Search This Blog

Monday, December 30, 2013

Bomb-Hoaxing Harvard Student Used Anonymous Web Browser and Email, Yet Was Still Caught. How?

As reported by Electronic Products: This story is actually a pretty good lesson on the limits of online privacy.

In case you missed this story from earlier in the month, Harvard Student Eldo Kim sent in an anonymous email to school officials claiming two bombs had been placed in two buildings on campus.

The point behind his doing this? To get Kim out of his finals.

The result? The school shut down and a media frenzy ensued.

But no sooner did the story get picked up by the various news outlets was Kim caught and the threat proved a hoax.

Truth be told, catching Kim shouldn't have been that easy. According to an FBI affidavit, the student sent the threat using a Tor browser, which 'anonymizes' a user’s web browsing, paired with Guerilla Mail, an anonymous email program.

Typically, this would be enough to shield Kim’s identity.

So what was his mistake?

He sent the threat while connected to Harvard’s wireless Internet system.

According to the FBI’s report, Tor half-worked for Kim; that is, the police couldn't see what he was doing on the browser, but because his computer was connected to the University’s wireless network, coupled with the fact that he was using a cloaking service not only very early in the morning but also at the same time the threatening emails were sent in, his location became pretty easy to identify.

The lesson here, beyond the fact that one should not email fake bomb threats just to get out of a test, is that if you’re using free Wi-Fi, you need to lower your expectations in terms of privacy. A lot of people nowadays assume that if they take the proper precautions when it comes to protecting their online identity and activities, they’re always protected, and that’s not the case. If you use a public service like free Wi-Fi, you should expect to give up a little bit of your information in exchange.