Police swoop on 'Hacker of the Year'

AcidAUS writes "The Swedish hacker, Dan Egerstad, who perpetrated the so-called hack of the year, has been arrested in a dramatic raid on his apartment, during which he was taken in for questioning and several of his computers confiscated. Egerstad broke into the global communications network used by embassies around the world in August and gained access to 1000 sensitive email accounts."

"Broke in?"

[Evangelion]

I thought he just listened in on Tor traffic.

It was just tor eavesdropping!

[sanermind]

All he did was run a tor exit node, and observe the outgoing traffic, a known possibility when using tor. Not only is there the disclaimer "This is experimental software. Do not rely on it for strong anonymity" evertime you run tor, but this vector of potential attack is so bloody obvious that anyone not aware of would be a bloody idiot not to use additional encryption for accessing sensitive information on the other end, and rely on tor only for obfuscation of the fact that the route originates from them.

Re:Well, that's what you get

[luvirini]

That is the point authohorities all over the world seem to be making... Do not report Security flaws.

If you notice a security flaw and are quiet about it nothing happens.

If you notice a securoty flaw and report it you get charged for hacking.

Guess what happens in future...

I don't know why is he surprised

[someone1234]

He fucked the police states, so the police bit back.
He is lucky not to be in russia or china or cold war US so he got no bullet in his head.

Re:Well, that's what you get

[Praedon]

I completely agree... some of the best hacks in the world happened without anyone ever even knowing except the person who did it... He just had the balls to take credit for it... I don't know if in Sweden they brand hackers terrorists or not, like in the U.S., but if they do, he could be in a lot of trouble.

I have a prediction about this guy... what's going to happen in about 5-10 years, is he will end up writing articles like other hacker sellouts that we know.

Re:Good.

[spleen_blender]

And my faith in humanity drops to yet another record low.

I'm getting sick of a society that has ZERO room for exceptions. Make exceptions for the exceptional... that is why they are exceptional.

Although listening to TOR traffic is hardly exceptional, but the point he proved without malicious intent was.

Re:Good.

[Nos.]

"Egerstad published 100 of the email accounts, including login details and passwords, on his website for anyone curious enough to have a look"
Publishing login credentials of 100 accounts isn't what I'd call without malicious intent. Okay, he was trying to force them to react, but there are better ways of doing it.

What a moron!

[Pedrito]

Look, I don't know if the guy actually broke any laws. It sounds like he might have, but maybe not. On the other hand, intentionally trying to fuck with the police after they arrested him is plain stupid. It doesn't buy you anything except bad will. It's not like the people interrogating him are the ones that made the decision to arrest him. You get pulled in by the police, if you're really not guilty, the only smart thing to do is cooperate. Creating that kind of bad will and then complaining that you might not get your computer equipment back for years, well what do you expect? Shit on people and expect them to shit on you back.

Re:It was just tor eavesdropping!

[Anonymous Coward]

"It was just for eavesdropping!" I will remind you of that when you catch me outside you bedroom listening to you banging your wife.

"Broke into"

[dr_d_19]

Dan didn't break into anything. He simply set up a Tor node and watches the traffic passing. Most likely the passwords he sniffed out were not used by Embassy officials but by criminal elements who were using Tor to avoid being caught when using stolen credentials.

Also, he notified the involved embassies weeks before publishing the material.

I not saying it was a stupid move (I think it was) but the summary makes him look like a criminal which he is most certainly not. The Swedish police does not understand IT and obviously does whatever foreign countries tell them to do since our political leaders lacks spines.

Re:Well, that's what you get

[olddotter]

So your saying his government is made up of morons?

Re:Good.

[spleen_blender]

Agreed, but these kind of cases should not ever be treated in the same way terrorism suspects are, or any other significant crime. It is ridiculous when I think back on the things I could be arrested for in the eyes of these people and the kind of suffering I would endure, and then compare that to the suffering I have forced on others. It is obscene to treat them like common criminals, because they are obviously not common.

Re:Well, that's what you get

[Opportunist]

No, but of people with a one track mind. He who knows how to break the law breaks the law, since if he didn't mean to break the law, he wouldn't know how to do it. He who finds a security hole must have been looking for a security hole, and the only reason to look for a security hole is to use it.

Another train of thought follows the logic that what is forbidden does not exist. And if it exists, simply crack down with utmost force on it, and it ceases to exist.

The core fallacy about it is that this doesn't mean crimes don't happen, it just means you won't hear about them. Which is, for the statistic, identical. It's a bit like closing your eyes and pretending that since you can't see the problem it doesn't exist.

Re:Well, that's what you get

[Billosaur]

No more than anybody else's... listen, the guy just exposed a major security flaw that has an impact on diplomatic communications all over the world. On the one hand, the guy's doing a job no one else thought to do, and to let governments know that their secrets are easily tapped. Governments should be funding his work, to see if he can come up with a solution to the problem. But being governments, they're a bit paranoid (even the Swedes) and heavy-handed. This guys knows about a security vulnerability -- what else does he know? So they drag him in and give him the "treatment".

Re:"Broke in?"

[hsdpa]

He did, and that's what's so stupid about this police-raid.

Re:Good.

[Opportunist]

A law is not to be observed blindly. A law is to be questioned to test it against real life requirements. If people would not question laws, people would still be enslaved because of the color of their skin and the US would still be a colony of Britain.

Re:Just what is he?

[bcattwoo]

Emphasis mine. So what is he? If he's a hacker, the raid is just desserts. If he's a security consultant, and he's exposed this flaw, he's being persecuted. Frankly, I don't know what he really is, but it seems like the press is schizophrenic on this issue. It just goes to show that when it comes to technology, the mainstream press is a bit low on clarity and high on sensationalism.

If a locksmith breaks into your home by picking your locks, he is still a burglar.

Re:It was just tor eavesdropping!

[KokorHekkus]

All he did was run a tor exit node, and observe the outgoing traffic...

And that could very likely be construed as eavesdropping on electronic communications. The Swedish penal code, 4th chapter, 8th paragraph, says:

8 Den som olovligen bereder sig tillgång till ett meddelande, som ett post- eller telebefordringsföretag förmedlar som postförsändelse eller telemeddelande, döms för brytande av post- eller telehemlighet till böter eller fängelse i högst två år.

Which translates to approximatly:

The person who gains access to a message, that a postal or telecommunications company transmits, as a postal or telecommuncations message, is to be sentened for exposure of postal or telecommuncations secret to fines or a maximum of two years prison.

Swedish laws are a bit laconic so that's the full text. I'm not really surprised that the police decide to start an investigation since what he did could be legal - it's not a clear cut case. Obviously the message were not ment for him and he didn't come by them by accident. Word to the wise: better read up on the laws where are if you're going to pull something like this. If it's in the gray area be prepared to investigated.

Your good natured intent is clouding your thinking

[NDPTAL85]

Diplomats are often dealing with people seeking asylum for humanitarian reasons. They also deal with local and international law enforcement and sometimes the military. In any one of those cases leaked information could have gotten someone killed. This guy didn't expose the logins and passwords of MySpace accounts. Then there's the consideration that he very well may have violated several privacy/confidentiality laws as well.

I don't think you realize just how serious what this guy did is.

Re:It was just tor eavesdropping!

[KokorHekkus]

As I said this is a gray area. Maybe he could argue that but on the other hand I'd be surprised if telcoms are allowed to snoop as they wish in Sweden but they certainly can't go around repeating my communcations at will. So the bigger problem could be that he not only did snoop but he also disseminated it publicly. Without being a legal scholar I'd say it's fairly obvious that the intent with the law was to preserve the privacy of the commmuncating parties messages.

Maybe it would be better to argue that the senders of the messages should not have expected privacy because of the system as it was. But I think he should get a good lawyer anyhow.

Re:Well, that's what you get

[MikeDirnt69]

He who finds a security hole must have been looking for a security hole, and the only reason to look for a security hole is to use it.

Yes, he was searching for it. But your assumption that he intent to use it is not correct. Hackers are not always made by "pure evil", they can do good stuff if they want to. It's fun to find breaches and it makes you fell good when you report it and is recognized.

I'm not saying that the guy is innocent, just telling the possibilities.

Re:Just what is he?

[Anonymous Coward]

You have two neighbours on either side of you who communicate using bullhorns, so that everyone can hear them. You usually wear mufflers, but you decide to take them off, and now you can hear them too. In fact, many people wear mufflers, not hearing what is going on, but a few, (and more and more) decide to take off their mufflers and hear what is going on.

If you want secure communications, then you shouldn't be using bullhorns. It is not the fault of the people wearing mufflers that they can hear you when they decide to take off their mufflers to listen to say, music, but hear you as well.