Slashdot Mirror
Police swoop on 'Hacker of the Year'
AcidAUS writes "The Swedish hacker, Dan Egerstad, who perpetrated the so-called hack of the year, has been arrested in a dramatic raid on his apartment, during which he was taken in for questioning and several of his computers confiscated. Egerstad broke into the global communications network used by embassies around the world in August and gained access to 1000 sensitive email accounts."
I thought he just listened in on Tor traffic.
90% of what makes a really good hack hard is STFU'ing about it.
Care about electronic freedom? Consider donating to the EFF!
All he did was run a tor exit node, and observe the outgoing traffic, a known possibility when using tor. Not only is there the disclaimer "This is experimental software. Do not rely on it for strong anonymity" evertime you run tor, but this vector of potential attack is so bloody obvious that anyone not aware of would be a bloody idiot not to use additional encryption for accessing sensitive information on the other end, and rely on tor only for obfuscation of the fact that the route originates from them.
---
the pen is mightier than the sword, the sword is mightier than the court, the court is mightier than the pen.
He fucked the police states, so the police bit back.
He is lucky not to be in russia or china or cold war US so he got no bullet in his head.
Patents Drive Free Software as Hurricanes Drive Construction Industry
And my faith in humanity drops to yet another record low.
I'm getting sick of a society that has ZERO room for exceptions. Make exceptions for the exceptional... that is why they are exceptional.
Although listening to TOR traffic is hardly exceptional, but the point he proved without malicious intent was.
broke into the global communications network used by embassies around the world in August and gained access to 1000 sensitive email accounts
He acquired access credentials to 1000 email accounts used by embassies. He did so by becoming an exit node of the TOR anonymizing network and reading the unencrypted exit traffic. That may have been in violation of the law, but does not constitute "breaking into the global communications network used by embassies".
"Egerstad published 100 of the email accounts, including login details and passwords, on his website for anyone curious enough to have a look"
Publishing login credentials of 100 accounts isn't what I'd call without malicious intent. Okay, he was trying to force them to react, but there are better ways of doing it.
Look, I don't know if the guy actually broke any laws. It sounds like he might have, but maybe not. On the other hand, intentionally trying to fuck with the police after they arrested him is plain stupid. It doesn't buy you anything except bad will. It's not like the people interrogating him are the ones that made the decision to arrest him. You get pulled in by the police, if you're really not guilty, the only smart thing to do is cooperate. Creating that kind of bad will and then complaining that you might not get your computer equipment back for years, well what do you expect? Shit on people and expect them to shit on you back.
Crackers break the copyright protection on computer software. Hackers use their skills to find weaknesses in the security of software, hardware, and networks. Those that exploit them for malicious purposes are black hat hackers and those that report them to the proper people so the vulnerabilities can be fixed are white hat hackers. Script kiddies are ones that take programs written by bad hackers and just run them without actually comprehending what they're doing other than the fact that they've owned another box.
Those have been the definitions for at least the past 20 years now and the only people who would argue that are old fat hippie open source programmers who think they are hackers when in fact they are just geeks.
Dan didn't break into anything. He simply set up a Tor node and watches the traffic passing. Most likely the passwords he sniffed out were not used by Embassy officials but by criminal elements who were using Tor to avoid being caught when using stolen credentials.
Also, he notified the involved embassies weeks before publishing the material.
I not saying it was a stupid move (I think it was) but the summary makes him look like a criminal which he is most certainly not. The Swedish police does not understand IT and obviously does whatever foreign countries tell them to do since our political leaders lacks spines.
From the article, paragraph 1:
The Swedish hacker who perpetrated the so-called hack of the year...From the article, paragraph 2:
Dan Egerstad, a security consultant, intercepted data carried over a global communications network...Emphasis mine. So what is he? If he's a hacker, the raid is just desserts. If he's a security consultant, and he's exposed this flaw, he's being persecuted. Frankly, I don't know what he really is, but it seems like the press is schizophrenic on this issue. It just goes to show that when it comes to technology, the mainstream press is a bit low on clarity and high on sensationalism.
GetOuttaMySpace - The Anti-Social Network
Agreed, but these kind of cases should not ever be treated in the same way terrorism suspects are, or any other significant crime. It is ridiculous when I think back on the things I could be arrested for in the eyes of these people and the kind of suffering I would endure, and then compare that to the suffering I have forced on others. It is obscene to treat them like common criminals, because they are obviously not common.
A law is not to be observed blindly. A law is to be questioned to test it against real life requirements. If people would not question laws, people would still be enslaved because of the color of their skin and the US would still be a colony of Britain.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I live a few hundred meters from his home, and was woken up that day, not by my useless alarm clock, but by sirens from 7 or 8 police cars heading in the direction of his apartment. From the TFA it seems like the were a bit more discreet when moving in on him, so I guess this was some kind of show of force to intimidate him, and his neighbours. Wouldn't surprise me, considering how the TPB-raid was done.
[knock at the door]
Police: Open this door! Thou art a felon wanted for many counts of villainy against the citizenry of this fair nation!
Dan: How now!? Am I to be jailed? What can I do but beg for the mercy of The Crown?!?!
[Dan weeps loudly]
[Viola music plays a sad song in the background]
[Dan slumps over a b0x3n]
Dan: I am ruined. Farewell, my tools of crime, for you are sure to meet a worse fate than I in our common traitorous endeavors.
[The door breaks in, an officer enters the room and grabs Dan by the shoulder with nightstick in hand]
[Fades to black]
Oh, you mean a different kind of dramatic. Sorry, sorry.
Dedicated Cthulhu Cultist since 4523 BC.
Diplomats are often dealing with people seeking asylum for humanitarian reasons. They also deal with local and international law enforcement and sometimes the military. In any one of those cases leaked information could have gotten someone killed. This guy didn't expose the logins and passwords of MySpace accounts. Then there's the consideration that he very well may have violated several privacy/confidentiality laws as well.
I don't think you realize just how serious what this guy did is.
Mac OS X and Windows XP working side by side to fight back the night.
People are always looking to the government to protect them. Who protects you from the government? My biggest fear in my home isn't some criminal breaking in, it's a stupid government raid that possibly gets me or one of my family members killed, or all the programs I've written in my entire life being confiscated. Perhaps some would say I shouldn't be afraid because I'm not hacking or doing anything (that I know of) that's illegal, but I am a programmer, so nevertheless it hangs over my head. I hate those who favor strong and intrusive government and want to "send a message"; it is you who should die, all of you! I won't miss you.
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."o7
I won't delineate all the reasons why what you said is a stupid troll.
But here's a few gems for you.
1) He became a tor node.
2) All the data he examined was on his own computers.
3) Everything on the computers belonged to him.
4) As a responsible tor node person, he examined the contents of it.
5) Refer to number 3. Also in the US, he could be found responsible for
people using his tor node to traffic in say copyrighted works or child
abuse. So he would really pretty much HAVE to inspect the contrents of
his traffic to make sure that no illegal activity was taking place.
6) What law is it you think he broke?
Saying anything to cops without a lawyer at your side is generally stupid, even when you honestly believe you have not done anything wrong. It is not smart thing to "cooperate." I am a US lawyer, and I am basing this comment on US rights/laws; I don't know the laws in Sweden but I suspect the concepts are similar. In the (US) criminal system you can almost never to forced to answer any interrogation questions, other than your identity. Virtually every lawyer would advise not to volunteer answers that may later be used against you. This advise is true whether you are under arrest (not free to walk away) or not. The only real (non-Gitmo) exceptions to this 'don't ever talk rule' are testimony on the stand in court and before grand juries. Very few people seem to fully understand this right to shut up. The only conversation with cops should be: "I have nothing to say to you [without a lawyer present]." The original post is correct in saying you should never intentionally piss of the cops, except to say you will not talk to them. In the US, this 'non-cooperation' can not be used against you, but anything else you say can be twisted out of context. In the US many, including so called suspected terrorists as well as Scooter Libby, have been convicted of lying to cops (a crime) when they voluntarily answer questions. Even in the (non-Gitmo) military context, people are only required to give name, rank and serial number. Things get crazy in the so called war against terror where different rules apply to non-criminal and non-military cases under George W's watch. At least as of today waterboarding for alleged hackers for info is not routine yet. Unfortunately, in the US the Patriot Act might allow authorities to secretly break in, copy his hard drives, and install a key logger. If this were the US, and it was not, Edgarstad's lawyer could force the government to go forward with a speedy trial before a jury, typically within 30 days, or dismiss the charges. If the government case requires computer forensics and "talking to other countries" then they are unlikely to be able to move fast enough. If the government is really just trying to improve computer security (yea, right) then Edgarstad could be offered complete immunity for his voluntary cooperation, but again this should only be done through a lawyer.
This guy is a very good security consultant that has been around for a while. This is not the first leak he has discovered and tried to warn people, Dan discovered that his home DSL was going slow and started sniffing out the traffic from his ISP. He quickly discovered that the ISP sent him traffic from about 4000 other customers on 16 different subnets! He could see everything on the network. This very time he had setup a tor link and started sniffing out the traffic, just as NSA does in the US on their large tor links. What he found was countless passwords and other sensitive stuff floating around. He found large amounts of usernames and password floating by all the time. No doubt this was from a hacker/foreign security intelligence that used tor for anynomity. The fact that most passwords was from governments like Iran, Russia and other countries not in the US "group" suggests this was US spying in progress. The fact that Swedish "Säpo" (intelligence is not the right word for theese people) was pressured into action against something thats not a crime at all in sweden also makes one wonders what is going on. It seems people are dissatisfied that this leak was made public. I doubt the people being hacked was miffed at Dan for showing them that someone was spying on them. Now that they know and secure their communications, maybe with stringent encryption and backdoor free open source, i do now one country that will be angry.
HTTP/1.1 400