Back at the beginning of September I picked up on a story about Dan Egerstad who had managed to capture the email logins for numerous foreign embassies from a Tor network. On Monday morning he was cuffed by four humourless Swedish agents and taken in for questioning.
From The Register UK:
Dan Egerstad used Tor to obtain the login credentials of about 1,000 email addresses, including at least 100 accounts belonging to foreign embassies, as well as those of large corporations and human rights organisations. Egerstad posted the login details of embassies belonging to Iran, India, Japan, and Russia, among others, in late August. The information, posted on derangedsecurity.com, has since been taken offline. Egerstad disclosed details of how he pulled off the hack in September.
Tor provides a distributed, anonymous network when used properly. Egerstad discovered that by setting up exit nodes he could sniff traffic that wasn’t properly encrypted, contrary to Tor’s recommendations.
It seems more likely that Egerstad had stumbled on a means by which unknown intelligence agencies were disguising their surveillance activities on hacked accounts rather than widespread misuse of Tor in diplomatic circles.
[tags]Tor Hacker, Swedish National Police, Swedish Security Police, Embassy Emails[/tags]