back to article Tor embassy 'hacker' raided by Swedish Feds

A security researcher who revealed how the email accounts of embassies were exposed through the misuse of the Tor anonymiser network has been taken in for questioning by Swedish intelligence agencies. Dan Egerstad used Tor to obtain the login credentials of about 1,000 email addresses, including at least 100 accounts belonging …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    In proportion

    Compare his fate to Gary McKinnon, and it's nice to see Sweden is still very much a free country compared to the UK.

  2. Ash
    Thumb Down

    China complains about being snooped on?

    I don't sympathise.

    Maybe they should examine their draconian interior policies against freedom of speech and personal privacy. Maybe then someone would give a damn.

  3. Alan Donaly

    They had to change

    their login password, and user name, and stop sending them in plain text over Tor. The kind of information you could have gotten using his method was potentially damaging. He did some countries a great service by outing this problem, but they won't aid him now the people who were spying on them, strike back at him. I knew they wouldn't, governments are always the same, they never want to admit they screwed up security wise, so helping them is dangerous and completely thankless.Best to just ignore it, and mind your own business. Why did he have so many PS2?

  4. amanfromMars Silver badge
    Mars

    Reverse Engineering....

    "Best to just ignore it, and mind your own business" ... Security is everyone's business because just look at how bad it is used and abused whenever it is not. The most secure security is non-secret encryption where everything is hiding in full sight. That way there is no cost for storage nor knowledge penalty for withholding of information thus speeding up Intelligence Transfer and with some secrets which we don't want anyone knowing being the most expensive and dangerous to keep, it does make one wonder what we are doing with them/have been doing with them.

    How dumb is it to develop something which you can't openly use and which costs a fortune to keep hidden ...... or is that the business model to generate an industry ...money for nothing and all that rock and roll?

    Ok. Good game, good game. Nice to See ya, 42 See ya Nice. Let's do IT again but this time with something we can use.

  5. Chris C

    Good for them

    People like Alan ("They had to change") seem to think that this idiot did nothing wrong, that he was doing his part for the good of the world. Bullshit. Attempting to contact the various people affected would have been the proper thing to do. But he even admitted at the time that he was too lazy to do that, which is why he posted the login details on a public forum instead. The possible (inevitable?) spoofed emails from those workers could have had very serious international consequences. Maybe he didn't do anything illegal, but it sure as hell was reckless and unethical. Yes, the workers were stupid for not properly securing their traffic. But that doesn't justify this idiot's actions.

  6. BitTwister

    @Chris C

    > Attempting to contact the various people affected would have been the proper thing to do.

    But isn't that what he did - to be met by a deafening (and presumably disinterested) silence?

    It all sounds more like a case of shooting the messenger.

  7. Anonymous Coward
    Mars

    @aManFromMars

    I like the new version of your program, it's much more intelligible.

  8. Anonymous Coward
    Black Helicopters

    Why do governments bother to use Encryption?

    Surely these governments can't have anything to hide! What are they afraid of?

    What was that? You're saying that good decent honest Corporations use Encryption all the time, too? Even the noble RIAA/MPAA's affiliates! Say it isn't sooooo!

    Aaaahhhh, I get it. Only Joe Public is a potential criminal if he uses encryption, cos he has nothing to fear; therefore, nothing to hide. How stupid of me... move along...

  9. Solomon Grundy
    Joke

    @Chris C

    WTF?? "spoofed emails from those workers could have had very serious international consequences."

    That's the silliest thing I've heard in a long time:

    Nigeria: "All your warheads are belong to us unless you send us a western union for $515."

    Iran: "Aaaayeee, Allah has warned us of impending doom - we must pay them quickly to be spared!!!"

    Nigeria: "We did not receive your western union - now cost is $1,000,000,000 gold bullion"

    Iran: "Oh no! We do not have that much, we must invade immediately."

    Of course not, critical diplomatic communiques are never made via email - they use bright red rotary phones. Everybody knows that you tool.

  10. Chris C

    re: BitTwister

    "> Attempting to contact the various people affected would have been the proper thing to do.

    But isn't that what he did - to be met by a deafening (and presumably disinterested) silence?"

    No, that isn't what he did. From the original article ("http://www.theregister.co.uk/2007/08/31/embassy_email_accounts_exposed/"):

    ----------

    Egerstad's decision to publish the account details online is sure to reignite the frequent debate about whether such full disclosure is irresponsible because it simply allows a broader base of people to misuse the information. He says he's well versed in the merits of responsible disclosure but decided that posting the login details was the only way to get the attention this problem deserves.

    "I don't have time calling all over the world to tell them something they won't understand or listen to," Egerstad said. "I'm probably going to get charged for helping to commit a crime. I don't really care."

    ----------

    He made no attempt to contact the people. He simply posted their login credentials, knowing full well the implications and consequences of doing so. This wasn't about him trying to help those people. It was about him showing off his 'leet skillz'.

  11. Mats Koraeus
    Black Helicopters

    Feds?

    Sweden is a unity-state democratic monarchy. We have no "feds".

    The "Swedish National Police" (Rikskrim) is the police for large or nation-wide crime -- basically anything the local agencies can't handle.

    The "Swedish Security Police" (SÄPO) is nothing like the CIA. It simply looks after national interest within the country, and will be slapped around quite badly if it tries to meddle with external affairs -- it's more like the MI5.

    ...our CIA-wannabes would be MUST (Military Inteligence, more like MI6), SUND ("Defense Ministry Security & Intelligence agency") and/or FRA (the euphemistically named "Defense Radio Institute" aka "We listen to all your transmissions").

  12. Anonymous Coward
    Anonymous Coward

    He did try and contact those affected

    The register just didn't print that part of the story. In the report that went out in all the Swedish papers he says he did try and contact them but they wouldn't listen.

  13. Demian Phillips
    Pirate

    So many PS2 units.

    The reason he had 8 PS2s was either he was modifying them for people or like many PS2 owners has had a number of them go tits up. Usually the optical drive is what fails, but it's worth keeping the dead ones for spares bits and bobs (there are 13 or more ps2 versions so sometimes there is litte to no internal compatability).

    I myself am on #4. It never goes anywhere or is misused. They just stop reading some kinds of media after a while. My current one read everything I put in but sometimes takes longer then a new one to read a disk or get the occasional read error.

  14. MindSmith

    When Taking down a website is no longer good enough

    Thanks to google's 'non-privacy friendly' cache - the 100 published email addresses and passwords are still online as seen below:

    http://64.233.169.104/search?q=cache:oVY39rgDrbwJ:www.derangedsecurity.com/deranged-gives-you-100-passwords-to-governments-embassies/+derangedsecurity.com+%2B+%22embassies%22&hl=en&ct=clnk&cd=2&gl=uk

    #<include std.disclaimer.H>

This topic is closed for new posts.