Man behind hack of the year 2007 investigated

16/11/2007 Written by minor

lock1Dan Egerstad, man behind con­tro­ver­sial “hack of the year 2007″ was taken for ques­tion­ing by Swedish National Crime and Swedish Secu­rity Police few days ago, The Age informed. Also his house was raided and police took his com­put­ers and hard dri­ves. Any­way no charges have been set.

Egerstad pub­lished in August this year user­names and pass­words to email accounts from embassies and gov­ern­ments from dif­fer­ent coun­tries. As he explained, he cre­ated exit TOR nodes and inter­cepted traf­fic and on such way he obtained these infor­ma­tions. What is maybe worser, logins acquired on this way were accord­ing to him not used by legit users but actual mali­cious peo­ple that com­pro­mise these accounts and tried to hide in TOR net­work when using them. Many would say this is uneth­i­cal approach, but what is here more impor­tant: ethics or secu­rity (and in this case it applies maybe to world-​wide security)?

So he turned to noti­fy­ing affected gov­ern­ments, because if con­tact­ing Swedish author­i­ties there was a risk, that his exper­i­ment could be mis­used by intel­li­gence ser­vices. Except few calls from Swedish secu­rity police the only seri­ous response was from Iran. As he said, “they wanted to know every­thing i knew”.

These are facts that cre­ate dif­fer­ent points of view.

1. Those who used TOR for com­mu­ni­cat­ing sen­si­tive infor­ma­tions prob­a­bly didn’t read care­fully it’s home­page and all the warn­ings included. Build­ing secure com­mu­ni­ca­tion chan­nels in gov­ern­ment envi­ron­ments should be manda­tory, but use TOR for this… excuse me, please, this is stupid.

2. Please note the fact, that most of the accounts were already used by mali­cious peo­ple — Egerstad dis­cov­ered only top of iceberg.

3. Even he has inter­cepted traf­fic on exit node, and this is from eth­i­cal point of view some­thing unac­cept­able, he didn’t mis­used it and selected the best solu­tion he could — inform­ing gov­ern­ments of affected coun­tries — and this could be con­sid­ered as eth­i­cal approach. The fact, that except Iran nobody seri­ously inves­ti­gated this issue. What a shame for more devel­oped countries!

4. He posted account infor­ma­tions to pub­lic — another con­tro­ver­sial move from eth­i­cal point of view. But, let me place here ques­tion: if you give out infor­ma­tions for free to gov­ern­ments and become not even “thank you”, what will you do?

5. Egerstad showed only, than any­body can do the same — and have the same infor­ma­tions as he got, with no spe­cial and expen­sive intel­li­gence. And because he pub­lished the details, lot of intel­li­gence agen­cies may become angry.

Now, let me please repeat one of my exam­ples: if you for­get to lock your car, it can be stolen and that would be your fault, but if your neigh­bor tells you, that you for­got to lock that car, who becomes most angry? Usu­ally, a thief…

Share this content: