Last Monday Harvard sophomore Eldo Kim emailed a bomb threat to authorities at Harvard, including the Harvard University police department and the daily newspaper, The Crimson. His intent was to avoid a 9:00 a.m. exam, and while he certainly did, it was apparently very easy to track down the source of the emails once the immediate crisis was over.
Kim used a disposable email service called Guerilla Mail to send the threats. The site issued a statement about the misinformation surrounding its purpose. The true purpose of the designers was to provide an email address for signing up to services, to protect your regular inbox from spam. “Any future spam will go to the disposable address, instead of your regular address.”
Next, he tried to hide his IP address by burrowing into the Tor network. His mistake here was perhaps that the Tor network has some known entry and exit points. The system runs on specific servers, some of which are public knowledge, and while the user IP may be masked, it’s possible to trace between servers.
“Harvard was able to consult its network activity logs and simply identify a device on its network that connected to one of these known Tor nodes around the same time the emails were sent,” wrote Slate contributor Josephine Wolff
The final nail in the coffin was the fact that every device connected to a network (either wi-fi or LAN) has a MAC address, and Harvard asks all students to register their devices if they’re accessing Harvard’s internet services. With the TOR port known, and MAC addresses on file, it was easy for Harvard to look at its data logs and pinpoint someone on its network using TOR around the time of the emails.
This isn’t really a case to advocate for privacy, but this kind of information was immediately available to anyone that spent an hour or two looking for it. Even when using a disposable email address, and the TOR network, it’s still possible to give away more information about yourself than you ever expected.