Bomb-threatening student caught because he used Tor on school Wi-Fi
20-year-old Harvard student Eldo Kim has been accused of sending fake bomb threats to Harvard University on Monday. What makes this case interesting is that he used the Tor anonymity network and anonymous Guerilla Mail to do it, but was still identified and caught.
According to the complaint, on Dec. 16, 2013, at approximately 8:30 a.m., the Harvard University Police Department, two officials of Harvard University, and the president of the Harvard Crimson, received identical email messages.
The bomb threats specified four buildings on the Harvard campus, and said: “Shrapnel bombs placed in science center, sever hall, emerson hall, thayer hall, 2/4. guess correctly. be quick for they will go off soon.”
Law enforcement responded immediately to the threats, and the buildings were evacuated. The buildings were thoroughly swept by bomb technicians, but no bombs were found.
The FBI managed to trace the threat back to Kim despite him using Tor to create anonymous email accounts from which he sent the threats, as he made the mistake to also use Harvard’s Wi-Fi network.
“Kim stated he chose the word ‘shrapnel’ because it sounded more dangerous and wrote, ‘2/4. guess correctly,’ so that it would take more time for the Harvard Police Department to clear the area,” an FBI agent that investigated the case stated in an affidavit.
Kim apparently did it so that he could get out of taking a final exam. Unfortunately for him, he could now end in prison for five years and saddled with a $250,000 fine.
“This is one of the problems of using a rare security tool,” security expert Bruce Schneier commented the news. “The very thing that gives you plausible deniability also makes you the most likely suspect. The FBI didn’t have to break Tor; they just used conventional police mechanisms to get Kim to confess.”