Tor Used To Collect Embassy Email Passwords

Posted by kdawson on Tuesday September 11, 2007 @05:57AM from the getting-their-attention dept.

Several readers wrote in to inform us that Swedish security researcher Dan Egerstad has revealed how he collected 100 passwords from embassies and governments worldwide, without hacking into anything: he sniffed Tor exit routers. Both Ars and heise have writeups on Egerstad's blog post, but neither adds much to the original. It's not news that unencrypted traffic exits the Tor network unencrypted, but Egerstad correctly perceived, and called attention to, the lack of appreciation for this fact in organizations worldwide.

1 of 99 comments (clear)

Min score:

Reason:

Sort:

Lo dudo by Anonymous Coward · 2007-09-11 06:11 · Score: 5, Insightful

I doubt the users from these governments were using TOR to check their mail. More likely that hackers had already compromised the accounts and were using them to check the email accounts anonymously.

-AC