Government // Cybersecurity
News
12/20/2013
12:16 PM
Connect Directly
RSS
E-Mail
50%
50%

FBI Traces Harvard Bomb Hoax To Undergrad

The FBI says a Harvard undergrad's decision to access Tor over the university's wireless network helped unmask an alleged sender of bomb threats.

Android Security: 8 Signs Hackers Own Your Smartphone
Android Security: 8 Signs Hackers Own Your Smartphone
(click image for larger view)

The FBI has traced emails containing bomb threats against Harvard University buildings back to their alleged sender, even though the threatening emails were sent using the anonymizing Tor network.

Eldo Kim, the 20-year-old Harvard undergraduate accused of sending the hoax threats, appeared in court Wednesday to answer related charges. If convicted, he faces up to five years in prison -- followed by three years of supervised release -- and a fine of up to $250,000.

The threats were sent via emails with the subject line "bombs placed around campus" and named four locations. But the emails said that bombs had been placed in only two of those locations. "Guess correctly," the message said. "Be quick for they will go off soon." The emails were sent Monday at 8:30 a.m. to two university officials, the Harvard Crimson daily student newspaper, and the University Police Department, which quickly notified the FBI.

The FBI immediately launched an investigation, assisted by the Bureau of Alcohol, Tobacco, Firearms, and Explosives; the Secret Service; the Joint Terrorism Task Force; and state and local law enforcement agencies. All four buildings were evacuated. Bomb technicians and hazmat officers combed through them but found no bombs. Accordingly, about six hours after the threats were received, officials determined that they were hoaxes, and they allowed the buildings to reopen.

[Tor users may not be as anonymous as they think. See Tor Anonymity Cracked; FBI Porn Investigation Role Questioned.

In theory, using Tor helps anonymize data flowing across the Internet, potentially obscuring the sender or receiver. For example, a leaked National Security Agency presentation titled "Tor Stinks" revealed that the network could hide the identity of users from the US intelligence agency. "We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users."

In reality, however, would-be users need to avoid committing some basic operational security errors. For starters, the timing of the bomb emails was suspicious; they arrived 30 minutes before students were scheduled to begin taking their final exams Monday.

According to an affidavit included in the criminal complaint, someone used the Tor network to connect to Guerrilla Mail, which promises "disposable temporary email addresses," and send the bomb hoaxes. The affidavit was signed by FBI special agent Thomas M. Dalton, who works on one of the FBI's Boston counterterrorism squads. "Both Tor and Guerilla Mail are commonly used by Internet users seeking to communicate anonymously and in a manner that makes it difficult to trace the IP address of the computer being used," he wrote.

But that didn't mean Harvard's IT department couldn't look for anyone who may have been using Tor that morning. That's just what it did. "Harvard University was able to determine that, in the several hours leading up to the receipt of the email messages described above, Eldo Kim accessed Tor using Harvard's wireless network," Dalton wrote.

According to the affidavit, an FBI agent and a Harvard police officer interviewed Kim Monday night. After waiving his Miranda rights, Kim confessed to emailing the threats. "According to Kim, he was motivated by a desire to avoid a final exam scheduled to be held" Monday.

What the affidavit doesn't say is that the bureau likely tracked down its suspect through a process of elimination. "Reading the criminal complaint, it seems that the FBI got itself a list of Harvard users that accessed the Tor network, and went through them one by one to find the one who sent the threat," Bruce Schneier, the outgoing security futurologist for BT, wrote in a blog post.

The moral is that, though using Tor obscured the IP address of the person who accessed Guerrilla Mail to send the emails, it didn't obscure the fact that someone was using Tor via the local network. "This is one of the problems of using a rare security tool. The very thing that gives you plausible deniability also makes you the most likely suspect. The FBI didn't have to break Tor; they just used conventional police mechanisms to get Kim to confess," Schneier wrote. "Tor didn't break; Kim did."

Furthermore, the Tor traffic likely gives prosecutors added digital forensic evidence as they build a case against Kim. "I don't think any lawyer in the world could save him at this point," Harvard Law School professor Alan M. Dershowitz told the Crimson. He predicted that Kim will plead guilty. "If he was given his Miranda warnings and he confessed, and the forensic evidence supports the use of his computer and the use of the website, he doesn't seem to have a defense and there will probably be some kind of plea bargain. He will be prosecuted and convicted and sentenced."

Mathew Schwartz is a freelance writer, editor, and photographer, as well the InformationWeek information security reporter.

The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach (free registration required).

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
TerryB
50%
50%
TerryB,
User Rank: Ninja
12/20/2013 | 1:30:50 PM
Moron
Was it Animal House where the Dean said "Fat, lazy, and stupid is no way to go thru life"? But maybe Kim isn't fat.
WKash
50%
50%
WKash,
User Rank: Author
12/20/2013 | 3:17:31 PM
Whose smarter
Raises the interesting question: Whose smarter?  A Harvard student or an IT gumshoe working for the FBI. 
Gary_EL
50%
50%
Gary_EL,
User Rank: Ninja
12/22/2013 | 10:10:59 PM
Re: Whose smarter
I don't know which guy is the smarter, but I know which one has more experience, and generally, experience trumps raw intelligence. The FBI guy deals with these issues every day; Kim, no matter how bright he may be, is an amateur. What a sad waste of a life and career, but this kind of thing can't be tolerated.

 
WKash
50%
50%
WKash,
User Rank: Author
12/23/2013 | 8:48:58 AM
Re: Whose smarter
Gary_EL, you're right about two things:  It's sad to see what promised to be bright future for a young man like Kim crash and burn from a colossal misjudgement; and that decisions like his cannot be tolerated.
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.