That Bomb-Hoaxing Harvard Student Was Using Tor, But They Caught Him Anyway

Wednesday, December 18, 2013 - 09:07 AM

Eldo Kim (Institute for Quantitative Social Science)

On Monday, Harvard University administrators received an email claiming that bombs had been placed in two buildings on campus. The emails were a hoax, and the FBI quickly identified the person behind it, a 20-year old student named Eldo Kim. Kim told the FBI he was trying to avoid taking a final exam. 

CBS Boston posted the FBI's affadavit, and it's actually a story with a privacy lesson embedded in it. (I'm assuming here that people are also taking the other, more obvious lesson, which is that you shouldn't make bomb threats.)

Kim sent the threatening emails using a Tor browser, which anonymizes your web browsing, paired with an anonymous email program called Guerilla Mail. That actually could have been enough to protect his identity, except that he did all of this on Harvard's wireless internet

If your school or your workplace offers you free wi-fi, it's worth remembering that you should severely limit your expectations of privacy while on it. That fact is somehow both very obvious and very easy to forget.

The affadavit makes it sound like in Kim's case, Tor half-worked. Harvard and the FBI likely couldn't see exactly what Kim was doing on Tor. But because he was on Harvard's network, they could tell he'd used the cloaking software at the same time the threatening emails were sent. If you assume there weren't a ton of Harvard kids using web anonymizing software between six and eight o'clock on a Monday morning, then identifying Kim would've been pretty easy. 

(h/t Peter Vogt)

Tags:

More in:

Comments [11]

jamie

When did gorillas get email?

Jan. 05 2014 12:26 PM
rose

it's "Guerrilla Mail" not "Guerilla Mail"

Dec. 22 2013 11:00 PM
William

If he would have studied, this wouldn't be an issue

Dec. 21 2013 01:38 PM
John

if he used a vpn he'd be safe

Dec. 19 2013 03:27 PM
Veronique

This prove that technology not always serves you better. Should have gone the old-fashion way: put a hoodie on and make his bogus threat from a public phone.

Dec. 18 2013 07:35 PM
john

For a guy going to Harvard, he's not the smartest cookie

Dec. 18 2013 04:08 PM
harlan from new york

He should have taken CS50

https://cs50.net

Then perhaps he would have learned something about computers...

Dec. 18 2013 03:23 PM
Sean Ormiston

Let's see how your Harvard experience plays out in the labor market now, ya big dolt!

Dec. 18 2013 03:06 PM
rachel from nyc

some things never change. back in the dark ages students pulled the fire alarm shortly before an exam they hadn't studied for. it wasn't right then and it isn't right now. just take an incomplete ....

Dec. 18 2013 01:45 PM
David

"Kim told the FBI he trying to avoid taking a final exam."

Sounds like enough to charge him.

Dec. 18 2013 12:06 PM
Nick from Cambridge, MA

And frankly, unless they have real evidence against him from his computer or a confession, simply saying he was on Tor around the time it was sent is suspicious but should not be evidence enough to charge him. In that respect, Tor still remains a useful tool for anonymizing traffic.

Though a 20 year old amateur Tor user is more likely than what I'm proposing so it'll all likely depend on how good of a lawyer he gets (as do most trials, I guess).

Will be fun to watch :-)

Dec. 18 2013 11:37 AM

Leave a Comment

Register for your own account so you can vote on comments, save your favorites, and more. Learn more.
Please stay on topic, be civil, and be brief.
Email addresses are never displayed, but they are required to confirm your comments. Names are displayed with all comments. We reserve the right to edit any comments posted on this site. Please read the Comment Guidelines before posting. By leaving a comment, you agree to New York Public Radio's Privacy Policy and Terms Of Use.

Supported by

 

Embed the TLDR podcast player

TLDR is a short podcast and blog about the internet by PJ Vogt and Alex Goldman. You can subscribe to our podcast here. You can follow our blog here. We’re also on Twitter, and we play Team Fortress 2 more or less constantly, so find us there if you like to communicate via computer games from six years ago.

Subscribe to Podcast iTunes RSS

Feeds