Tor User Identified by FBI
Eldo Kim sent an e-mail bomb threat to Harvard so he could skip a final exam. (It’s just a coincidence that I was on the Harvard campus that day.) Even though he used an anonymous account and Tor, the FBI identified him. Reading the criminal complaint, it seems that the FBI got itself a list of Harvard users that accessed the Tor network, and went through them one by one to find the one who sent the threat.
This is one of the problems of using a rare security tool. The very thing that gives you plausible deniability also makes you the most likely suspect. The FBI didn’t have to break Tor; they just used conventional police mechanisms to get Kim to confess.
Tor didn’t break; Kim did.
paul • December 18, 2013 10:09 AM
The whole point of tools like TOR is that they shouldn’t be rare. As soon as they become common enough, then the number of potential suspects becomes too large to check effectively.
(Which of course doesn’t mean the checking won’t be done but rather that the odds of a false or coerced confession are comparable to the odds of a true one, thus leaving the actual perp in the clear.)