Tor is supposed to hide you online. In this Harvard student’s case, it did the opposite.

December 18, 2013

At 9 a.m. Monday, fire alarms went off in Harvard's Emerson Hall. Minutes before, university officials had gotten e-mails alerting them to a possible bomb threat on campus. The students in Emerson were evacuated, and after a good bout of searching, everything turned out okay. But not for the kid who sent the e-mails.

According to an affidavit, sophomore Eldo Kim told an FBI agent on Dec. 16 that he was responsible for the false threats. Kim wanted to avoid a final exam, the affidavit said.

But how did law enforcement identify Kim in the first place?

It turns out that Tor, the service that ordinarily helps users avoid online detection, wound up fingering Kim as the alleged culprit. While Kim had combined Tor — which masks a computer's IP address so spies can't tell your location — with an anonymous e-mail service called Guerrilla Mail, he was still doing all of his browsing from the Harvard University Wi-Fi, according to the affidavit.

Presumably by looking at the university's network logs, campus police determined that "in the several hours leading up to the receipt of the e-mail messages," Kim was among those who accessed Tor from his own MacBook Pro.

While it doesn't appear that anything within Tor tipped off the police, Kim likely stood out from everyone else who wasn't using the service.

So,  perhaps those who deliberately take steps to stay hidden on the Internet should take note: The fact that most of  us aren't as focused on invisibility can make it easier to identify those who are.

Brian Fung covers technology for The Washington Post, focusing on telecom, broadband and digital politics. Before joining the Post, he was the technology correspondent for National Journal and an associate editor at the Atlantic.
Comments
Show Comments
Most Read Business
Next Story
Brian Fung · December 18, 2013