It's exactly like the plot of a college comedy: student isn't ready for a final exam, so he calls in a bomb threat. Except, the only twist was that he used an anonymous temporary email service and and anonymizing web browser to cover his tracks. Yet, he was caught rather quickly.
How did the FBI track down Eldo Kim? And did the much lauded Tor browser, used by political dissidents and journalists to stay anonymous, fail?
'Tor didn't break; Kim did.'
How did the FBI catch Kim? They didn't manage to crack Tor's impressive security. They simply checked the school's Wi-Fi records.
The criminal complaint cryptically states that FBI Special Agent Thomas Dalton discovered that the emails came from Guerilla Mail, which provides temporary, anonymous email addresses, and that Guerilla Mail was accessed via Tor, the anonymous browser. He made these discoveries through "investigation" and "further investigation," which doesn't tell us much.
Bruce Schneier, a security expert, posits that the investigators simply obtained a list of people who accessed Tor via the school's Wi-Fi, then went down the list, name-by-name.
"This is one of the problems of using a rare security tool. The very thing that gives you plausible deniability also makes you the most likely suspect," Schneir wrote. "The FBI didn't have to break Tor; they just used conventional police mechanisms to get Kim to confess."
Security lesson of the day? Don't use the school's Wi-Fi when sending threats to the school. Though Tor is an incredibly useful and secure tool, it's not a commonly-used one. It will attract attention.
Full Confession Means Open-and-Shut Case
Kim made a full confession, and waived his Miranda rights, after being interviewed by an FBI agent and Harvard University Police Department officer. He admitted to sending the following email, with the subject line, "bombs placed around campus," to a handful of randomly-selected campus email addresses:
shrapnel bombs placed in:
2/4. guess correctly.
be quick for they will go off soon
He made the threats to avoid a final exam, and when the fire alarms went off at 9:00 a.m., while he was sitting in the classroom preparing for the test, he knew he had succeeded. At least, for a few hours. On the bright side, he won't have to take the exam. Then again, he faces up to five years in prison, plus a massive fine and supervised release.
Harvard Law Professor Alan M. Dershowitz, the criminal law legend, told the Harvard Crimson that, based on the affidavit, "I don't think any lawyer in the world could save him at this point."
Of course, this begs the question: what was the frightening final? Though the Crimson was unable to verify his enrollment in the course, Kim emailed classmates about GOV 1368 The Politics of American Education on Saturday night, and the final for that course was scheduled for 9:00 a.m. on Monday. The course description does sound dreadful.
Join the discussion on Facebook at FindLaw for Legal Professionals.
- Hide your IP address with Tor (FindLaw Legal Professional News)
- Revenge Porn Website Creator Faces 31 Criminal Charges (FindLaw's Technologist Blog)
- Judge Finds NSA Phone Bulk Metadata Program Unconstitutional (FindLaw's Technologist Blog)