FBI Traces Harvard Bomb Hoax To Undergrad - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity

FBI Traces Harvard Bomb Hoax To Undergrad

The FBI says a Harvard undergrad's decision to access Tor over the university's wireless network helped unmask an alleged sender of bomb threats.

Android Security: 8 Signs Hackers Own Your Smartphone
Android Security: 8 Signs Hackers Own Your Smartphone
(click image for larger view)

The FBI has traced emails containing bomb threats against Harvard University buildings back to their alleged sender, even though the threatening emails were sent using the anonymizing Tor network.

Eldo Kim, the 20-year-old Harvard undergraduate accused of sending the hoax threats, appeared in court Wednesday to answer related charges. If convicted, he faces up to five years in prison -- followed by three years of supervised release -- and a fine of up to $250,000.

The threats were sent via emails with the subject line "bombs placed around campus" and named four locations. But the emails said that bombs had been placed in only two of those locations. "Guess correctly," the message said. "Be quick for they will go off soon." The emails were sent Monday at 8:30 a.m. to two university officials, the Harvard Crimson daily student newspaper, and the University Police Department, which quickly notified the FBI.

The FBI immediately launched an investigation, assisted by the Bureau of Alcohol, Tobacco, Firearms, and Explosives; the Secret Service; the Joint Terrorism Task Force; and state and local law enforcement agencies. All four buildings were evacuated. Bomb technicians and hazmat officers combed through them but found no bombs. Accordingly, about six hours after the threats were received, officials determined that they were hoaxes, and they allowed the buildings to reopen.

[Tor users may not be as anonymous as they think. See Tor Anonymity Cracked; FBI Porn Investigation Role Questioned.

In theory, using Tor helps anonymize data flowing across the Internet, potentially obscuring the sender or receiver. For example, a leaked National Security Agency presentation titled "Tor Stinks" revealed that the network could hide the identity of users from the US intelligence agency. "We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users."

In reality, however, would-be users need to avoid committing some basic operational security errors. For starters, the timing of the bomb emails was suspicious; they arrived 30 minutes before students were scheduled to begin taking their final exams Monday.

According to an affidavit included in the criminal complaint, someone used the Tor network to connect to Guerrilla Mail, which promises "disposable temporary email addresses," and send the bomb hoaxes. The affidavit was signed by FBI special agent Thomas M. Dalton, who works on one of the FBI's Boston counterterrorism squads. "Both Tor and Guerilla Mail are commonly used by Internet users seeking to communicate anonymously and in a manner that makes it difficult to trace the IP address of the computer being used," he wrote.

But that didn't mean Harvard's IT department couldn't look for anyone who may have been using Tor that morning. That's just what it did. "Harvard University was able to determine that, in the several hours leading up to the receipt of the email messages described above, Eldo Kim accessed Tor using Harvard's wireless network," Dalton wrote.

According to the affidavit, an FBI agent and a Harvard police officer interviewed Kim Monday night. After waiving his Miranda rights, Kim confessed to emailing the threats. "According to Kim, he was motivated by a desire to avoid a final exam scheduled to be held" Monday.

What the affidavit doesn't say is that the bureau likely tracked down its suspect through a process of elimination. "Reading the criminal complaint, it seems that the FBI got itself a list of Harvard users that accessed the Tor network, and went through them one by one to find the one who sent the threat," Bruce Schneier, the outgoing security futurologist for BT, wrote in a blog post.

The moral is that, though using Tor obscured the IP address of the person who accessed Guerrilla Mail to send the emails, it didn't obscure the fact that someone was using Tor via the local network. "This is one of the problems of using a rare security tool. The very thing that gives you plausible deniability also makes you the most likely suspect. The FBI didn't have to break Tor; they just used conventional police mechanisms to get Kim to confess," Schneier wrote. "Tor didn't break; Kim did."

Furthermore, the Tor traffic likely gives prosecutors added digital forensic evidence as they build a case against Kim. "I don't think any lawyer in the world could save him at this point," Harvard Law School professor Alan M. Dershowitz told the Crimson. He predicted that Kim will plead guilty. "If he was given his Miranda warnings and he confessed, and the forensic evidence supports the use of his computer and the use of the website, he doesn't seem to have a defense and there will probably be some kind of plea bargain. He will be prosecuted and convicted and sentenced."

Mathew Schwartz is a freelance writer, editor, and photographer, as well the InformationWeek information security reporter.

The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach (free registration required).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
User Rank: Author
12/20/2013 | 3:17:31 PM
Whose smarter
Raises the interesting question: Whose smarter?  A Harvard student or an IT gumshoe working for the FBI. 
User Rank: Author
12/23/2013 | 8:48:58 AM
Re: Whose smarter
Gary_EL, you're right about two things:  It's sad to see what promised to be bright future for a young man like Kim crash and burn from a colossal misjudgement; and that decisions like his cannot be tolerated.
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll