A 20-year-old US man and Harvard University student was arrested on Tuesday and charged with allegedly sending bomb threats to get out of a final exam.
An affidavit filed by the FBI on Tuesday alleges that Eldo Kim, of Cambridge, Massachusetts, on Monday morning emailed multiple bomb threats to Harvard University offices, including to the university’s police department, two Harvard officials, and the office of the president of the Harvard Crimson, which is Harvard’s daily student newspaper.
The subject line of the identical messages read “bombs placed around campus.”
The body of the email message:
shrapnel bombs placed in:
2/4. Guess correctly.
be quick for they will go off soon
The buildings referenced in the email are on the university’s main campus in Cambridge, Massachusetts.
Harvard police called in the FBI, and the four buildings were immediately evacuated.
Bomb technicians and hazmat officers combed through the buildings for several hours but concluded that the threats must have been a hoax.
When it investigated the email messages, the FBI found that they’d come from Guerrilla Mail: a free email service that creates temporary, anonymous email addresses.
They also discovered that whoever had sent the emails had accessed Guerrilla Mail through the Tor anonymizing service, the affidavit says.
Tor is an anonymizing service that directs traffic through a worldwide, volunteer network that makes it difficult for law enforcement to trace a user.
Tor has, at least in the past, thrown up road blocks to law enforcement, as was made clear with the “Tor stinks” presentation from the National Security Agency (NSA) that The Guardian published in October.
Law enforcement leapt over the road block pretty easily in this case, however: investigators figured out that in the several hours leading up to the receipt of the email, Eldo Kim had allegedly accessed Tor using the university’s wireless network.
As security analyst Bruce Schneier pointed out in a blog post on Wednesday, this case underscores how using Tor can raise a red flag when somebody’s actually trying to pass undetected:
This is one of the problems of using a rare security tool. The very thing that gives you plausible deniability also makes you the most likely suspect. The FBI didn't have to break Tor; they just used conventional police mechanisms to get Kim to confess.
The affidavit says that Kim told investigators that he had picked the email recipients at random from a university web page and did it to get out of an exam scheduled for Monday morning.
The FBI also says that Kim stated that he had chosen the word “shrapnel” because “it sounded more dangerous.” He also told investigators that he wrote “2/4. guess correctly” so it would take more time for police to clear the area.
Kim was in Emerson Hall, where his exam was scheduled to take place, at 9 a.m. on Monday.
The affidavit says that when Kim heard an alarm go off, “he knew that his plan had worked.”
He could face a maximum five years in prison, three years of supervised release, and a $250,000 fine if charged under the bomb hoax statute, according to a press release from the Boston US District Attorney’s office.
Image of stock exchange courtesy of Shutterstock.
10 comments on “Use of Tor pointed FBI to Harvard University bomb hoax suspect”
“Tor generates a random, anonymous IP address for temporary use that’s difficult for law enforcement to trace.”
Not really… It routes traffic through various computers around the world. It’s not just a case of setting the ip address to randint(255).randint(255).randint(255).randint(255) as this implies…
Thanks Ben, we’ve changed the paragraph.
Scary to think that people are doing this out there!
I just don’t understand some peoples mentality, What is going on in this world, Some people are completely stupid, Don’t they realise that they will be found.
Clearly he thought simply using Tor would protect him. The thing about security tools (AV, crypto, Tor) is that you have to use them *correctly* (and even then, there’s no guarantee). He was trying to be a needle in a haystack, but there was no hay!
Andrew, there’s nothing new here to see. Human depravity is as old as man. Nothing about current events changes that. The only thing changed is how fast and how often we get information. It gives the impression that man is more depraved than he was 50 years ago. It’s a false pretense though, since man is just as depraved as he was 50 years, 500 years, or 5000 years ago. We are just exposed to it more often now.
Would never condone what he did… Harvard educated, guess he didn’t think of rule #1 Don’t poop in your own backyard. Wasn’t to bright that he accessed TOR from the Universities network. I would never think a University would monitor their network!!!
He will definitely not do well on the test now.
To think that Harvard students would be a little bit smarter
Wait, you mean stuff on the Internet can be tracked? Where has this kid been for the last year? Apparently he does not subscribe to Naked Security.