Onion Networks and Social Networks, Bomb Threats and Blog Vigilantes. Two months of Terror at the University of Pittsburgh

Our fellow students at the University of Pittsburgh were being harassed last year at this time, receiving 145 bomb threats to campus buildings in a span of around 2 months, causing the University to close early for the semester. Students received up to 15 bomb threats every day  and were evacuated from both their classrooms and dorm rooms, including several times a night. This caused many students to simply leave campus after backpacks were banned, bathroom stall doors were removed, and finals were moved online. The families of the students were also greatly affected as each bomb threat triggered an automatic phone call home with a list of the buildings affected, and another phone call after the buildings had been searched. This resulted in up to 30 phone calls a day. A vast majority of these bomb threats were emailed to the University Police Department through a service called Mixmaster, which utilized onion networking to conceal the source of the message.

The bomb threats started on a beautiful early spring day when a threat was found scrawled on a bathroom stall. Then a few more were discovered as the weather got better. The first few threats that were found on campus can probably be attributed to students trying to get out of a mid-term exam, or just not wanting to go to class on an extremely rare beautiful March day in Pittsburgh. 

But then something changed, and threats began to come in by email to the Police and local newspapers. After a $10,000 reward was posted for information leading to the capture of those responsible the number of threats per week skyrocketed, and began affecting multiple buildings.  The University’s Police, with the help of the State Police, FBI, Secret Service, and eventually Interpol spent two months chasing down dead ends in the Tor network, in which the source of the threats was concealed. Image

The Tor browser accesses an onion network, aptly named because of the successive layers of encryption that are applied as an information packet is passed from random user to random user to it’s destination. 

During the peak of the crisis at Pitt, a blog was created to spread information and analyze the data of the threats. Thousands of concerned locals, Pitt students, and many more from around the world contributed to an excellent data set that enabled the public to have a better collection of information, as Law enforcement and the University were extremely tight-lipped. Perhaps the best impact of the blog was the Google document, that crowd sourced data into understandable graphics. I’m unable to insert the graphs from the doc, but they are extremely interesting, and offer unique analysis of citizens trying to make sense of a crisis. 

Law enforcement would have several suspects and people of interest in this case, from a former Pitt TA who was arrested for making terrorist threats towards the Computer Science Department at this same time to a transgender couple in Johnstown, PA, one of which had been kicked out of Pitt-Johnstown for using the male locker room. Eventually, the source of the threats was narrowed down to a 65 year old man with multiple sclerosis in Scotland named Adam Busby. 

Busby, after a letter-bombing campaign in England in the early 80’s, fled to Ireland and was rejected by the IRA. After moving to Scotland and forming a Scottish separatist group, (which for a while was just only been him and his son) continued his mail and phone terrorism up until being arrested for a majority of the Pitt threats. 

Networks and the internet can allow terrorists to hide among a million other computers, or allow thousands of concerned citizens to work together to identify patterns to make sense of 2 months of terror.