When people first become interested in computer security they have a habit of downloading and using tools before they understand how they work. This is a major mistake as a Harvard University student recently learned when he attempted to use Tor to make an anonymous bomb threat:
A Harvard student was charged Tuesday with making a hoax bomb threat just so he could get out of a final exam.
Eldo Kim, 20, of Cambridge, Mass., was scheduled for a hearing Wednesday in U.S. District Court. He could face as long as five years in prison, three years of supervised release and a $250,000 fine if convicted of communicating the bomb threat that cleared four large buildings Monday.
Kim took several steps to hide his identity, but in the end, it was the WiFi that got him, the FBI said.
Kim said he sent his messages using a temporary, anonymous email account routed through the worldwide anonymizing network Tor, according to the affidavit.
So far, so good. But to get to Tor, he had to go through Harvard’s wireless network — and university technicians were able to detect that it was Kim who was trying to get to Tor, according to the affidavit.
Had Mr. Kim invested 15 minutes of reading time on Tor he would have learned that Tor doesn’t attempt to conceal the fact that you’re using Tor. Anybody monitoring the network you’re using can detect that you have a connection to the Tor network. With that knowledge in hand Mr. Kim would have been able to understand that being one of the few, if not the only, Tor users on the campus Wi-Fi would be a red flag when the campus received a bomb threat sent over Tor. This is especially true when his Tor connection times closely correlate to the time the bomb threat was sent.
So today’s lesson is this: make sure you fully understand the workings of any tools you use to enhance your security. Failing to do so will leave you vulnerable and often no better, and sometimes even worse, then you would have been if you hadn’t used the tool at all.