2 minute read

This is going to be a short post about a mistake we can all learn from when a Harvard student emailed a bomb threat to his school while using tor to avoid a final exam.


…the student “took steps to disguise his identity” by using Tor, a software which allows users to browse the web anonymously, and Guerrilla Mail, a service which allows users to create free, temporary email addresses.

Despite 20-year-old Eldo Kim’s goal of anonymity, his attempts to mask his identity led authorities right to his front door. Does that mean that Tor failed a user looking to delay his “Politics of American Education” exam? Not in the slightest.

While the Harvard student did indeed use Tor, it was his other sloppy security measures that led to his arrest. The complaint says the university “was able to determine that, in the several hours leading up to the receipt of the e-mail messages … Eldo Kim accessed Tor using Harvard’s wireless network.

What Kim didn’t realize is that Tor, which masks online activity, doesn’t hide the fact that you are using the software. In analyzing the headers of the emails sent through the Guerrilla Mail account, authorities were able to determine that the anonymous sender was connected to the anonymity network.

Using that conclusion, they then attempted to discern which students had been using Tor on the Harvard wireless network around the time of the threats. Before firing up Tor, Kim had to log on to the school’s wireless system, which requires users to authenticate with a username and password. By going through network logs and looking for users who connected to the publicly-known IP addresses that are part of the Tor network, the university was able to cross-reference users that were using both Tor and its wireless internet around the time the bomb threats were received.

There is not much for me to add other than the fact that, if you are planning on doing some freedom fighting, activism or just using Silk Road, make sure that you are able to do so where using tor is not going to raise some flags. In the case of this student, he was likely the only student at Harvard using tor at the moment this email was sent, and when the authorities came to his dorm he quickly admitted he was responsible.

He likely never would have been caught, but remember when you use tor, others can be aware that you are using it. A better idea for him would have been to connect to another computer remotely and have that computer connected to tor to send the email. This way, they never could have seen his computer connected to tor. I would not worry about using tor on a regular basis from your home, because there are hundreds of thousands of tor users, but it is again, something to be aware of. tor will not cover your bad OpSec mistakes like in the case of Eldo Kim.

Updated: 2014-02-13