That Bomb-Hoaxing Harvard Student Was Using Tor, But They Caught Him Anyway

Wednesday, December 18, 2013 - 09:07 AM

Eldo Kim (Institute for Quantitative Social Science)

On Monday, Harvard University administrators received an email claiming that bombs had been placed in two buildings on campus. The emails were a hoax, and the FBI quickly identified the person behind it, a 20-year old student named Eldo Kim. Kim told the FBI he was trying to avoid taking a final exam. 

CBS Boston posted the FBI's affadavit, and it's actually a story with a privacy lesson embedded in it. (I'm assuming here that people are also taking the other, more obvious lesson, which is that you shouldn't make bomb threats.)

Kim sent the threatening emails using a Tor browser, which anonymizes your web browsing, paired with an anonymous email program called Guerilla Mail. That actually could have been enough to protect his identity, except that he did all of this on Harvard's wireless internet

If your school or your workplace offers you free wi-fi, it's worth remembering that you should severely limit your expectations of privacy while on it. That fact is somehow both very obvious and very easy to forget.

The affadavit makes it sound like in Kim's case, Tor half-worked. Harvard and the FBI likely couldn't see exactly what Kim was doing on Tor. But because he was on Harvard's network, they could tell he'd used the cloaking software at the same time the threatening emails were sent. If you assume there weren't a ton of Harvard kids using web anonymizing software between six and eight o'clock on a Monday morning, then identifying Kim would've been pretty easy. 

(h/t Peter Vogt)


More in:

Comments [12]

Kevin from Alpharetta, GA

If any (most likely), what was his punishment? Don't think it was such an excellent idea to send a bomb threat to the most prestigious school in the country... my top choice school.

Apr. 08 2015 10:39 PM

When did gorillas get email?

Jan. 05 2014 12:26 PM

it's "Guerrilla Mail" not "Guerilla Mail"

Dec. 22 2013 11:00 PM

If he would have studied, this wouldn't be an issue

Dec. 21 2013 01:38 PM

if he used a vpn he'd be safe

Dec. 19 2013 03:27 PM

This prove that technology not always serves you better. Should have gone the old-fashion way: put a hoodie on and make his bogus threat from a public phone.

Dec. 18 2013 07:35 PM

For a guy going to Harvard, he's not the smartest cookie

Dec. 18 2013 04:08 PM
harlan from new york

He should have taken CS50

Then perhaps he would have learned something about computers...

Dec. 18 2013 03:23 PM
Sean Ormiston

Let's see how your Harvard experience plays out in the labor market now, ya big dolt!

Dec. 18 2013 03:06 PM
rachel from nyc

some things never change. back in the dark ages students pulled the fire alarm shortly before an exam they hadn't studied for. it wasn't right then and it isn't right now. just take an incomplete ....

Dec. 18 2013 01:45 PM

"Kim told the FBI he trying to avoid taking a final exam."

Sounds like enough to charge him.

Dec. 18 2013 12:06 PM
Nick from Cambridge, MA

And frankly, unless they have real evidence against him from his computer or a confession, simply saying he was on Tor around the time it was sent is suspicious but should not be evidence enough to charge him. In that respect, Tor still remains a useful tool for anonymizing traffic.

Though a 20 year old amateur Tor user is more likely than what I'm proposing so it'll all likely depend on how good of a lawyer he gets (as do most trials, I guess).

Will be fun to watch :-)

Dec. 18 2013 11:37 AM

Leave a Comment

Email addresses are required but never displayed.

Supported by

Embed the TLDR podcast player

TLDR is a short podcast and blog about the internet by Meredith Haggerty. You can subscribe to the TLDR podcast here. You can follow our blog here. I tweet @manymanywords and @tldr.

Subscribe to Podcast iTunes RSS