Harvard Bomb Threat Shows Anonymous Browser Tor's Limitations - Technologist
Technologist - The FindLaw Legal Technology Blog

Harvard Bomb Threat Shows Anonymous Browser Tor's Limitations

It's exactly like the plot of a college comedy: student isn't ready for a final exam, so he calls in a bomb threat. Except, the only twist was that he used an anonymous temporary email service and and anonymizing web browser to cover his tracks. Yet, he was caught rather quickly.

How did the FBI track down Eldo Kim? And did the much lauded Tor browser, used by political dissidents and journalists to stay anonymous, fail?

'Tor didn't break; Kim did.'

How did the FBI catch Kim? They didn't manage to crack Tor's impressive security. They simply checked the school's Wi-Fi records.

The criminal complaint cryptically states that FBI Special Agent Thomas Dalton discovered that the emails came from Guerilla Mail, which provides temporary, anonymous email addresses, and that Guerilla Mail was accessed via Tor, the anonymous browser. He made these discoveries through "investigation" and "further investigation," which doesn't tell us much.

Bruce Schneier, a security expert, posits that the investigators simply obtained a list of people who accessed Tor via the school's Wi-Fi, then went down the list, name-by-name.

"This is one of the problems of using a rare security tool. The very thing that gives you plausible deniability also makes you the most likely suspect," Schneir wrote. "The FBI didn't have to break Tor; they just used conventional police mechanisms to get Kim to confess."

Security lesson of the day? Don't use the school's Wi-Fi when sending threats to the school. Though Tor is an incredibly useful and secure tool, it's not a commonly-used one. It will attract attention.

Full Confession Means Open-and-Shut Case

Kim made a full confession, and waived his Miranda rights, after being interviewed by an FBI agent and Harvard University Police Department officer. He admitted to sending the following email, with the subject line, "bombs placed around campus," to a handful of randomly-selected campus email addresses:

shrapnel bombs placed in:

science center
sever hall
emerson hall
thayer hall

2/4. guess correctly.  

be quick for they will go off soon

He made the threats to avoid a final exam, and when the fire alarms went off at 9:00 a.m., while he was sitting in the classroom preparing for the test, he knew he had succeeded. At least, for a few hours. On the bright side, he won't have to take the exam. Then again, he faces up to five years in prison, plus a massive fine and supervised release.

Harvard Law Professor Alan M. Dershowitz, the criminal law legend, told the Harvard Crimson that, based on the affidavit, "I don't think any lawyer in the world could save him at this point."

Of course, this begs the question: what was the frightening final? Though the Crimson was unable to verify his enrollment in the course, Kim emailed classmates about GOV 1368 The Politics of American Education on Saturday night, and the final for that course was scheduled for 9:00 a.m. on Monday. The course description does sound dreadful.

Join the discussion on Facebook at FindLaw for Legal Professionals.

Related Resources: