Harvard bomb threat student caught after using Guerrilla Mail and Tor

Perhaps it’s wrong of us, but we found the story of Eldo Kim, a Harvard University student who made bomb threats in order to get out of an taking a final exam rather amusing (although the potential five year jail sentence certainly isn’t.)

More interesting, however, and a pertinent lesson for those who want to protect their anonymity, is how he got caught. Kim sent the bomb threats by email, using an anonymous disposable email service called Guerrilla Mail, and further protecting his identity using the Tor anonymity network.

These might sound like great precautions to prevent getting caught, but Kim made the mistake of using the Harvard campus WiFi network when making the threats. All Harvard security had to do was check their logs to see who was using Tor at the time the emails were sent, and the police could then bring them in for questioning (and it is very possible that Kim was the only person using Tor at 8:30 that day). This incidentally is known as ‘end to end timing attack’, and is known vulnerability with Tor.

Apparently it didn’t take much pressure from the police before Kim gave a full confession.

Although this mistake was undoubtedly very stupid on Kim’s part, it is, to be honest, a fairly easy one to make, and demonstrates how those serious about security need to carefully think through the implications of their setup. Remember that Kim was a student at one of the world’s top universities. He is not dumb.

In Kim’s case, he should instead have gone somewhere with open WiFi (such as public library or café), which would have made it very difficult to catch him. Using VPN instead of Tor may have helped a little as it is a little less obvious to spot, but would still have been vulnerable to an end to end timing attack.

Of course, we do not in any condone Kim’s actions, but anonymity tools are just that: tools. They have many extremely good uses, and to use them well people need to learn from the mistakes of others.

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.


  1. Wake up ffs!

    on July 9, 2018

    Great job describing how to increase emailing anonymity in an article about an actual bomber who sent email threats, you chucklef*cks.

    1. Douglas Crawford replied to Wake up ffs!

      on July 10, 2018

      Hi Wake up ffs! Well, Kim is not an actual bomber, he is a bomb threat hoaxer. No actual bombs existed. But yes, the mistakes of criminals who get caught through their own stupidity does make instructive reading for anyone interested in good privacy op-sec.

  2. anonymous

    on October 17, 2017

    Now, most anonymous mailing providers randomly delay the time of sending the email to avoid time-correlation attack.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.