Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor Used To Collect Embassy Email Passwords

Posted by kdawson on from the getting-their-attention dept.

Several readers wrote in to inform us that Swedish security researcher Dan Egerstad has revealed how he collected 100 passwords from embassies and governments worldwide, without hacking into anything: he sniffed Tor exit routers. Both Ars and heise have writeups on Egerstad's blog post, but neither adds much to the original. It's not news that unencrypted traffic exits the Tor network unencrypted, but Egerstad correctly perceived, and called attention to, the lack of appreciation for this fact in organizations worldwide.

1 of 99 comments (clear)

  1. Re:Raising the question... by godzilla808 · · Score: 0, Redundant

    >tor just helps them cover their tracks.

    More than that: tor gives them access in the first place. It's a lot easier to set up a node and sniff it than to hack in to a network device that would otherwise have access to all of that traffic.

    Being in hostile territory, I can see tor being an effective way for getting information out of the country, but the problem is--like the blogger stated--that the traffic should be encrypted *before* it's even put on the tor network so that it will be protected as it leaves the exit node.

    --
    ...///...