This blog is highly personal, makes no attempt at being politically correct, will occasionaly offend your sensibility, and certainly does not represent the opinions of the people I work with or for.
When anonymity singles you out

A couple of days ago there was a bomb threat at Harvard University. Eldo Kim, a student, sent the threats by emails to avoid going to exams, because he wanted more time to study. Cherry on the cake, his name is not only asian, but he is actually asian. This tells you the stress those kids go under; anyway I digress...

What interests me is that they caught him. Turns out that he did use TOR to connect to the email provider he used to send the emails, and this in itself means that the investigation trail should have stopped at the TOR exit node, but then, the investigators had the idea that the culprit might simply be a student and might simply have connected to from the university network itself around the time the emails were sent. Looking at university network connection log they found him (along with only an handful of other users who also used TOR that day), and interviewed him, at which point he admitted that he sent the emails. He could have denied having sent them, but making bomb treats does not necessarily mean that you are a bad person (or that you can sustain an interrogation by angry looking investigators).

So let me put it in other words for you people out there who are not familiar with TOR. Imagine that I send an anonymous letter to the Queen with no return address, but then I get caught because turns out that somebody saw me put a letter in a letter box two days before that, and (that's where I got very unlucky), there's been only one letter sent in the entire UK that entire week. Logical conclusion is: the letter the Queen received is the one I was seen sending.

This got me thinking... How would I make a bomb threat if I wanted to make one ? Well, that's what Apple Stores are for, aren't they ? But then, I could plan it in advance and just use a program that would run into the background of one of their computers and send the email once I am long gone from the Store (to avoid being given away by security cameras...), or something...

Update: There is something I have to try next time I go to an Apple Store, I will use cron (so that it runs between restarts of the computer) to trigger a program that will ping me during Store opening hours. I am curious to see for how long (days, weeks, months ?) this will go. I will post the results here :-)
[ add a comment ]