to messages from a public communications network haven't had legs either. So the go-to politically acceptable narrative becomes the standard US callous altruism of undermining other governments.

And yes, by the time you're on a short "of interest" list, you're fucked. (with the only real solution to the traffic fingerprinting being to get peer-talking encryption software in widespread use for everyday tasks).

Just to be clear, coming up with this pretty obvious hoax to get out of a final exam isn't a good sign of brilliance. Let's not fool ourselves about the population distribution of intelligence at any institution, and the fact that that distribution must have tails.
(comment deleted)
(comment deleted)
so why didn't he go to starbucks or something to do this, I would have anticipated all this. I guess he was running out of time, and under the pressure he made a careless split second decision.
As the very first bullet point on the tor project homepage says, "Tor prevents people from learning your location or browsing habits." Why bother going to Starbucks when using tor means you're safe?
I don't think Tor is suspicious as such, it's just that it's sufficiently unusual as to be worth following up for statistical reasons. By consumer standards it's pretty obscure; the same would be true of PasteBin or many other sites where someone might conceivably make a hoax claim.
(comment deleted)
Why bother risking expulsion/FBI charges/a tainted professional reputation for the rest of your life for more time on a test? Even if he succeeded, I doubt anyone could pull something like that off and then focus on schoolwork for the next day or two. Plus, <insert snarky comment about Harvard grade inflation here>.
Stress can make people pretty irrational I guess.

I wonder if there is any sort of correlation between the prestige of a school and how often someone calls in a threat or pulls a fire alarm. I had a fire alarm go off while I was taking a final twice when I was in university. Seems like it is probably a semi-frequent occurrence.

I feel bad for him, 20 years old, got in to Harvard -- had a pretty bright future ahead of him -- he's never going to live this down.
Firstly, this dude made an incredibly stupid decision to even go through with his plan to get some extra time on a test. Secondly, the way he actually went about doing it was completely asinine. He did it from his own machine on the school's network.

No matter the nature of your activity, if you're trying to obfuscate your identity using systems like TOR and GuerillaMail, you probably shouldn't do it on the network of the people you're attempting to hide your identity from...

Seems similar to how Jeremy Hammond was caught: they suspected that he was a particular IRC user, and correlated his login/logout times with actual comings and goings from his residence.
Did anyone really think this was anything other than a kid not wanting to take a final? Seriously, this was happening at my high school. Ffs.
Seems like all he had to do was say nothing and all they would have had on him is access to tor.
Looks like he succeeded in delaying his final exam, potentially for many years