FBI agents tracked Harvard bomb threats despite Tor

via farm1.staticflickr.com

This week, Harvard was rocked by an unsigned bomb threat, originating from a burner email address and timed to disrupt final exams. It was a seemingly anonymous threat, but just two days later, authorities managed to trace it back to sophomore Eldo Kim, who's now awaiting trial in federal court. Kim used two separate anonymity tools to cover his tracks — the routing service Tor, which covered his web traffic, and the temporary mail service Guerrilla Mail, which offered a one-time email — but neither one was enough to throw authorities off the trail.

Tor led them to Eldo Kim, who promptly confessed

Kim's mistake, it turns out, was connecting through Harvard's wireless network. The FBI quickly traced the emails back to Guerrilla Mail, which in turn indicated that the service had been accessed through Tor. It's unclear how the agents discovered Guerrilla Mail had been accessed through Tor, but it's likely Guerrilla volunteered the information when faced with a federal counterterrorism investigation. (UPDATE: Security researcher Runa Sandvik points out that the originating IP address would have been revealed in the email header, which would have indicated Tor usage.) Suspecting a Harvard student was behind the threats, agents checked to see if anyone had accessed Tor through the local wireless networks. That led them to Kim, who promptly confessed.

It's a reminder of the limitations of Tor, which can only disguise traffic within its own servers. In this case, law enforcement was able to see that Kim had connected to Tor and that someone had used Tor to make the threats, which was all they needed. In an official statement, a Harvard spokesman said the community was "saddened by the details alleged in the criminal complaint." Kim currently faces up to five years in prison with fines of up to $250,000.

The Verge
Log In Sign Up

Log In Sign Up

Please choose a new Verge username and password

As part of the new Verge launch, prior users will need to choose a permanent username, along with a new password.

Your username will be used to login to Verge going forward.

I already have a Vox Media account!

Verify Vox Media account

Please login to your Vox Media account. This account will be linked to your previously existing Eater account.

Please choose a new Verge username and password

As part of the new Verge launch, prior MT authors will need to choose a new username and password.

Your username will be used to login to Verge going forward.

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.