Do you have adblock enabled?
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(NBC News)   Apparently, the media really wants people to know how to properly make anonymous bomb threats. The more you know   (nbcnews.com) divider line 42
    More: Fail, bomb threat, Harvard, Harvard Crimson, internet security, grade inflation, Bruce Schneier, Alan Dershowitz, political dissidents  
•       •       •

4192 clicks; posted to Main » on 18 Dec 2013 at 8:53 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



42 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
2013-12-18 08:57:54 PM  
"You can still, with a reasonable amount of certainty, identify someone by things like the version of Web browser they're using, along with the exact model of computer they are connecting with, combined with 10 or 12 things we leak all the time by just using the Internet," he said, pointing to factors like the version of Flash or Java that someone might have installed on their browser.

And the cameras NSA secretly installed on all the university computers
 
2013-12-18 09:01:13 PM  
Meh, they just took the comments from Slashdot and made an "article" about it. News is so farking lazy these days and they're all idiots.
 
2013-12-18 09:01:28 PM  
Also, he talked to the cops and when they asked him if he did it he said "yes" (instead of "I want a lawyer"). That is what really sealed his fate.
 
2013-12-18 09:01:54 PM  
I have a simple way I keep from getting busted for making bomb threats... I just don't make bomb threats. It's that easy!
 
2013-12-18 09:02:09 PM  
Im sure the fark not gonna get like a felony rap for faking a bomb threat. If Im gonna get that kind of heat Im gonna hold the world ransom for a million dollars or something.
 
2013-12-18 09:02:31 PM  
Eldo Kim, future member of the Class of 2066, obviously hadn't completely thought through his cunning stunt.
 
2013-12-18 09:03:59 PM  
It's not like the NSA needs to spy on us, with the media helpfully telling them everything they need to know.
 
2013-12-18 09:04:26 PM  
"If you're buying an ounce of pot on the Silk Road, it's probably good enough," Wisniewsk said, ..."But if you're going to call in bomb threats, it's not."
 
2013-12-18 09:06:34 PM  

CokeBear: Also, he talked to the cops and when they asked him if he did it he said "yes" (instead of "I want a lawyer"). That is what really sealed his fate.


He doesn't seem like the type of person that makes wise decisions when put under pressure or stress.

But that is true. A good lawyer could probably confuse a jury with technical jargon to get him off.
 
2013-12-18 09:07:33 PM  
How about 'no.'
 
2013-12-18 09:09:48 PM  

Oldiron_79: Im sure the fark not gonna get like a felony rap for faking a bomb threat. If Im gonna get that kind of heat Im gonna hold the world ransom for a million dollars or something.


Hey, you keep your paws off our Earth! It's where I keep all my stuff!
 
2013-12-18 09:10:29 PM  

Oldiron_79: Im sure the fark not gonna get like a felony rap for faking a bomb threat. If Im gonna get that kind of heat Im gonna hold the world ransom for a million dollars or something.


While stroking a fluffy white cat with one hand and the index finger of the other hand pressed against your lips?
 
2013-12-18 09:10:31 PM  
TOR doesn't protect entrance and exit nodes, just the jumps in between. He was using University network equipment, which would have identified him through his login and MAC address. After that, it's easy to narrow down exactly where he was by which wireless router he was using.
 
2013-12-18 09:11:02 PM  

Big Merl: I have a simple way I keep from getting busted for making bomb threats... I just don't make bomb threats. It's that easy!


How else are high school kids supposed to get the final moved?
 
2013-12-18 09:15:25 PM  
Has an anonymous bomb threat ever turned out to be real?  Or are they all hoaxes with p=1.0?
 
2013-12-18 09:16:03 PM  

Prey4reign: Oldiron_79: Im sure the fark not gonna get like a felony rap for faking a bomb threat. If Im gonna get that kind of heat Im gonna hold the world ransom for a million dollars or something.

While stroking a fluffy white cat with one hand and the index finger of the other hand pressed against your lips?


Exactly.
 
2013-12-18 09:19:12 PM  

jshine: Has an anonymous bomb threat ever turned out to be real?  Or are they all hoaxes with p=1.0?


The only bomb threats I know of that were always real were IRA bomb calls. And they were never threats, they were promises.
 
2013-12-18 09:26:55 PM  
If you're curious about the amount of identifying information which can be pulled from your browser:  https://panopticlick.eff.org/
 
2013-12-18 09:29:19 PM  

Prey4reign: Oldiron_79: Im sure the fark not gonna get like a felony rap for faking a bomb threat. If Im gonna get that kind of heat Im gonna hold the world ransom for a million dollars or something.

While stroking a fluffy white cat with one hand and the index finger of the other hand pressed against your lips?


You see? I told you we should have waited till AFTER this part to replace his blood with acid, the sharks won't touch him now
 
2013-12-18 09:32:46 PM  

jshine: Has an anonymous bomb threat ever turned out to be real?  Or are they all hoaxes with p=1.0?


"On 5 December 1988 (16 days prior to the [Lockerbie bombing]), the Federal Aviation Administration (FAA) issued a security bulletin saying that, on that day, a man with an Arabic accent had telephoned the U.S. Embassy in Helsinki, Finland, and told them that a Pan Am flight from Frankfurt to the United States would be blown up within the next two weeks by someone associated with the Abu Nidal Organization; he said a Finnish woman would carry the bomb on board as an unwitting courier."

wikipedia.org/wiki/Pan_Am_Flight_103#Prior_alerts
 
2013-12-18 09:33:02 PM  
TFA: Kim, according to the document, admitted to the FBI

well there's his problem
 
2013-12-18 09:42:27 PM  
It is pretty well known that isn't a perfect shield and may in fact actually attract attention to you if you are doing something more then putting in bad reviews of that hotel.

I guess the moral of the story is you can't can't do a bomb threat through the internet without having a tossable ready to go hard drive.  Even then you are at risk.  They even tracked him through university wifi.
 
2013-12-18 09:46:39 PM  

UsikFark: jshine: Has an anonymous bomb threat ever turned out to be real?  Or are they all hoaxes with p=1.0?

"On 5 December 1988 (16 days prior to the [Lockerbie bombing]), the Federal Aviation Administration (FAA) issued a security bulletin saying that, on that day, a man with an Arabic accent had telephoned the U.S. Embassy in Helsinki, Finland, and told them that a Pan Am flight from Frankfurt to the United States would be blown up within the next two weeks by someone associated with the Abu Nidal Organization; he said a Finnish woman would carry the bomb on board as an unwitting courier."

wikipedia.org/wiki/Pan_Am_Flight_103#Prior_alerts


To be fair, that COULD have been just an amazing coincidence.
 
2013-12-18 09:53:17 PM  

Enemabag Jones: It is pretty well known that isn't a perfect shield and may in fact actually attract attention to you if you are doing something more then putting in bad reviews of that hotel.

I guess the moral of the story is you can't can't do a bomb threat through the internet without having a tossable ready to go hard drive.  Even then you are at risk.  They even tracked him through university wifi.


He made it incredibly easy by threatening the school via its own network. That's like phoning the cops and telling them you're watching them right now. All they have to do is glance around to see who nearby is talking on a cell phone.
 
2013-12-18 09:58:35 PM  

jjorsett: UsikFark: jshine: Has an anonymous bomb threat ever turned out to be real?  Or are they all hoaxes with p=1.0?

"On 5 December 1988 (16 days prior to the [Lockerbie bombing]), the Federal Aviation Administration (FAA) issued a security bulletin saying that, on that day, a man with an Arabic accent had telephoned the U.S. Embassy in Helsinki, Finland, and told them that a Pan Am flight from Frankfurt to the United States would be blown up within the next two weeks by someone associated with the Abu Nidal Organization; he said a Finnish woman would carry the bomb on board as an unwitting courier."

wikipedia.org/wiki/Pan_Am_Flight_103#Prior_alerts

To be fair, that COULD have been just an amazing coincidence.


I think a threat to a high school is likely to be empty, but a threat at a national level is likely to be based on something. When I was in HS we had a bomb threat, so administration had us all leave the building and stand in the parking lot. The kids who did columbine planted real bombs (that didn't explode) in the building and intended to shoot students as they ran outside. The bombs didn't go off and the attackers then entered the building shooting.
 
2013-12-18 10:18:28 PM  
i1086.photobucket.com
anybody else think this about the cop?
 
2013-12-18 10:33:32 PM  

NutWrench: TOR doesn't protect entrance and exit nodes, just the jumps in between. He was using University network equipment, which would have identified him through his login and MAC address. After that, it's easy to narrow down exactly where he was by which wireless router he was using.


Combine that with how unique your browser string is.

If anybody wants to see how unique you are on the net, check out https://panopticlick.eff.org.
 
2013-12-18 10:43:11 PM  
OK, maybe I'm being dumb, but why not just call it in on a pay phone? Too old-school?
 
2013-12-18 10:44:46 PM  

jjorsett: He made it incredibly easy by threatening the school via its own network. That's like phoning the cops and telling them you're watching them right now. All they have to do is glance around to see who nearby is talking on a cell phone.


THIS! He was right to be worried about whatever test was scheduled...Kid was a dumbazz.
 
2013-12-18 10:48:18 PM  
www.pikminwiki.com
 
2013-12-18 10:48:42 PM  

Ivo Shandor: If you're curious about the amount of identifying information which can be pulled from your browser:  https://panopticlick.eff.org/


Just to be clear, that's not even close to everything you can get.  I can set a webserver to harvest your cookies for email accounts, or facebook logins, or other social media like twitter/imgur/etc etc.

It's technically not supposed to work like that, but so few web browsers are anywhere near the technically correct implementation.

And then you get into trying actual vulnerabilities to get you even further, such as using an IE flaw (still active btw) that lets me send ill-formatted Active X controls which, when they "fail" return a user code which can be used to send properly formatted and malicious active X controls, which can do just about anything you want them to.  Including harvest your outlook address book, or just send email with your name/ip/computer name, network name, etc etc to the attacking site.

Your link shows a good example of what a typical site harvests by default, but if you want to dive in, there is a lot more you can get to.
 
2013-12-18 10:58:27 PM  

Big Merl: I have a simple way I keep from getting busted for making bomb threats... I just don't make bomb threats. It's that easy!


Hmm. Seems foolproof, but surely there is a catch.
 
2013-12-18 11:05:13 PM  
From the other thread:

They caught him because Tor enter and exit nodes are well-known and the traffic is not anonymized until you get into the network.  It can be encrypted, but your connection to the first entry node isn't anonymous, only subsequent hops to other nodes.  The Guerilla mail headers indicated he was using the Tor network to send the email, but it would only track back to the last "proxy" - to use Fark's vernacular.  Then it was easy enough for the FBI to search Harvard's logs for connections to known Tor entry IP addresses around the time the email was sent.  Once they had that, they identified captain dumbshiat because he used his campus wireless connection, which like most universities requires a student to authenticate with their own credentials to get access.

The only real flash of brilliance was assuming that the threat had been sent from campus, but that's a pretty good place to start.   Here's an affidavit from one of the FBI agents who worked the case.  If you read through the affidavit, you'll note the student confessed once he was cornered by the FBI.  If he hadn't, it would have been very difficult for the FBI to conclusively prove that he was the one who sent the bomb threat.   Timestamps would have lined up pretty closely, but there wouldn't be anything in the email headers of the Guerilla mail message that tied back to the student - only the Tor network.  If he had used a random internet cafe or even a stolen wifi hotspot from a house nearby, the FBI would have had a much harder time tracking him.  At that point they'd have to cast a much wider net to find the initial connection to the Tor entry node, and they'd have to chase down each one.  Since he was likely only one of very few connections from the Harvard network at the time the message was sent, they probably didn't have a very big list to begin with.  Hell, if he had done it out of state he probably wouldn't have ever been caught.

That kid should have gotten a lawyer right up front.  I'm assuming his family could have paid for an expert to come in and demolish the FBI's lack of proof, but he caved, so it's a moot point.
 
2013-12-18 11:29:49 PM  

Snarfangel: Big Merl: I have a simple way I keep from getting busted for making bomb threats... I just don't make bomb threats. It's that easy!

Hmm. Seems foolproof, but surely there is a catch.


The catch is that his name is not Shirley...
 
2013-12-19 12:04:46 AM  
media3.s-nbcnews.comwww.freemontsoffice.com
 
2013-12-19 12:32:55 AM  
encrypted-tbn1.gstatic.com
 
2013-12-19 12:44:58 AM  
Hopefully he'll study and do much better on his finals next semester.
 
2013-12-19 01:52:44 AM  
FTFA: "Tor didn't break; Kim did."

imgs.xkcd.com
 
2013-12-19 02:21:32 AM  

Lsherm: From the other thread:

They caught him because Tor enter and exit nodes are well-known and the traffic is not anonymized until you get into the network.  It can be encrypted, but your connection to the first entry node isn't anonymous, only subsequent hops to other nodes.  The Guerilla mail headers indicated he was using the Tor network to send the email, but it would only track back to the last "proxy" - to use Fark's vernacular.  Then it was easy enough for the FBI to search Harvard's logs for connections to known Tor entry IP addresses around the time the email was sent.  Once they had that, they identified captain dumbshiat because he used his campus wireless connection, which like most universities requires a student to authenticate with their own credentials to get access.

The only real flash of brilliance was assuming that the threat had been sent from campus, but that's a pretty good place to start.   Here's an affidavit from one of the FBI agents who worked the case.  If you read through the affidavit, you'll note the student confessed once he was cornered by the FBI.  If he hadn't, it would have been very difficult for the FBI to conclusively prove that he was the one who sent the bomb threat.   Timestamps would have lined up pretty closely, but there wouldn't be anything in the email headers of the Guerilla mail message that tied back to the student - only the Tor network.  If he had used a random internet cafe or even a stolen wifi hotspot from a house nearby, the FBI would have had a much harder time tracking him.  At that point they'd have to cast a much wider net to find the initial connection to the Tor entry node, and they'd have to chase down each one.  Since he was likely only one of very few connections from the Harvard network at the time the message was sent, they probably didn't have a very big list to begin with.  Hell, if he had done it out of state he probably wouldn't have ever been caught.

That kid should have gotten a lawyer right up ...


even simpler if your gonna go through the trouble he did just to miss a test. Buy a cheap smartphone from walmart or a grocery store or someplace like that, don't register it but connect it through mcdonalds or some other open wifi and email the threat from there
 
2013-12-19 07:11:01 AM  

Enemabag Jones: I guess the moral of the story is you can't can't do a bomb threat through the internet without having a tossable ready to go hard drive. Even then you are at risk.


Nah, Virtual PC.  Just install XP or something generic on a virtual environment.  Install TOR on that.  Delete the virtual HD when finished with it.  Use a tool to wipe the free space on your drive afterwards if you feel like it.

Wouldn't even need to use a web browser if all you wanted to do was send emails.  If you identify some open smtp relays ahead of time and already know the email addresses you want to send to, write a simple .vbs script using CDO objects.  You could also spoof the "from" address to be anyone (or any domain) you wanted.  They'd figure that out soon enough, but might waste time checking it out anyway.

Change the MAC on your wireless NIC ahead of time, use a public wifi network at a high traffic time (don't even get out of the car), change NIC back to default when done.

Nothing is risk-free, but there's plenty of ways to minimize it.
 
2013-12-19 09:29:21 AM  

Big Merl: I have a simple way I keep from getting busted for making bomb threats... I just don't make bomb threats. It's that easy!


But I think it's been well established that it is futile to expect those with uncontrollable urges to abstain.
Someone didn't have "the talk" with this young man about making false bomb threats and the possible repercussions thereof.
If there only had been some responsible and sensible free preventative measure to take so he'd have been prepared for the exam...
 
2013-12-19 03:28:22 PM  
Glad to see The Cuckoo's Egg and the BoingBoing quote have been covered. But this thread is not complete without a link to The KGB, the Computer and Me in which the original people involved re-enact the true story, often hilariously. Now get off my lawn, unless you remember the story as a Reader's Digest condensed book.
 
Displayed 42 of 42 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report