Harvard University Bomb Hoax: How FBI Used TOR Network To Catch Suspect, Eldo Kim

 @ryanWneal
on December 20 2013 3:13 PM

Edward Snowden showed in October that the National Security Agency views the Tor network, which anonymizes Web browsing, as a major threat to its mission. The NSA has designed programs to decrypt Tor, but other law enforcement agencies have actually used Tor to catch a criminal.

According to an affidavit filed on Tuesday, the FBI was able to locate 20-year-old Eldo Kim, who created a bomb hoax at Harvard University to avoid an exam, by using the Tor network.

On Monday morning, Kim emailed multiple bomb threats to Harvard’s offices, police department, officials and the school newspaper. The subject line of the email read “bombs placed around campus,” and the body of the email read:

 

shrapnel bombs placed in:

science center
sever hall
emerson hall

2/4. Guess correctly.

be quick for they will go off soon

The whole thing thankfully turned out to be a hoax. When the FBI investigated the emails, they found that Kim had used Guerrilla Mail, a free email service that creates temporary and anonymous email addresses, to cover his tracks.

But the FBI also noticed that Guerilla Mail had been accessed through Tor. All the FBI had to do was get a list of Harvard users who accessed the Tor network and go through it until they found that Kim accessed Tor just before the emails were sent.

“This is one of the problems of using a rare security tool,” Bruce Schneier, a security technician, wrote on his blog. “The FBI didn’t have to break Tor; they just used conventional police mechanisms to get Kim to confess.”

If convicted, Kim faces up to five years in prison, three years of supervised release and a $250,000 fine. 

Share this article