Use of Tor pointed FBI to Harvard University bomb hoax suspect

Filed Under: Featured, Law & order

Harvard University LogoA 20-year-old US man and Harvard University student was arrested on Tuesday and charged with allegedly sending bomb threats to get out of a final exam.

An affidavit filed by the FBI on Tuesday alleges that Eldo Kim, of Cambridge, Massachusetts, on Monday morning emailed multiple bomb threats to Harvard University offices, including to the university's police department, two Harvard officials, and the office of the president of the Harvard Crimson, which is Harvard's daily student newspaper.

The subject line of the identical messages read "bombs placed around campus."

The body of the email message:

shrapnel bombs placed in:

science center
sever hall
emerson hall

2/4. Guess correctly.

be quick for they will go off soon

The buildings referenced in the email are on the university's main campus in Cambridge, Massachusetts.

Harvard police called in the FBI, and the four buildings were immediately evacuated.

Bomb technicians and hazmat officers combed through the buildings for several hours but concluded that the threats must have been a hoax.

When it investigated the email messages, the FBI found that they'd come from Guerrilla Mail: a free email service that creates temporary, anonymous email addresses.

They also discovered that whoever had sent the emails had accessed Guerrilla Mail through the Tor anonymizing service, the affidavit says.

Tor is an anonymizing service that directs traffic through a worldwide, volunteer network that makes it difficult for law enforcement to trace a user.

Tor has, at least in the past, thrown up road blocks to law enforcement, as was made clear with the "Tor stinks" presentation from the National Security Agency (NSA) that The Guardian published in October.

TorLaw enforcement leapt over the road block pretty easily in this case, however: investigators figured out that in the several hours leading up to the receipt of the email, Eldo Kim had allegedly accessed Tor using the university's wireless network.

As security analyst Bruce Schneier pointed out in a blog post on Wednesday, this case underscores how using Tor can raise a red flag when somebody's actually trying to pass undetected:

This is one of the problems of using a rare security tool. The very thing that gives you plausible deniability also makes you the most likely suspect. The FBI didn't have to break Tor; they just used conventional police mechanisms to get Kim to confess.

The affidavit says that Kim told investigators that he had picked the email recipients at random from a university web page and did it to get out of an exam scheduled for Monday morning.

The FBI also says that Kim stated that he had chosen the word "shrapnel" because "it sounded more dangerous." He also told investigators that he wrote "2/4. guess correctly" so it would take more time for police to clear the area.

Kim was in Emerson Hall, where his exam was scheduled to take place, at 9 a.m. on Monday.

The affidavit says that when Kim heard an alarm go off, "he knew that his plan had worked."

He could face a maximum five years in prison, three years of supervised release, and a $250,000 fine if charged under the bomb hoax statute, according to a press release from the Boston US District Attorney's office.

Image of stock exchange courtesy of Shutterstock.

, , , , ,

You might like

10 Responses to Use of Tor pointed FBI to Harvard University bomb hoax suspect

  1. Ben · 272 days ago

    "Tor generates a random, anonymous IP address for temporary use that's difficult for law enforcement to trace."

    Not really... It routes traffic through various computers around the world. It's not just a case of setting the ip address to randint(255).randint(255).randint(255).randint(255) as this implies...

  2. Jonathan Stevens · 272 days ago

    Scary to think that people are doing this out there!

  3. Andrew · 272 days ago

    I just don't understand some peoples mentality, What is going on in this world, Some people are completely stupid, Don't they realise that they will be found.

    • King · 272 days ago

      Clearly he thought simply using Tor would protect him. The thing about security tools (AV, crypto, Tor) is that you have to use them *correctly* (and even then, there's no guarantee). He was trying to be a needle in a haystack, but there was no hay!

    • Andrew, there's nothing new here to see. Human depravity is as old as man. Nothing about current events changes that. The only thing changed is how fast and how often we get information. It gives the impression that man is more depraved than he was 50 years ago. It's a false pretense though, since man is just as depraved as he was 50 years, 500 years, or 5000 years ago. We are just exposed to it more often now.

  4. NoSpin1600 · 272 days ago

    Would never condone what he did... Harvard educated, guess he didn't think of rule #1 Don't poop in your own backyard. Wasn't to bright that he accessed TOR from the Universities network. I would never think a University would monitor their network!!!

  5. Blake · 272 days ago

    He will definitely not do well on the test now.

  6. Anonymous · 269 days ago

    To think that Harvard students would be a little bit smarter

  7. Sayvlib · 269 days ago

    Wait, you mean stuff on the Internet can be tracked? Where has this kid been for the last year? Apparently he does not subscribe to Naked Security.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.