Man behind hack of the year 2007 investigated
16/11/2007 Written by minor
Egerstad published in August this year usernames and passwords to email accounts from embassies and governments from different countries. As he explained, he created exit TOR nodes and intercepted traffic and on such way he obtained these informations. What is maybe worser, logins acquired on this way were according to him not used by legit users but actual malicious people that compromise these accounts and tried to hide in TOR network when using them. Many would say this is unethical approach, but what is here more important: ethics or security (and in this case it applies maybe to world-wide security)? So he turned to notifying affected governments, because if contacting Swedish authorities there was a risk, that his experiment could be misused by intelligence services. Except few calls from Swedish security police the only serious response was from Iran. As he said, “they wanted to know everything i knew”. These are facts that create different points of view. 1. Those who used TOR for communicating sensitive informations probably didn’t read carefully it’s homepage and all the warnings included. Building secure communication channels in government environments should be mandatory, but use TOR for this… excuse me, please, this is stupid. 2. Please note the fact, that most of the accounts were already used by malicious people — Egerstad discovered only top of iceberg. 3. Even he has intercepted traffic on exit node, and this is from ethical point of view something unacceptable, he didn’t misused it and selected the best solution he could — informing governments of affected countries — and this could be considered as ethical approach. The fact, that except Iran nobody seriously investigated this issue. What a shame for more developed countries! 4. He posted account informations to public — another controversial move from ethical point of view. But, let me place here question: if you give out informations for free to governments and become not even “thank you”, what will you do? 5. Egerstad showed only, than anybody can do the same — and have the same informations as he got, with no special and expensive intelligence. And because he published the details, lot of intelligence agencies may become angry. Now, let me please repeat one of my examples: if you forget to lock your car, it can be stolen and that would be your fault, but if your neighbor tells you, that you forgot to lock that car, who becomes most angry? Usually, a thief… 
Dan Egerstad, man behind controversial “hack of the year 2007″ was taken for questioning by Swedish National Crime and Swedish Security Police few days ago, The Age informed. Also his house was raided and police took his computers and hard drives. Anyway no charges have been set.
