Anonymity is very important, which is why I hold Tor’s developers in high regard. Tor has helped political dissidents in especially tyrannical regimes speak out, made the drug trade safer by raising a barrier of anonymity between buyers and sellers, and gives people with jealous significant others a way to keep their communications secret. So when I see somebody harass any of the Tor developers my initial reaction is “Fuck that guy!”
Well an unsavory dude decided to harass Andrea Shepard, one of Tor’s developers, and learned a lesson about how valuable online anonymity is:
What happens when you troll Tor developers hard? You get unmasked.
Towards the end of last week, a troll who had sent various aggressive tweets to a host of security experts and privacy advocates associated with the Tor project and browser, which enables online anonymity, had his identity exposed. To some, that may seem hypocritical. To others, it seems like justice.
Andrea Shepard, the Tor developer who uncovered the real identity of her troll, says she was being harassed on and off for a year by a range of tweeters, all believed to be the sockpuppets of one man. The main source of abuse came from a Twitter account @JbJabroni10, but others included @JbGelasius, @SnowdenNoffect, @LimitYoHangout, @HaileSelassieYo, @thxsnowman and @PsyOpSnowden.
Things came to a head when some lighter mockery was aimed at Shepard last week, using information the troll had gleaned from her LinkedIn profile and personal website.
Unfortunately for the troll, this gave Shepard an IP address belonging to an iPhone that used a work network at atlantichealth.org to access her site. She also had some job information through LinkedIn’s “profiles that viewed yours” feature.
After searching LinkedIn for anyone with the role at Atlantic Health, she came across two profiles: one which didn’t have a name connected to it, another for a man named Jeremy Becker. She then used the Spokeo service to search for Jeremy Beckers in New Jersey, and a search for pharmacist licensees, and found only one, which gave her the middle initial ‘T’ and a hometown of Princeton, New Jersey.
She also had his father’s name, Edward Becker, and was able to find a Twitter account @ebecker which followed @JbJabroni10 and an inactive one for @JoyBecker52, apparently matching his mother Joyce Becker. Shepard had her man.
And then on 28 November, seven of the Twitter accounts linked to Becker seemed to go dark. He’d been scared off the face of the internet, to the cheers of the pro-Tor and anti-troll crowds.
Now that’s justice porn. And it should prove to be a valuable lesson to others who feel it necessary to harass security professionals. If somebody’s job is developing one of the most successful online anonymity tools chances are pretty good that they know how to uncover personally identifiable information. After all, you need to know how an attack works in order to defend against it.