
FBI Affidavit in Harvard Bomb Hoax [pdf] - daughart
http://cbsboston.files.wordpress.com/2013/12/kimeldoharvard.pdf
======
jrockway
Oh man. Never confess to a federal crime without at least getting some sort of
deal worked out.

Also: everyone should be required to fail a couple classes sometime in their
life. It's not nearly as bad as you'd imagine. (Hint: after high school,
nobody cares about your grades anymore.)

~~~
yeukhon
There is no way to get this deal worked out. They have the evidence they need
and this is a serious issue. he will definitely face academic discipline
charge against him from Harvard, most likely expel from Harvard University.
Furthermore, there is no use of him for the FBI; when you when a deal you want
to get some information out of him, or to make the processing faster. In this
case, they have the evidence and they don't have to wait.

If he really wanted the exam to be rescheduled, the dumbest thing he could do
is either break his own arm or pull the fire alarm somehow, or throw some
stink bombs everywhere in the classroom. Those along probably will only cause
suspension and minor criminal charge at worst. Though he'd be very careful
with fire alarm...Now he probably can't get back to Harvard, after several
years of stressful preparation to get into Harvard...

And for most jobs out there grades do matter, especially if you plan to go to
graduate school.

~~~
knieveltech
"And for most jobs out there grades do matter"

Not even a little bit. What, you think a hiring manager is going to try to
track down your college transcript?

Edit: here's now little grades matter as a developer: I have a GED and five
college credits (two of which were archery) and I've been happily employed as
a developer for the last six years.

~~~
rayiner
> Not even a little bit. What, you think a hiring manager is going to try to
> track down your college transcript?

He said "most jobs out there" not "developer jobs." Pretty much every job
outside software, as well as every grad school application, will ask you to
submit your college transcript.

~~~
knieveltech
By most you must be excluding the print media, pharma, and financial
industries, all sectors I've worked in (as something other than a developer),
no transcript.

~~~
rayiner
The financial industry, and consulting and accounting, all care very much
about your college grades, for recent grads. Not many people with even
mediocre GPAs in the analyst classes of Goldman Sachs or in among the entry
level hires at BCG.

------
MichaelGG
The affidavit is a bit light, I suppose because the guy confessed so there's
no need for more details.

It suggests that they merely correlated Tor (not TOR) activity and then showed
up and confronted the kid.

If there were not many Tor users during that time window, they simply might
have interviewed everyone. Since the kid wasn't really planning a violent act
just wanted out of an exam he probably folded immediately.

Unfortunately, given this information, it's unlikely we'll find out any more
about the FBI's capabilities. I can't imagine the kid doing anything but
pleading out.

~~~
ArcticCelt
Use tor, use Guerrilla Mail then use his own wifi account. Why are people so
dense? I am happy whit him being caught because of what he did but why don't
people who do that kind of things use some internet cafe free wifi?

------
swalkergibson
Here is the statute under which he is being charged.

[http://www.law.cornell.edu/uscode/text/18/1038](http://www.law.cornell.edu/uscode/text/18/1038)

Looks like he has a really heavy fine and up to 5 years in jail coming his
way. It's a shame, really. Just take your lumps on the exam, it's certainly
better than this.

~~~
MichaelGG
Sure it's better than _this_. But most likely, he didn't think they'd
correlate his Tor activity so it may have been "better" for him personally if
he had gotten away with it.

~~~
swalkergibson
It seems as though he was not thinking rationally. He used both Tor and
Guerrilla Mail, but did not consider sending the messages from a public WiFi
hotspot? Seems like a really rookie mistake to make if you are going to commit
a federal offense.

~~~
glomph
20/20 hindsight.

~~~
swalkergibson
Of course. However, he had the foresight to use Tor and Guerrilla Mail. That
is what doesn't make sense to me.

------
vilhelm_s
I wonder how exactly they tracked that he was using Tor at the time---does
Harvard specifically log connections to the Tor network? Or do they log every
outbound TCP connection?

~~~
hrrsn
By and large, if he tethered his cellphone and used Tor that way (or sit
outside a coffee shop, etc), he wouldn't have been caught?

~~~
pwnna
Tethered cellphone probably will be identified, though that would be slower as
it needs to go through the ISP.

Coffeeshop will make it even harder, but may still have issues like
identifying the computer, etc. etc.

~~~
MichaelGG
Identifying from a cellphone connection would require the FBI to get a log of
all Tor connections from all cellphone users in the area. And it still doesn't
prove anything. Compared to just asking the campus for their records, it's a
totally different league. It's not even clear if cell ISPs track every TCP
connection.

~~~
htns
They would have only needed a log of all connections within a very short time
window (a timing attack, which ofc is not tor specific, after all someone
might chain a proxy and tor). If the terrorism card is on the table I wouldn't
be surprised if they had done that first and only after that constructed a
legal case. Remember that there was a good period of time during which they
had the bomb threat but they didn't necessarily know it was fake.

------
daughart
Was this a genuinely dumb oversight on the student's part? Harvard WiFi
requires students to log in with unique IDs to gain access ([http://www.fas-
it.fas.harvard.edu/node/189](http://www.fas-it.fas.harvard.edu/node/189)), so
Harvard can monitor and log all of your traffic.

Does this mean Harvard could in theory have this transmission recorded as it
goes in to the TOR network? Would something as simple as going across the
street to Panera Bread have thwarted this kind of investigation?

I'm really curious if the flaw in this kid's plan was that obvious.

~~~
belluchan
I'm sure the manual part of logging in with his identification only happens
once and is stored by his computer which automates the identification in the
future so he may have forgotten this.

~~~
daughart
It's unfortunate that I seem to remember this fact every time I watch porn on
said network. :-s

~~~
belluchan
Better than TOR for stuff like that is to rent a server and create an ssh
tunnel through it. This is not anonymous and will not hide you from law
enforcement, for example DPR did this and his information was subpoenaed by
the FBI. But whoever you are renting a server from cares a lot less about you
and what you do on a network than your college network. Your requests over the
ssh tunnel will be encrypted and also much faster than tor. You can set up
squid as a proxy and change your Firefox or OS proxy settings to connect via
your proxy.

This is also a good way to get around GEO IP restrictions. Like if you rent a
server in the UK and do this you can watch the BBC.

------
aioprisan
Since Harvard's WiFi requires you to login with your HUID and password, it
would be trivial to look at all the internet traffic from campus at the period
before the threat and see who was using Tor, and investigate those specific
connections, since Harvard logs every outbound TCP connection..

------
8ig8
I feel bad for this kid. It was obviously a bad decision.

We all make bad decisions. Some haunt us longer than others. I know this was
very wrong, but I wish the kid got a do over.

------
moeedm
Harvard huh? You'd think he'd be smarter than this.

~~~
beedogs
To be fair, he's Harvard Business. Sort of the meathead division of Harvard,
compared to their law school.

------
smrtinsert
Somewhere a tiger parent breathed a sigh a huge relief when their child didn't
have to ruin their Harvard gpa.

------
stefan_kendall
So we're armchairing how this should have gone, right?

1.) Buy a burner laptop on the street, in cash, then wait a while.

2.) From an open wireless connection, where you're far enough away to not be
on any security cameras, use Tor, then VPN tunnel through a high traffic
public server in China or Russia. You want to make sure you're not driving out
of your way to be at a place at a time, in case the IP gets traced back for
whatever reason.

3.) Prepare an elaborate email. Make it good.

3.) Setup an online meeting with someone. Play a video game online, start a
skype chat, or otherwise create an alibi for how you couldn't be writing
emails.

4.) Send the email through an anonymous email service.

5.) Destroy the laptop as far from campus as possible.

Did I miss anything?

In the end "Chinese hackers" get blamed for the email, and the media attention
fizzles.

~~~
ohyes
Could have spent all of this time studying, would have gotten a decent grade
on the exam.

