![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
my favorite opsec story of all time
because i don't think i've shared it here before!
once upon a time, some goddamn moron at my alma mater forgot to study for his final. (it wasn't even a particularly difficult final.) instead of, y'know, just accepting he was gonna get a bad grade or whatever, he decided to e-mail a bomb threat to the university.
the threat looked credible enough that the university did, in fact, cancel the finals scheduled in the three threatened buildings.
then the IT department was brought in. who, the university wanted to know, had mailed the bomb threat?
the IT department sniffed some logs. this kid, whoever he was, wasn't a total moron. he'd made a throwaway email account via an anonymous email service, and they couldn't find any record of a student visiting that service via the university network.
maybe the dude had walked off campus, to a Starbucks or something, to email his threat. in that case, it'd take a long time to track down—the city had a lot of goddamn coffee shops, and they'd need cooperation from all of them to get to the bottom of this.
but another thought occurred to them. what if the bomb-threatener was using Tor?
the whole point of Tor is privacy. and, indeed, they'd have no way of knowing what websites a Tor user was visiting. but the fact that you are using Tor is something trivially obvious to a network administrator, and that might narrow their search.
so they looked up who'd been using Tor on campus the previous night. there were just three of 'em. so they hauled them all in for questioning.
two of the kiddos, presumably wearing EFF hoodies and holding laptops adorned with those tacky "I DO NOT CONSENT TO THE SEARCH OF THIS DEVICE" stickers, proceeded to cuss and holler and demand to speak to their lawyer and shouted a lot about digital liberty.
the third kid, however, started crying, broke down, and confessed immediately. mystery solved!
the two EFF Tor-loving enthusiasts were sent on their way, sorry for the trouble, and the kids whose finals got cancelled had the option to reschedule, and the bomb threat dude got arrested by some Very Federal People.
moral of the story: metadata is a big goddamn deal. (also, this is why your Tor nerd friends keep hassling you to use Tor; obviously this story would have a much different ending if 90% of undergraduates used Tor, instead of, uh, three individuals.)
once upon a time, some goddamn moron at my alma mater forgot to study for his final. (it wasn't even a particularly difficult final.) instead of, y'know, just accepting he was gonna get a bad grade or whatever, he decided to e-mail a bomb threat to the university.
the threat looked credible enough that the university did, in fact, cancel the finals scheduled in the three threatened buildings.
then the IT department was brought in. who, the university wanted to know, had mailed the bomb threat?
the IT department sniffed some logs. this kid, whoever he was, wasn't a total moron. he'd made a throwaway email account via an anonymous email service, and they couldn't find any record of a student visiting that service via the university network.
maybe the dude had walked off campus, to a Starbucks or something, to email his threat. in that case, it'd take a long time to track down—the city had a lot of goddamn coffee shops, and they'd need cooperation from all of them to get to the bottom of this.
but another thought occurred to them. what if the bomb-threatener was using Tor?
the whole point of Tor is privacy. and, indeed, they'd have no way of knowing what websites a Tor user was visiting. but the fact that you are using Tor is something trivially obvious to a network administrator, and that might narrow their search.
so they looked up who'd been using Tor on campus the previous night. there were just three of 'em. so they hauled them all in for questioning.
two of the kiddos, presumably wearing EFF hoodies and holding laptops adorned with those tacky "I DO NOT CONSENT TO THE SEARCH OF THIS DEVICE" stickers, proceeded to cuss and holler and demand to speak to their lawyer and shouted a lot about digital liberty.
the third kid, however, started crying, broke down, and confessed immediately. mystery solved!
the two EFF Tor-loving enthusiasts were sent on their way, sorry for the trouble, and the kids whose finals got cancelled had the option to reschedule, and the bomb threat dude got arrested by some Very Federal People.
moral of the story: metadata is a big goddamn deal. (also, this is why your Tor nerd friends keep hassling you to use Tor; obviously this story would have a much different ending if 90% of undergraduates used Tor, instead of, uh, three individuals.)
no subject
I'm cracking up so much at the description of the other two dorks, god that sounds like half the gang I hung out with. Trenchcoats too, probably.
no subject
no subject
no subject
...but that's definitely on the list of "things i would never want to have to explain in a job interview", heh