The Washington Post

Tor is supposed to hide you online. In this Harvard student’s case, it did the opposite.

At 9 a.m. Monday, fire alarms went off in Harvard's Emerson Hall. Minutes before, university officials had gotten e-mails alerting them to a possible bomb threat on campus. The students in Emerson were evacuated, and after a good bout of searching, everything turned out okay. But not for the kid who sent the e-mails.

According to an affidavit, sophomore Eldo Kim told an FBI agent on Dec. 16 that he was responsible for the false threats. Kim wanted to avoid a final exam, the affidavit said.

But how did law enforcement identify Kim in the first place?

It turns out that Tor, the service that ordinarily helps users avoid online detection, wound up fingering Kim as the alleged culprit. While Kim had combined Tor — which masks a computer's IP address so spies can't tell your location — with an anonymous e-mail service called Guerrilla Mail, he was still doing all of his browsing from the Harvard University Wi-Fi, according to the affidavit.

Presumably by looking at the university's network logs, campus police determined that "in the several hours leading up to the receipt of the e-mail messages," Kim was among those who accessed Tor from his own MacBook Pro.

While it doesn't appear that anything within Tor tipped off the police, Kim likely stood out from everyone else who wasn't using the service.

So,  perhaps those who deliberately take steps to stay hidden on the Internet should take note: The fact that most of  us aren't as focused on invisibility can make it easier to identify those who are.

Brian Fung covers technology for The Washington Post, focusing on telecommunications and the Internet. Before joining the Post, he was the technology correspondent for National Journal and an associate editor at the Atlantic.
Show Comments
Most Read
DJIA -0.08%
NASDAQ -0.35%
Last Update: 4:37 PM 02/10/2016(DJIA&NASDAQ)



Success! Check your inbox for details.

See all newsletters

Close video player
Now Playing

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.