At 9 a.m. Monday, fire alarms went off in Harvard's Emerson Hall. Minutes before, university officials had gotten e-mails alerting them to a possible bomb threat on campus. The students in Emerson were evacuated, and after a good bout of searching, everything turned out okay. But not for the kid who sent the e-mails.
According to an affidavit, sophomore Eldo Kim told an FBI agent on Dec. 16 that he was responsible for the false threats. Kim wanted to avoid a final exam, the affidavit said.
But how did law enforcement identify Kim in the first place?
It turns out that Tor, the service that ordinarily helps users avoid online detection, wound up fingering Kim as the alleged culprit. While Kim had combined Tor — which masks a computer's IP address so spies can't tell your location — with an anonymous e-mail service called Guerrilla Mail, he was still doing all of his browsing from the Harvard University Wi-Fi, according to the affidavit.
Presumably by looking at the university's network logs, campus police determined that "in the several hours leading up to the receipt of the e-mail messages," Kim was among those who accessed Tor from his own MacBook Pro.
While it doesn't appear that anything within Tor tipped off the police, Kim likely stood out from everyone else who wasn't using the service.
So, perhaps those who deliberately take steps to stay hidden on the Internet should take note: The fact that most of us aren't as focused on invisibility can make it easier to identify those who are.