Slashdot Mirror

← Back to Stories (view on slashdot.org)

Swede Hacks Embassy Account Information From Around the World

Posted by Zonk on from the around-the-world-in-an-address-book dept.

paulraps writes "A Swedish IT consultant has caused a stir in diplomatic circles after publishing a list of secret log-in details belonging to 100 embassies, public authorities and political parties around the world. Dan Egerstad said he wasn't trying to earn money, gain publicity or get a name for himself in hacking circles. Instead he claimed that publishing the list was easier than contacting the organizations individually — and that if he had handed it to the Swedish authorities then that would have been spying."

7 of 92 comments (clear)

  1. He wants room and board by gillbates · · Score: 2, Interesting

    In the local jail. Why else would anyone do something so boneheaded?

    Honestly, I can't think of any better way to get jailed than to embarrass and irritate the high-level diplomats of 100 countries.

    Yes, it was easier than turning the list over to authorities, or contacting each of the embassies. So what? It could easily be argued that he had a duty of confidentiality with his client that he failed to observe.

    Furthermore, he has actually made security worse by disclosing in this matter. Who knows how many embassies were already aware of the problem, and were in the process of tightening security? It is also likely that at least some of the embassies would have discovered the vulnerabilities independently of this consultant through internal audits, and would have fixed them silently.

    Now, while this guy has stirred up a hornet's nest, he hadn't really done anything to improve the security of these embassies. Sure, they have to fix it now, but they might have done it anyway.

    And what if the Swedes were aware of this and using this information for intel gathering? I don't think anyone is happy he did this.

    --
    The society for a thought-free internet welcomes you.
    1. Re:He wants room and board by gillbates · · Score: 1, Interesting

      Yes, they'll tighten up their security, but it is possible that they were going to do it silently, anyway.

      I mean, if you're going to do research in this area - that is, expend effort looking at security - it's really a cop out to claim that you can't be bothered to contact the embassies individually. You were neither required, nor asked, to evaluate their security. Instead, you take it upon yourself to expend the effort to do the research, and then claim that you can't expend the additional effort to do responsible disclosure?

      This guy had a reasonable expectation that he was going to find vulnerabilities, and should have known from the start that doing the research would incur the responsibility of either keeping them secret, or disclosing them in a responsible way. He did neither.

      --
      The society for a thought-free internet welcomes you.
  2. Re:Good intentions? by Otter · · Score: 2, Interesting
    Is there some article I'm missing, besides the Ars Technica story and the piece it links? There are things in the blurb that don't appear in either.

    At any rate, I'd be curious what this guy did that caused these passwords to "accidentally" fall out.

    --
    What I'm listening to now on Pandora...
  3. Safety of the limelight by Opportunist · · Score: 4, Interesting

    Honestly, should I dig up something like that, I will make it as public as possible, with as much of my name on it as possible as well.

    The reason is simple: When you're in the limelight, it doesn't go unnoticed when you suddenly "vanish". Post it anonymously and they will dig you up. Hand it to some journalist and the same will happen (just that one more person goes with you). You can't simply make someone disappear when he's in the center of attention. Unless you're Copperfield and want to vanish, but that's a different matter.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  4. There is Moral Argument Here... by Anonymous Coward · · Score: 2, Interesting

    Just because

    "Dan Egerstad said he wasn't trying to earn money, gain publicity or get a name for himself in hacking circles..."

    and has the technical ability and the altruistic motives doesn't make it right. Yet if the powers that be (pick you favorite governmental agency) can do this at will, that doesn't make it wrong either.

  5. Re:When best intentions go wrong by joeldg · · Score: 2, Interesting

    "...easier than handing it to them directly..." ???
    wtf, so it is easier to make a post and leave 100+ embassies open to the world or to send mails..
    I suppose there are ethics here that I am missing.. saying he was supposedly doing these people a "favor" by publishing this..

    I guess at least he didn't try to blackmail them.

    --
    anime+manga together at last.. in real time.
  6. More Details and Actual addresses by Anonymous Coward · · Score: 1, Interesting

    I had posted this yesterday as well for a story.
    A more detailed look by Indian express here.
    Looks like the newspaperguys took due dilligence a bit too far...
    from the article
      "The email account of the Indian Ambassador to China contained details of a visit by Rajya Sabha member Arjun Sengupta to Beijing earlier this month for an ILO conference. There was also a transcript of a meeting this evening which a senior Indian official had with the Chinese Foreign Minister. Similarly, accounts of NDA and DRDO officials reveal phone numbers, commercial documents, official correspondence and personal mails."
    This is probably very illegal, even if the information has been posted for all to see actually using this info to access someone else's account should be a no-no.