The FBI didn’t have a very hard time tracking down the Harvard University student who emailed a bomb threat around campus — he was using anonymous web browser Tor to hide his identity, but he accessed it using the university’s wireless network.
Eldo Kim admitted to FBI agents that he was the one who emailed a bomb threat to campus officials Monday, shutting down four buildings and cancelling several finals, according to a federal complaint. He allegedly did it to get out of a final exam.
Kim’s email went out at about 8:30 a.m. When the FBI called in to investigate, they were able to figure out which Harvard wifi users accessed anonymous web browsing service Tor in the hours leading up to the bomb threat, according to court documents.
Tor generates anonymous IP addresses for users so they cannot be tracked. Kim also reportedly used a service called Guerrilla Mail that creates temporary and anonymous email addresses for free.
From the federal complaint:
As Harvard security expert Bruce Schneier points out: “The very thing that gives you plausible deniability also makes you the most likely suspect. The FBI didn’t have to break Tor; they just used conventional police mechanisms to get Kim to confess.”
Chester Wisniewsk, a senior security advisor at Sophos told NBC News: “You can still, with a reasonable amount of certainty, identify someone by things like the version of web browser they’re using, along with the exact model of computer they are connecting with, combined with 10 or 12 things we leak all the time by just using the Internet.”
NOW WATCH: Briefing videos
Business Insider Emails & Alerts
Site highlights each day to your inbox.