The Downfall of Eldo Kim
TLDR: We do not support or encourage readers to make bomb threats in any form.
Who was Eldo Kim?
Eldo Kim was a 20 year old undergraduate in the Department of Psychology at Harvard University. On December 16, 2013, he was about to take his final exam in Emerson Hall. However, it appears he had not studied sufficiently for the exam, leading him to use the Tor browser to send multiple bomb threat emails to various addresses associated with the university. These emails were sent using Guerrilla Mail, with the subject line "Bombs Placed Around Campus" and the following content:
shrapnel bombs placed in:
science center
sever hall
emerson hall
thayer hall2/4. guess correctly.
be quick for they will go off soon
This resulted in the full evacuation of the buildings and, of course, the cancellation of his exam.
What were the OPSEC mistakes that Eldo Kim made?
This section outlines how law enforcement pursued him and the operational security (OPSEC) mistakes that led to Eldo Kim's arrest.
1. Being the only one using Tor
Guerrilla Mail was a site that allowed a person to send emails without the need for an account, which made it possible to send emails anonymously since everyone could send emails from the same address and needed nothing to sign up. However, when an email was sent, Guerrilla Mail also included the IP address of the sender in the email (probably to have a way of addressing abuse). Eldo Kim seemed to know this, though, and used the Tor browser when sending the emails. This meant that the authorities, upon examining the emails, could only see a Tor exit node. Consequently, they investigated who on the university network was accessing the Tor network and found only one individual: Eldo Kim.
2. Talking to the police
After determining that Eldo Kim had accessed the Tor network, law enforcement approached him for a conversation. During this discussion, he admitted to sending the bomb threats himself from his laptop.
3. Sentence
The maximum penalties under the bomb hoax statute include five years in prison, three years of supervised release, and a $250,000 fine.
In a plea agreement, he was permitted to participate in a pretrial diversion program, which included four months of home confinement, 750 hours of community service, and a public apology. If he successfully completed the program, the charges would be dismissed.
What should Eldo Kim have done differently?
TLDR: Use something like V2Ray, Cloak, or a VPN to protect against tor use correlation attacks
The primary mistake in this situation was communicating with law enforcement and telling on himself. One should always exercise the right to remain silent and consult with a lawyer before speaking to authorities.
Additionally, instead of accessing Tor from the university network, he should have utilized a public WiFi network. If that was not feasible, it would have been prudent to explore our guides on concealing Tor usage using V2Ray, Cloak, or even a VPN.
Suggest changes
odysseus
2025-08-23
Donate XMR to the author:83tvixnZaL5SbN8fWiPAAje4mvdZnfrJUM5H1pnbLTZmT1d6eGC1qCp7aFB7jUpt3wECm33L9quvkAVtJH4GDvYmEuoPgrr