Oh man. Never confess to a federal crime without at least getting some sort of deal worked out.
Also: everyone should be required to fail a couple classes sometime in their life. It's not nearly as bad as you'd imagine. (Hint: after high school, nobody cares about your grades anymore.)
> Also: everyone should be required to fail a couple classes sometime in their life. It's not nearly as bad as you'd imagine. (Hint: after high school, nobody cares about your grades anymore.)
At least for prestigious schools (like Harvard), this is completely true, even outside engineering disciplines.
A friend of mine who went to Columbia got a D on one of her language classes. At Columbia, a D isn't even a passing grade - you don't receive credit for the course, and have to retake it.
That didn't stop her from receiving the highly-competitive Fulbright scholarship[0] to study at the graduate level in that very language.
If she had done badly in three or four of those language classes, that'd have been a problem. But students almost always overestimate the importance of a single course grade as opposed to a pattern of grades. (And even the latter can be accounted for otherwise, though it is admittedly an uphill battle).
I wholeheartedly agree that everyone should fail a class or two at some point in their lives. It teaches you a very good lesson: don't sweat the small stuff, even when that small stuff seems like really big stuff.
There is no way to get this deal worked out.
They have the evidence they need and this is a serious issue. he will definitely face academic discipline charge against him from Harvard, most likely expel from Harvard University. Furthermore, there is no use of him for the FBI; when you when a deal you want to get some information out of him, or to make the processing faster. In this case, they have the evidence and they don't have to wait.
If he really wanted the exam to be rescheduled, the dumbest thing he could do is either break his own arm or pull the fire alarm somehow, or throw some stink bombs everywhere in the classroom. Those along probably will only cause suspension and minor criminal charge at worst. Though he'd be very careful with fire alarm...Now he probably can't get back to Harvard, after several years of stressful preparation to get into Harvard...
And for most jobs out there grades do matter, especially if you plan to go to graduate school.
I got a C and two B- in college. Currently in grad school at Harvard. One or two bad grades shouldn't hold you back. Given the recent grade inflation scandal (http://www.thecrimson.com/article/2013/12/3/grade-inflation-...), it seems like even very poor work at Harvard is graded at C or better (this was certainly the case for my C; I probably deserved to fail).
Not correct; another reason the deals are made is to save the state the cost of a trial. And if they won't give you a deal, go to trial and get some expert witnesses to say it was impossible to tell that it was you. The government has to prove you guilty beyond a reasonable doubt and get 12 random people on the street to agree. That's risky. Hence plea bargains.
Not even a little bit. What, you think a hiring manager is going to try to track down your college transcript?
Edit: here's now little grades matter as a developer: I have a GED and five college credits (two of which were archery) and I've been happily employed as a developer for the last six years.
> Not even a little bit. What, you think a hiring manager is going to try to track down your college transcript?
He said "most jobs out there" not "developer jobs." Pretty much every job outside software, as well as every grad school application, will ask you to submit your college transcript.
By most you must be excluding the print media, pharma, and financial industries, all sectors I've worked in (as something other than a developer), no transcript.
The financial industry, and consulting and accounting, all care very much about your college grades, for recent grads. Not many people with even mediocre GPAs in the analyst classes of Goldman Sachs or in among the entry level hires at BCG.
There may have been a way. We don't know what evidence the FBI had. It might just have been a list from Harvard of which network nodes appeared to have connected to Tor at certain times.
For all we know, they might have just talked to everyone that had used Tor that day. They might not have had any solid evidence about him until he confessed.
Hint: after high school, nobody cares about your grades anymore.
This is actually not true, especially when applying to Google and a lot of tech, Wall Street, and other blue chip companies - or of course to grad school, law school, or med school.
Only for a first job, or for more school, yes. But seriously, it isn't important.
For any job, it is much more important to have some sort of positive personal connection. (Worked with someone there before, a professor recommends you as talented, an internship).
Which is why people pay big bucks to go to Harvard/MIT/Yale? Correct? The objective is rubbing elbows with the elite and making connections. Presumably I can get a similar education elsewhere for less money.
Even if they check your GPA, that isn't the same as checking all of your grades. A single failure really should not do all that much damage to your GPA.
The affidavit is a bit light, I suppose because the guy confessed so there's no need for more details.
It suggests that they merely correlated Tor (not TOR) activity and then showed up and confronted the kid.
If there were not many Tor users during that time window, they simply might have interviewed everyone. Since the kid wasn't really planning a violent act just wanted out of an exam he probably folded immediately.
Unfortunately, given this information, it's unlikely we'll find out any more about the FBI's capabilities. I can't imagine the kid doing anything but pleading out.
Use tor, use Guerrilla Mail then use his own wifi account. Why are people so dense? I am happy whit him being caught because of what he did but why don't people who do that kind of things use some internet cafe free wifi?
Looks like he has a really heavy fine and up to 5 years in jail coming his way. It's a shame, really. Just take your lumps on the exam, it's certainly better than this.
Sure it's better than this. But most likely, he didn't think they'd correlate his Tor activity so it may have been "better" for him personally if he had gotten away with it.
It seems as though he was not thinking rationally. He used both Tor and Guerrilla Mail, but did not consider sending the messages from a public WiFi hotspot? Seems like a really rookie mistake to make if you are going to commit a federal offense.
To be fair, sending from a public WiFi spot is relatively benign in general. From released data, it's only because he was on campus that they caught him. If he had done it from a random McDonalds in New Jersey, he'd have been fine.
And, for all we know, if he simply didn't say anything, he'd have been OK, too. The only evidence in the affidavit besides his confession is "he used Tor".
I wonder how exactly they tracked that he was using Tor at the time---does Harvard specifically log connections to the Tor network? Or do they log every outbound TCP connection?
The Harvard (non-guest) network is secure - you must connect to it using your Harvard web ID login information. Harvard can then uniquely identify all of your traffic. (http://www.fas-it.fas.harvard.edu/node/189)
I guess I should have written a paragraph's worth of inane blog spam to get my submission title used? I was trying to make this exact point in my original title. The title my submission was assigned is not the real title of the PDF either... seems very arbitrary.
Many institutions & providers gather Netflow data (source, dest IP+Port, number of bits, flow duration) and store for a period of time to use in detecting DDoS, performance monitoring, and planning transit/peering. Correlating that with access to known tor nodes and you're done.
Identifying from a cellphone connection would require the FBI to get a log of all Tor connections from all cellphone users in the area. And it still doesn't prove anything. Compared to just asking the campus for their records, it's a totally different league. It's not even clear if cell ISPs track every TCP connection.
They would have only needed a log of all connections within a very short time window (a timing attack, which ofc is not tor specific, after all someone might chain a proxy and tor). If the terrorism card is on the table I wouldn't be surprised if they had done that first and only after that constructed a legal case. Remember that there was a good period of time during which they had the bomb threat but they didn't necessarily know it was fake.
Was this a genuinely dumb oversight on the student's part? Harvard WiFi requires students to log in with unique IDs to gain access (http://www.fas-it.fas.harvard.edu/node/189), so Harvard can monitor and log all of your traffic.
Does this mean Harvard could in theory have this transmission recorded as it goes in to the TOR network? Would something as simple as going across the street to Panera Bread have thwarted this kind of investigation?
I'm really curious if the flaw in this kid's plan was that obvious.
I'm sure the manual part of logging in with his identification only happens once and is stored by his computer which automates the identification in the future so he may have forgotten this.
Better than TOR for stuff like that is to rent a server and create an ssh tunnel through it. This is not anonymous and will not hide you from law enforcement, for example DPR did this and his information was subpoenaed by the FBI. But whoever you are renting a server from cares a lot less about you and what you do on a network than your college network. Your requests over the ssh tunnel will be encrypted and also much faster than tor. You can set up squid as a proxy and change your Firefox or OS proxy settings to connect via your proxy.
This is also a good way to get around GEO IP restrictions. Like if you rent a server in the UK and do this you can watch the BBC.
Since Harvard's WiFi requires you to login with your HUID and password, it would be trivial to look at all the internet traffic from campus at the period before the threat and see who was using Tor, and investigate those specific connections, since Harvard logs every outbound TCP connection..
So we're armchairing how this should have gone, right?
1.) Buy a burner laptop on the street, in cash, then wait a while.
2.) From an open wireless connection, where you're far enough away to not be on any security cameras, use Tor, then VPN tunnel through a high traffic public server in China or Russia. You want to make sure you're not driving out of your way to be at a place at a time, in case the IP gets traced back for whatever reason.
3.) Prepare an elaborate email. Make it good.
3.) Setup an online meeting with someone. Play a video game online, start a skype chat, or otherwise create an alibi for how you couldn't be writing emails.
4.) Send the email through an anonymous email service.
5.) Destroy the laptop as far from campus as possible.
Did I miss anything?
In the end "Chinese hackers" get blamed for the email, and the media attention fizzles.
Also: everyone should be required to fail a couple classes sometime in their life. It's not nearly as bad as you'd imagine. (Hint: after high school, nobody cares about your grades anymore.)