Slashdot Mirror
Police swoop on 'Hacker of the Year'
AcidAUS writes "The Swedish hacker, Dan Egerstad, who perpetrated the so-called hack of the year, has been arrested in a dramatic raid on his apartment, during which he was taken in for questioning and several of his computers confiscated. Egerstad broke into the global communications network used by embassies around the world in August and gained access to 1000 sensitive email accounts."
I thought he just listened in on Tor traffic.
90% of what makes a really good hack hard is STFU'ing about it.
Care about electronic freedom? Consider donating to the EFF!
Can we now safely call this guy the #1 Bragger?
I thought this was the type of group that was all upset if someone misused the term hacker.
Break the law, go to jail. You don't have to like the laws, but breaking them ain't going to do you a bit of good. And then to go as far as start messing with the cops? Good going there Dan! Enjoy your time in prison!
All he did was run a tor exit node, and observe the outgoing traffic, a known possibility when using tor. Not only is there the disclaimer "This is experimental software. Do not rely on it for strong anonymity" evertime you run tor, but this vector of potential attack is so bloody obvious that anyone not aware of would be a bloody idiot not to use additional encryption for accessing sensitive information on the other end, and rely on tor only for obfuscation of the fact that the route originates from them.
---
the pen is mightier than the sword, the sword is mightier than the court, the court is mightier than the pen.
I mean, I'm not up on all that. But for a little while the effort was made to distinguish them. Has that effort been abandoned by white-hats?
What happend to word "Cracker" and "Hacker"? Is he now a Hacker or Cracker? Few days ago was again news that how one hacker found thousands of servers without updates and firewall and he was hacker because he is security advisor and works for one company. So why this man is called as hacker too if he stoled information?
'Dramatic raid' sort of conjures up the image of police kicking in the doors and going in with their guns blazing and shooting anyone in sight. I kinda imagine that didn't happen. :(
He fucked the police states, so the police bit back.
He is lucky not to be in russia or china or cold war US so he got no bullet in his head.
Patents Drive Free Software as Hurricanes Drive Construction Industry
Meanwhile, Swedish police stands by watching an outbreak of gang shootings in the city of Gothenburg, in which even police stations and police helicopter hangars have been destroyed by drive by shootings. The chief of police is quoted as saying "We know who they are but we can't arrest them because we have no proof".
Isn't it amazing that it's easier in Sweden to raid and arrest a white collar hacker than a hard-core gang of criminals with machine guns?
In other news, Swedish feminists were heard crying out for the right to display their breasts in public - "we too [want to] pull off our shirts at football matches".
God, what a country.
From TFA:
... covered my mouth, scratched my elbow, looked away and so on.""
""They broke my wardrobe, short cutted my electricity, pulled out my speakers, phone and other cables having nothing to do with this and been touching my bookkeeping, which they have no right to do," he said."
Oh, they have no RIGHT to do it? As opposed to hacking email accounts, which you DID have a right to do? What if they just said that they were 'hacking' your physical life, would that make it ok?
"While questioning Egerstad at the station, the police "played every trick in the book, good cop, bad cop and crazy mysterious guy in the corner not wanting to tell his name and just staring at me". "Well, if they want to try to manipulate, I can play that game too. [I] gave every known body signal there is telling of lies
Personally, Egerstad sounds like the kind of a sanctimonious dick that SHOULD get the beatdown. They should give him "every known signal" that the police don't like it when when someone is lying to them...tasers, nightstick, whatever.
"Egerstad said the police also accused him of theft because he had eight PlayStation 2 consoles in his apartment. He said he owns a company that "handles consoles"."
Um, yeah, his company 'handles' them. What, like, you polish them or something? SMBS...perhaps you should check your own windows before you start casting stones, Mr. Egerstad.
-Styopa
broke into the global communications network used by embassies around the world in August and gained access to 1000 sensitive email accounts
He acquired access credentials to 1000 email accounts used by embassies. He did so by becoming an exit node of the TOR anonymizing network and reading the unencrypted exit traffic. That may have been in violation of the law, but does not constitute "breaking into the global communications network used by embassies".
Look, I don't know if the guy actually broke any laws. It sounds like he might have, but maybe not. On the other hand, intentionally trying to fuck with the police after they arrested him is plain stupid. It doesn't buy you anything except bad will. It's not like the people interrogating him are the ones that made the decision to arrest him. You get pulled in by the police, if you're really not guilty, the only smart thing to do is cooperate. Creating that kind of bad will and then complaining that you might not get your computer equipment back for years, well what do you expect? Shit on people and expect them to shit on you back.
Dan didn't break into anything. He simply set up a Tor node and watches the traffic passing. Most likely the passwords he sniffed out were not used by Embassy officials but by criminal elements who were using Tor to avoid being caught when using stolen credentials.
Also, he notified the involved embassies weeks before publishing the material.
I not saying it was a stupid move (I think it was) but the summary makes him look like a criminal which he is most certainly not. The Swedish police does not understand IT and obviously does whatever foreign countries tell them to do since our political leaders lacks spines.
a HOTY
From the article, paragraph 1:
The Swedish hacker who perpetrated the so-called hack of the year...From the article, paragraph 2:
Dan Egerstad, a security consultant, intercepted data carried over a global communications network...Emphasis mine. So what is he? If he's a hacker, the raid is just desserts. If he's a security consultant, and he's exposed this flaw, he's being persecuted. Frankly, I don't know what he really is, but it seems like the press is schizophrenic on this issue. It just goes to show that when it comes to technology, the mainstream press is a bit low on clarity and high on sensationalism.
GetOuttaMySpace - The Anti-Social Network
I would think so, of course as long as no one can probe you are doing it, it should be fine. If you lend you computer to someone and sniff his traffic, that's going to be illegal, same thing. The question is if your intent is to inform people, does that make it less illegal. Of course it does, now being called a hacker certainly doesn't help.
Information wants to be free.
I live a few hundred meters from his home, and was woken up that day, not by my useless alarm clock, but by sirens from 7 or 8 police cars heading in the direction of his apartment. From the TFA it seems like the were a bit more discreet when moving in on him, so I guess this was some kind of show of force to intimidate him, and his neighbours. Wouldn't surprise me, considering how the TPB-raid was done.
The guy did not 'break into' anything - he dumped passwords as they flowed through HIS tor exit node. Tor obfuscates the origin, it does not encrypt the traffic for you. The summary is very, very wrong.
"It doesn't cost enough, and it makes too much sense."
"I love my job, but I hate talking to people like you" (Freddie Mercury)
HACK THE PLANET!!!
Yes, I still love that movie.
Yes, I know it was horrible.
breaking into shit that you don't own isn't a hacker. he might be a hacker, but breaking the law isn't a "hacker" activity.
Just like killing someone with a meat clever doesn't represent the chef'ing kind of activity.
I think both. There are already too many like you at the police. Bah.
[knock at the door]
Police: Open this door! Thou art a felon wanted for many counts of villainy against the citizenry of this fair nation!
Dan: How now!? Am I to be jailed? What can I do but beg for the mercy of The Crown?!?!
[Dan weeps loudly]
[Viola music plays a sad song in the background]
[Dan slumps over a b0x3n]
Dan: I am ruined. Farewell, my tools of crime, for you are sure to meet a worse fate than I in our common traitorous endeavors.
[The door breaks in, an officer enters the room and grabs Dan by the shoulder with nightstick in hand]
[Fades to black]
Oh, you mean a different kind of dramatic. Sorry, sorry.
Dedicated Cthulhu Cultist since 4523 BC.
robbIE is likely just another victim of the whoreabull corepirate nazi pr ?firm? scriptdead mindphucking mass hypenosys.
Diplomats are often dealing with people seeking asylum for humanitarian reasons. They also deal with local and international law enforcement and sometimes the military. In any one of those cases leaked information could have gotten someone killed. This guy didn't expose the logins and passwords of MySpace accounts. Then there's the consideration that he very well may have violated several privacy/confidentiality laws as well.
I don't think you realize just how serious what this guy did is.
Mac OS X and Windows XP working side by side to fight back the night.
People are always looking to the government to protect them. Who protects you from the government? My biggest fear in my home isn't some criminal breaking in, it's a stupid government raid that possibly gets me or one of my family members killed, or all the programs I've written in my entire life being confiscated. Perhaps some would say I shouldn't be afraid because I'm not hacking or doing anything (that I know of) that's illegal, but I am a programmer, so nevertheless it hangs over my head. I hate those who favor strong and intrusive government and want to "send a message"; it is you who should die, all of you! I won't miss you.
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."o7
All of the information he gathered was virtually publicly accessible already though! Anyone who DID have malicious intent and the knowhow had the information already.
These kind of Hacks should still be committed to show security flaws or simply when people implement things incorrectly which leads to a flaw in the security. The thing is when the evidence is collected that a security hole exists the Black Hat should anonymously submit that evidence to thousands of websites simultaneously. And they should use Tor. Ya it doesn't prevent traffic from being intercepted but they still can't figure out where it came from. That way the government doesn't have anywhere to direct their misguided raids. In addition the security hole will hopefully be fixed.
He has a definite link to the Islamic fundamentalist groups operating in Iran who were responsible for various US embassy bombings. We need to defend our way of life and of our childrens with all the peoples of the world. Some of the accounts have information containing Weapons of Mass Destruction which Iran as been acquiring which will lead to a third world war. The Swedish security service is our ally towards counter terrorism and we hope they will join the alliance for our War on Terror.
When will people ever learn that IF/When you do a legit hack, you DO NOT talk about it! If you do it for a company (ASK FIRST) (So you dont get sued) and NEVER do government and or police systems.. unless your using tor. errmm nvm xD
g0t b33r?
The concept that the police should restrict itself in its use of force to what is absolutely necessary and in its prying to what is relevant to the case is a very important foundation of the justice state.
The police are not there to punish people. Indeed that is the job of the courts etc. and everything on top of that is therefore totally unjustified. People like Grandparent don't actually care about justice; they just enjoy seeing other people getting a beatdown. Because they assume that naturally it will never be they who get it.
Funniest post I've seen on Slashdot this year! Truly excellent. Well done!
So they are easier.
As long as they are "blue collar" white collar workers, they have no money for solicitors, no connections to make trouble and aren't causing what people would expect to be criminal acts so aren't hiding their malfeasance.
Blue collar crims will shoot you and have money to get out of it. Rich people will sue you and get out of it. The connected will screw your life over and get out of it. So the Joe Hacker is an easy collar. In much the same way as bad parking drivers and people caught in speed traps.
Diplomats are often dealing with people seeking asylum for humanitarian reasons. They also deal with local and international law enforcement and sometimes the military. In any one of those cases leaked information could have gotten someone killed.
Newsflash for ya, If that was the case then these people are already dead. Do you think this guy was the only one who thought of sniffing TOR traffic? Organizations/Governments/Terrorists(have to throw in the terrorist buzz word) are more than likely sniffing their own TOR exit node long before this guy made headlines.
Which probably made him the most wanted man on (the/this) Earth. Wanted not just by Interpol, or a few DOZEN countries, but maybe a few HUNDRED countries. He should have put asterisks back in the passwords and fuzzed the names. Shouldn't have exposed the email, nor the user contacts in those e-mails.
However, once the various governments were apprised, they ALL had a DUTY, and a moral obligation to close the holes. Make the users change names and passwords. Lock them out until they reported to the cognizant embassy or "outpost" and recertified credentials to prevent or minimize the risk of unauthorized breach by opportunists or the insertion of unaccounted for persons by the more unscrupulous of nations trying to insert agents, assassins and provocateurs into the network.
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Semantics for some, a way of life for others!
Leaving your key in the door doesn't make it right for the next person who finds them to just walk into your house. Was it dumb to leave the keys in the door? Undoubtedly. Was it wrong for the intruder to enter unlawfully anyway? Yes. The problem here is that the guy "opened the door" looked around and listened and then went and told people about how the door was unlocked and they could just open it and listen in. Sounds like the problem here isn't that he shouldn't have done it, but more that he shouldn't have opened his mouth about it. PS - Hacking MySpace should be no less of a crime than hacking the embassy. If its ok to exploit MySpace by not the government then we have created a huge double standard and rift in the justice system. Typically, I'd say that knowing how to do something doesn't mean that you should do it, but then again the Hacker's Manifesto does state that it should be hacked simply because its there.
What idiot modded that remark insightful? It completely ignores the fact that he did try, try, try to get them to react without publishing the information and that he only went ahead with it because nothing was being done.
Saying anything to cops without a lawyer at your side is generally stupid, even when you honestly believe you have not done anything wrong. It is not smart thing to "cooperate." I am a US lawyer, and I am basing this comment on US rights/laws; I don't know the laws in Sweden but I suspect the concepts are similar. In the (US) criminal system you can almost never to forced to answer any interrogation questions, other than your identity. Virtually every lawyer would advise not to volunteer answers that may later be used against you. This advise is true whether you are under arrest (not free to walk away) or not. The only real (non-Gitmo) exceptions to this 'don't ever talk rule' are testimony on the stand in court and before grand juries. Very few people seem to fully understand this right to shut up. The only conversation with cops should be: "I have nothing to say to you [without a lawyer present]." The original post is correct in saying you should never intentionally piss of the cops, except to say you will not talk to them. In the US, this 'non-cooperation' can not be used against you, but anything else you say can be twisted out of context. In the US many, including so called suspected terrorists as well as Scooter Libby, have been convicted of lying to cops (a crime) when they voluntarily answer questions. Even in the (non-Gitmo) military context, people are only required to give name, rank and serial number. Things get crazy in the so called war against terror where different rules apply to non-criminal and non-military cases under George W's watch. At least as of today waterboarding for alleged hackers for info is not routine yet. Unfortunately, in the US the Patriot Act might allow authorities to secretly break in, copy his hard drives, and install a key logger. If this were the US, and it was not, Edgarstad's lawyer could force the government to go forward with a speedy trial before a jury, typically within 30 days, or dismiss the charges. If the government case requires computer forensics and "talking to other countries" then they are unlikely to be able to move fast enough. If the government is really just trying to improve computer security (yea, right) then Edgarstad could be offered complete immunity for his voluntary cooperation, but again this should only be done through a lawyer.
This guy is a very good security consultant that has been around for a while. This is not the first leak he has discovered and tried to warn people, Dan discovered that his home DSL was going slow and started sniffing out the traffic from his ISP. He quickly discovered that the ISP sent him traffic from about 4000 other customers on 16 different subnets! He could see everything on the network. This very time he had setup a tor link and started sniffing out the traffic, just as NSA does in the US on their large tor links. What he found was countless passwords and other sensitive stuff floating around. He found large amounts of usernames and password floating by all the time. No doubt this was from a hacker/foreign security intelligence that used tor for anynomity. The fact that most passwords was from governments like Iran, Russia and other countries not in the US "group" suggests this was US spying in progress. The fact that Swedish "Säpo" (intelligence is not the right word for theese people) was pressured into action against something thats not a crime at all in sweden also makes one wonders what is going on. It seems people are dissatisfied that this leak was made public. I doubt the people being hacked was miffed at Dan for showing them that someone was spying on them. Now that they know and secure their communications, maybe with stringent encryption and backdoor free open source, i do now one country that will be angry.
HTTP/1.1 400
The North Korea of Europe. Truly a grim and oppressive country. So glad I don't live there.
How about you dont let your government/agencies use crypt technologies that arent run by themselves. How silly, Im going to trust an encryption method which entails me using random user machines, when my data leaves the node unencrypted. Seriously the accusers should be jailed for being idiots.
It is politically correct to not cause a problem, ignorance is bliss.
... is it due to bliss or problems?
It is criminal/troublesome to report problems, but ignorance is bliss and politically correct.
No faults/problems found/reported in a politically correct blissful world means there is not a problem.
A world without problems is proof of safety/security and politically marketable to public bliss.
When a bridge collapses, a city gets drowned, large buildings collapse
Send all problem reporters to jail, then we know that bliss is the cause of all catastrophes, because there ain't no GDMF problems.
Surprise catastrophes (due to bliss) are forgivable, spin-truth political capital for USAll.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
We've got some crackers here in Louisiana, but they don't know much 'bout them computers.
The road to Hell is paved with good intentions.
Seriously though, there's nothing exceptional about a criminal. Like it or not, you break the law, that makes you a criminal. There are well known methods of dealing with criminals, which this guy knew and brought on himself.
Exceptional would have been making his point without breaking the law. This is run of the mill law breaking trying to disguise itself as "security consulting".
I'm not a lawyer but as I read the Patriot Act, it seems to me had he done this in the us and had it been deemed an "act of terrorism" he could be subject to the death penalty.
Good grief, man! If b0x3n is now singular, what's the plural? B0x3nZ? B0x3s3n? Or is it now ueberGermanic and something like b03x3n3n? :)
Is this some sort of a bad joke?
These are the email accounts that were posted on 4chan? By the way, why do embassies use Tor?
You are arguing semantics here boss. No one in the main stream cares to make the distinction and that is where the branding of the term will ultimately come from. You can fight for proper word useage all you want, but I'd like to think there are better things to worry about than a coined term that means little to nothing.
Diplomats, governments, militaries kill people. Perhaps what he exposed SAVED a few people from, oh, I dunno, idiot governments in Darfur, or Burma, or North Korea, or...the USA.
I don't think you realize how governments work...
One can only hope Mr Egerstad was arrested because of his activities as a suspected spammer and con artist rather than the silly suggestion that this dork has done any work what so ever in the field of computer security.
See for instance http://gratislotten.se/, one of his many sites.
Interesting I have to read about this in an Australian paper instead of all the swedish papers I read each morning. I havent seen a word about this here so either its been silenced or its just a duck.