Police swoop on 'Hacker of the Year'

AcidAUS writes "The Swedish hacker, Dan Egerstad, who perpetrated the so-called hack of the year, has been arrested in a dramatic raid on his apartment, during which he was taken in for questioning and several of his computers confiscated. Egerstad broke into the global communications network used by embassies around the world in August and gained access to 1000 sensitive email accounts."

"Broke in?"

[Evangelion]

I thought he just listened in on Tor traffic.

Re:"Broke in?"

[hsdpa]

He did, and that's what's so stupid about this police-raid.

Re:

[Torvaun]

I hear Swedish prisons are very nice too.

Frank Abegnale said they were better than either French or American prisons. Sweden apparently cares about rehabilitating its prisoners, instead of just punishing them.

Re:"Broke in?"

[TigerTime]

There's a guy down the street from where I work that had a bullhorn talking about the end of the world. I completely hacked into his message this morning.

Well, that's what you get

[Lally Singh]

90% of what makes a really good hack hard is STFU'ing about it.

Re:Well, that's what you get

[luvirini]

That is the point authohorities all over the world seem to be making... Do not report Security flaws.

If you notice a security flaw and are quiet about it nothing happens.

If you notice a securoty flaw and report it you get charged for hacking.

Guess what happens in future...

Re:Well, that's what you get

[Praedon]

There was an article a while back on slashdot, that mentioned about this guy who found a way to duplicate boarding passes for an airline... before he published the information to the internet, he contacted his congressman, which did nothing about it.. but then published how to do it, and the template to the internet. He was then considered a "terrorist" and I have heard nothing more about him.

Re:

[olddotter]

So your saying his government is made up of morons?

Re:Well, that's what you get

[Opportunist]

No, but of people with a one track mind. He who knows how to break the law breaks the law, since if he didn't mean to break the law, he wouldn't know how to do it. He who finds a security hole must have been looking for a security hole, and the only reason to look for a security hole is to use it.

Another train of thought follows the logic that what is forbidden does not exist. And if it exists, simply crack down with utmost force on it, and it ceases to exist.

The core fallacy about it is that this doesn't mean crimes don't happen, it just means you won't hear about them. Which is, for the statistic, identical. It's a bit like closing your eyes and pretending that since you can't see the problem it doesn't exist.

Re:

[Jarjarthejedi]

*Sticks fingers in ears and closes eyes*

LALALALALA I can't hear you!

Re:

[Opportunist]

That's pretty much it, with the twist that this also sticks fingers into your voters' ears, which is more important for a politician. Voters don't hear about it, so they deem it a non-issue, so you don't have to address it.

Re:

[oliverthered]

that's why police can quite easily get away with beating people at free parties, because free parties don't exist, they don't even make the news.

Re:

[olddotter]

I call that the ostrich syndrome. Although even ostriches are not really that stupid.

Re:

[MikeDirnt69]

He who finds a security hole must have been looking for a security hole, and the only reason to look for a security hole is to use it.

Yes, he was searching for it. But your assumption that he intent to use it is not correct. Hackers are not always made by "pure evil", they can do good stuff if they want to. It's fun to find breaches and it makes you fell good when you report it and is recognized.

I'm not saying that the guy is innocent, just telling the possibilities.

Re:

[Opportunist]

I presented you the train of thought of a politician. If I was thinking that, it would be time to turn myself in for drug manufacturing and bomb building. I have done neither, but I know how to do it.

Re:

[unlametheweak]

Another train of thought follows the logic that what is forbidden does not exist. And if it exists, simply crack down with utmost force on it, and it ceases to exist.

The first mistake was arresting him.
The second mistake was letting him free http://en.wikipedia.org/wiki/Streisand_effect [wikipedia.org].
Just like CIA secret prisons; if you let people out of them, then they won't be secret for too long. Like in this case: http://en.wikipedia.org/wiki/Khalid_El-Masri [wikipedia.org].

If in fact nothing arises from this then the government(s) will just end up looking more stupid than it / they already were for ignoring his warnings in the first place.

The sad thing is that eavesdropping on Tor exit nodes i

Re:

[idontgno]

The tendency to blame the messenger is ancient. Just ask Cassandra. [wikipedia.org]

Re:Well, that's what you get

[Billosaur]

No more than anybody else's... listen, the guy just exposed a major security flaw that has an impact on diplomatic communications all over the world. On the one hand, the guy's doing a job no one else thought to do, and to let governments know that their secrets are easily tapped. Governments should be funding his work, to see if he can come up with a solution to the problem. But being governments, they're a bit paranoid (even the Swedes) and heavy-handed. This guys knows about a security vulnerability -- what else does he know? So they drag him in and give him the "treatment".

Re:

[somersault]

Not the "treatment"?!!!? :o Hopefully thats a sauna, then a government security job offer with a company Volvo?

Re:Well, that's what you get

[boyfaceddog]

You can't really blame the governments for their response. Most agencies are only authorized to punish citizens, not ask them for help.

Remember the Air Force Axiom; when the only tool you have is a multi-warhead thermo-nuclear ICBM, all your problems look like the Soviets invading West Germany.

Re:

[hiryuu]

Remember the Air Force Axiom; when the only tool you have is a multi-warhead thermo-nuclear ICBM, all your problems look like the Soviets invading West Germany.

I love that - is it an original paraphrasing, or something you'd heard somewhere? I'd like to make sure I attribute it properly should I happen to use it. :)

Re:

[hiryuu]

There is also one that goes something like: if you have a hammer, every problem looks like a nail.


I'm aware of the original quote:

"When the only tool you have is a hammer, everything looks like a nail" (Abraham Maslow, though a similar quote is attributed to Bernard Baruch)

...and just found the re-phrasing funny, hence my curiosity as to its origins. :)

Re:

[davidsyes]

So, all these diplomats sharing a "party line" of sorts... hmmm, makes me think they all (or many of them) get together to plan the next famine, war, coalition, etc. I mean, why do diplomats get immunity from a lot of potential types of prosecution for which you and I could be locked up forever? They can enter countries and not be fingerprinted, transport dubious items under diplomatic seal, employ couriers to do the more dangerous conveyance work, and you and I can't f*scking take a non-full 4oz or 3oz bot

Re:

[somersault]

You're probably giving them wayyyy too much credit ;)

Re:

[geminidomino]

Worse...

Morons with big guns.

Re:Well, that's what you get

[bytesex]

A bit too paranoid. He was told to shut up about it, but nothing happened to him. It was a journalist who'd found out that if you made two boarding passes at home, one in his own name (not conspicuous) and one in the name of Osama Bin Laden, and you switched bottom barcodes on them, you could get Osama on the plane. Or something. Apparently, the two barcodes are read at different stations, and only the first one checks for identity (but not the no fly list), and the second one checks for the no fly list (but not the identity). Or something.

Re:

[camperdave]

That's because he printed himself up a boarding pass to a non extradition country before publishing to the net.

Re:Well, that's what you get

[Opportunist]

And what did we learn today? Don't report a security hole, sell it to Russia.

Re:

[ozbird]

Do not exploit security flaws. There, fixed it for you.

Re:

[davidsyes]

We learn not to drop articles OR particles... hehehhe or add enumeration or drop enumeration...

I don't GIVE a shit...
(I don't give shit)

I don't GIVE A rat's ass
(I don't give rats ass)

I didn't hear JACK SHIT from her
(I didn't hear ANY Jack Shit from her...)

I going to cut my nail
(What, just one? What about the other 9?, or 19?)

I cut my hairs....
(Oh, how many?)

At that party we ate chickens and fishes and rices?
(Oh, how many whole chickens? How many fish? How many grains of rice? Did you count?)

Re:

[Praedon]

I completely agree... some of the best hacks in the world happened without anyone ever even knowing except the person who did it... He just had the balls to take credit for it... I don't know if in Sweden they brand hackers terrorists or not, like in the U.S., but if they do, he could be in a lot of trouble.

I have a prediction about this guy... what's going to happen in about 5-10 years, is he will end up writing articles like other hacker sellouts that we know.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[davidsyes]

"hacking is not a way to support a family - and it will always be a hobby. As it should be, no?"

Oh, really? Tell that to Leatherface. But, I'm not sure if it was also a hobby to him... After all, the "Family Secret" ingredients in the chili won them a lot of awards in Texas. I wonder what's in K.C. Master Pieces...

Re:

[dave562]

Growing up is selling out, duh! Hackers being accused of selling out is like bands being accused of selling out. For every one hacker/band out there that makes it, there are thousands of others that wish they had the talent/skill/luck to do the same thing. The REAL sell outs go and work for the NSA and various other agencies and companies that you never hear about. The sloppy ones get caught and make some money off of their brief notoriety.

Re:

[NDPTAL85]

So wanting to eat and pay bills is selling out?

Is the only way to "keep it real" is to starve out on the streets because you're homeless?

Re:

[techpawn]

First rule of true hacking... You don't talk about Hacking! Second rule of Hacking... YOU DON'T TALK ABOUT HACKING!

That's why people just assume Crackers are Hackers... Crackers talk, Hackers know better...

It was just tor eavesdropping!

[sanermind]

All he did was run a tor exit node, and observe the outgoing traffic, a known possibility when using tor. Not only is there the disclaimer "This is experimental software. Do not rely on it for strong anonymity" evertime you run tor, but this vector of potential attack is so bloody obvious that anyone not aware of would be a bloody idiot not to use additional encryption for accessing sensitive information on the other end, and rely on tor only for obfuscation of the fact that the route originates from them.

MOD PARENT UP

[MadMidnightBomber]

The guy did not 'break into' anything - he dumped passwords as they flowed through HIS tor exit node. Tor obfuscates the origin, it does not encrypt the traffic for you. The summary is very, very wrong.

Re:It was just tor eavesdropping!

[KokorHekkus]

All he did was run a tor exit node, and observe the outgoing traffic...

And that could very likely be construed as eavesdropping on electronic communications. The Swedish penal code, 4th chapter, 8th paragraph, says:

8 Den som olovligen bereder sig tillgång till ett meddelande, som ett post- eller telebefordringsföretag förmedlar som postförsändelse eller telemeddelande, döms för brytande av post- eller telehemlighet till böter eller fängelse i högst två år.

Which translates to approximatly:

The person who gains access to a message, that a postal or telecommunications company transmits, as a postal or telecommuncations message, is to be sentened for exposure of postal or telecommuncations secret to fines or a maximum of two years prison.

Swedish laws are a bit laconic so that's the full text. I'm not really surprised that the police decide to start an investigation since what he did could be legal - it's not a clear cut case. Obviously the message were not ment for him and he didn't come by them by accident. Word to the wise: better read up on the laws where are if you're going to pull something like this. If it's in the gray area be prepared to investigated.

Re:

[delinear]

One question though - I don't know a great deal about the Tor technology, but if he was running an exit node (i.e. he was the end point for the communication), then isn't he himself effectively acting as the telecommunications company? If people didn't provide exit nodes Tor wouldn't work, so in this case he was an essential part of the connection to the internet.

As far as I know, telecoms are allowed to pry into their traffic as it's considered public domain and people are advised to encrypt anything they

Re:

[KokorHekkus]

As I said this is a gray area. Maybe he could argue that but on the other hand I'd be surprised if telcoms are allowed to snoop as they wish in Sweden but they certainly can't go around repeating my communcations at will. So the bigger problem could be that he not only did snoop but he also disseminated it publicly. Without being a legal scholar I'd say it's fairly obvious that the intent with the law was to preserve the privacy of the commmuncating parties messages.

Maybe it would be better to argue that

Re:

[Lord Ender]

If your ISP started reading all of your unencrypted email, would you think it's OK because "it was just eavesdropping?"

Re:

[zappepcs]

I disagree. Listening outside your bedroom requires physical presence on your property. He committed no such act. In fact, what he did was no more incriminating than you putting a packet analyzer on your Internet connection in your living room. If you happen to hear some music on a radio station that was played without royalty payments, are you guilty of copyright infringement?

Had he only claimed to have the login credentials, it might not seem so bad, but he has made his point in spectacular fashion. The r

I don't know why is he surprised

[someone1234]

He fucked the police states, so the police bit back.
He is lucky not to be in russia or china or cold war US so he got no bullet in his head.

Access credentials were sent through his node!

[JackHoffman]

broke into the global communications network used by embassies around the world in August and gained access to 1000 sensitive email accounts

He acquired access credentials to 1000 email accounts used by embassies. He did so by becoming an exit node of the TOR anonymizing network and reading the unencrypted exit traffic. That may have been in violation of the law, but does not constitute "breaking into the global communications network used by embassies".

What a moron!

[Pedrito]

Look, I don't know if the guy actually broke any laws. It sounds like he might have, but maybe not. On the other hand, intentionally trying to fuck with the police after they arrested him is plain stupid. It doesn't buy you anything except bad will. It's not like the people interrogating him are the ones that made the decision to arrest him. You get pulled in by the police, if you're really not guilty, the only smart thing to do is cooperate. Creating that kind of bad will and then complaining that you might not get your computer equipment back for years, well what do you expect? Shit on people and expect them to shit on you back.

Re:

[nfractal]

Well, its already been discussed here pretty much at length and as for taking credit and messing with the police.. i believe he's being plain stupid. Taking credit for a hack and reporting it does NOT mean publishing the entire list of access credentials online. Could have just reported and left to fend for themselves. Dramatic is it ? well he was the one looking for drama in the first place. nf

Re:

[Anonymous Coward]

You get pulled in by the police, if you're really not guilty, the only smart thing to do is cooperate.

I disagree with that. Get an independent lawyer FIRST! They could be just looking for a goat, and you were fingered. Police generally know so little about computers, and would only look at a geek as a sub-species. The more you talk, the more it can be twisted.

RIAA for example. Your PC could have been hijacked. No mater what you say you will be viewed as guilty unless you're lucky enough there is eno

Re:

[Lazy Jones]

On the other hand, intentionally trying to fuck with the police after they arrested him is plain stupid. It doesn't buy you anything except bad will. It's not like the people interrogating him are the ones that made the decision to arrest him. You get pulled in by the police, if you're really not guilty, the only smart thing to do is cooperate.

Actually, no. There must be limits to the criminal acts of the police one should feel compelled to show good will with. He may be a fool because he feels confident

Re:

[UncleTogie]

Creating that kind of bad will and then complaining that you might not get your computer equipment back for years, well what do you expect?

He might not get the PC back working at ALL.

A client of mine had to give a medical server over for discovery in an insurance case. After much "analysis" {which turned out to be a bunch of guessing} they returned the box 6 months later... minus hard drive. To this day, neither the insurance company nor "expert witness" will admit that they lost 10 years of patient info and charting.

Stories like this kill me. If we had a better-informed society, the call wouldn't be "get the hacker!"... It'd be "get the i

Re:

[aminorex]

> You get pulled in by the police, if you're really not guilty, the only smart thing to do is cooperate.

That's the dumbest fucking thing I've heard this week, and I've been watching youtube links from reddit since Tuesday.

You get pulled in by the police, it doesn't matter if you're "guilty" or not. Their job is to bust your ass, or use you as a tool to bust someone else's ass. They live to fuck people up. That's all there is to it. If you think fucking people up is smart, cooperate. I'll enjoy the s

Re:

[Tom]

You get pulled in by the police, if you're really not guilty, the only smart thing to do is cooperate.

Because we all know that crime statistics are made up of "# of truths uncovered" and "# of innocents set free quickly" and not bullshit like "# of people jailed" and "ratio of convictions".

The smart thing to do is to appear cooperative, and make sure you don't say a word you don't have to until your lawyer is there.

Re:What a moron! - bad advice

[dude-xyz]

Saying anything to cops without a lawyer at your side is generally stupid, even when you honestly believe you have not done anything wrong. It is not smart thing to "cooperate." I am a US lawyer, and I am basing this comment on US rights/laws; I don't know the laws in Sweden but I suspect the concepts are similar. In the (US) criminal system you can almost never to forced to answer any interrogation questions, other than your identity. Virtually every lawyer would advise not to volunteer answers that m

Re:

[stry_cat]

if you're really not guilty, the only smart thing to do is cooperate.

you obviously haven't watched enough Law & Order. If you're innocent and don't want to spend years in jail, you demand a lawyer immediately before talking to the police. With a good lawyer, you won't fall into any of their traps and won't be held more than a day or two. Of course if you fall for any of their traps, you'll be sent up the river before you even know what happened.

"Broke into"

[dr_d_19]

Dan didn't break into anything. He simply set up a Tor node and watches the traffic passing. Most likely the passwords he sniffed out were not used by Embassy officials but by criminal elements who were using Tor to avoid being caught when using stolen credentials.

Also, he notified the involved embassies weeks before publishing the material.

I not saying it was a stupid move (I think it was) but the summary makes him look like a criminal which he is most certainly not. The Swedish police does not understand IT and obviously does whatever foreign countries tell them to do since our political leaders lacks spines.

Just what is he?

[Billosaur]

From the article, paragraph 1:

The Swedish hacker who perpetrated the so-called hack of the year...

From the article, paragraph 2:

Dan Egerstad, a security consultant, intercepted data carried over a global communications network...

Emphasis mine. So what is he? If he's a hacker, the raid is just desserts. If he's a security consultant, and he's exposed this flaw, he's being persecuted. Frankly, I don't know what he really is, but it seems like the press is schizophrenic on this issue. It just goes to show that when it comes to technology, the mainstream press is a bit low on clarity and high on sensationalism.

Re:Just what is he?

[bcattwoo]

Emphasis mine. So what is he? If he's a hacker, the raid is just desserts. If he's a security consultant, and he's exposed this flaw, he's being persecuted. Frankly, I don't know what he really is, but it seems like the press is schizophrenic on this issue. It just goes to show that when it comes to technology, the mainstream press is a bit low on clarity and high on sensationalism.

If a locksmith breaks into your home by picking your locks, he is still a burglar.

Re:

[bcattwoo]

No, he's a burglar if he steals something.

He might pick the locks to kill you, making him happy to accept your imaginary charge of burglary if he's caught.

Thus proving the OPs point - you decided the crime before knowing what the crime was.

You're right, it would be more correct to call it breaking and entering. The point remains that just because he has a legitimate day job as a security consultant does not automatically make his actions into a "free consultation".

Re:

[bcattwoo]

The locksmith example was a poor choice. The OP however tried to make it sound like if he couldn't be a "security consultant" and yet also a "hacker".

Re:

[Billosaur]

I don't usually reply to my own stuff, but here's Wired's report on the raid and what Egerstad actually did [wired.com].

Re:

[Anonamused Cow-herd]

Neat article. This really stood out to me:

As I mentioned in August, a reporter for the Indian Express newspaper was able to access the e-mail account belonging to India's ambassador to China and obtained the transcript of a meeting between the embassador and the Chinese foreign minister.

So let's get this straight -- you're arresting the dude who sniffed information that legit clients CHOSE to send to him via Tor, and this "journalist" gets a free pass? That's about the MOST illegal thing I can possibly imagine. Plus, he's probably violating a lot MORE laws since its his own ambassador (countries tend to get pissy about stolen confidential diplomatic information). Amazing.

Re:

[Billosaur]

I am not confusing anything. In fact, the tech community in general cannot agree on a solid definition of hacking [wikipedia.org]. After all, he did not "hack" anything -- e.g. brute force his way into any system. He set up a Tor node and sniffed some packets, information that was already released into the wild via network. He was able to take this data and pull out pertinent information -- which might be part of the more popular definition of a "hack". The fact is, the word "hack", "hacker", or "hacking" should not be use

Dramatic Raid indeed

[Zedrick]

I live a few hundred meters from his home, and was woken up that day, not by my useless alarm clock, but by sirens from 7 or 8 police cars heading in the direction of his apartment. From the TFA it seems like the were a bit more discreet when moving in on him, so I guess this was some kind of show of force to intimidate him, and his neighbours. Wouldn't surprise me, considering how the TPB-raid was done.

so... the criminal cops in sweden want to hack too

[Lazy Jones]

looks like those illegally acting cops just wanted a cheap way of getting their sweaty hands on Egerstad's code. It would be so cool to be able to spy on all those foreign guys, eh?

A dramatic raid...

[east coast]

[knock at the door]

Police: Open this door! Thou art a felon wanted for many counts of villainy against the citizenry of this fair nation!

Dan: How now!? Am I to be jailed? What can I do but beg for the mercy of The Crown?!?!

[Dan weeps loudly]
[Viola music plays a sad song in the background]
[Dan slumps over a b0x3n]

Dan: I am ruined. Farewell, my tools of crime, for you are sure to meet a worse fate than I in our common traitorous endeavors.

[The door breaks in, an officer enters the room and grabs Dan by the shoulder with nightstick in hand]
[Fades to black]

Oh, you mean a different kind of dramatic. Sorry, sorry.

Re:

[BlueParrot]

[Viola music plays a sad song in the background]

Man, I had Secret Garden playing when I read that... the combined effect was quite awesome. Thanks...

Excellent, truly excellent

[Zontar_Thing_From_Ve]

Funniest post I've seen on Slashdot this year! Truly excellent. Well done!

Re:

[idontgno]

There's a fine line between drama [wikipedia.org] and melodrama. [wikipedia.org]. And you flew right over it without even braking. Well played.

Grammar Nazi attack! Have great fear!

[porpnorber]

Good grief, man! If b0x3n is now singular, what's the plural? B0x3nZ? B0x3s3n? Or is it now ueberGermanic and something like b03x3n3n? :)

Re:

[east coast]

Not a very good grammar Nazi. It's "uber" not "ueber".

Government raids

[killerkalamari]

People are always looking to the government to protect them. Who protects you from the government? My biggest fear in my home isn't some criminal breaking in, it's a stupid government raid that possibly gets me or one of my family members killed, or all the programs I've written in my entire life being confiscated. Perhaps some would say I shouldn't be afraid because I'm not hacking or doing anything (that I know of) that's illegal, but I am a programmer, so nevertheless it hangs over my head. I hate th

The solution is simple

[Bryansix]

These kind of Hacks should still be committed to show security flaws or simply when people implement things incorrectly which leads to a flaw in the security. The thing is when the evidence is collected that a security hole exists the Black Hat should anonymously submit that evidence to thousands of websites simultaneously. And they should use Tor. Ya it doesn't prevent traffic from being intercepted but they still can't figure out where it came from. That way the government doesn't have anywhere to direct

This was NOT a hack.

[miffo.swe]

This guy is a very good security consultant that has been around for a while. This is not the first leak he has discovered and tried to warn people, Dan discovered that his home DSL was going slow and started sniffing out the traffic from his ISP. He quickly discovered that the ISP sent him traffic from about 4000 other customers on 16 different subnets! He could see everything on the network. This very time he had setup a tor link and started sniffing out the traffic, just as NSA does in the US on their large tor links. What he found was countless passwords and other sensitive stuff floating around. He found large amounts of usernames and password floating by all the time. No doubt this was from a hacker/foreign security intelligence that used tor for anynomity. The fact that most passwords was from governments like Iran, Russia and other countries not in the US "group" suggests this was US spying in progress. The fact that Swedish "Säpo" (intelligence is not the right word for theese people) was pressured into action against something thats not a crime at all in sweden also makes one wonders what is going on. It seems people are dissatisfied that this leak was made public. I doubt the people being hacked was miffed at Dan for showing them that someone was spying on them. Now that they know and secure their communications, maybe with stringent encryption and backdoor free open source, i do now one country that will be angry.

It is correct ....

[OldHawk777]

It is politically correct to not cause a problem, ignorance is bliss.

It is criminal/troublesome to report problems, but ignorance is bliss and politically correct.

No faults/problems found/reported in a politically correct blissful world means there is not a problem.

A world without problems is proof of safety/security and politically marketable to public bliss.

When a bridge collapses, a city gets drowned, large buildings collapse ... is it due to bliss or problems?

Send all problem reporters to jail, then we

Re:Good.

[spleen_blender]

And my faith in humanity drops to yet another record low.

I'm getting sick of a society that has ZERO room for exceptions. Make exceptions for the exceptional... that is why they are exceptional.

Although listening to TOR traffic is hardly exceptional, but the point he proved without malicious intent was.

Re:Good.

[Nos.]

"Egerstad published 100 of the email accounts, including login details and passwords, on his website for anyone curious enough to have a look"
Publishing login credentials of 100 accounts isn't what I'd call without malicious intent. Okay, he was trying to force them to react, but there are better ways of doing it.

Re:

[spleen_blender]

Agreed, but these kind of cases should not ever be treated in the same way terrorism suspects are, or any other significant crime. It is ridiculous when I think back on the things I could be arrested for in the eyes of these people and the kind of suffering I would endure, and then compare that to the suffering I have forced on others. It is obscene to treat them like common criminals, because they are obviously not common.

Your good natured intent is clouding your thinking

[NDPTAL85]

Diplomats are often dealing with people seeking asylum for humanitarian reasons. They also deal with local and international law enforcement and sometimes the military. In any one of those cases leaked information could have gotten someone killed. This guy didn't expose the logins and passwords of MySpace accounts. Then there's the consideration that he very well may have violated several privacy/confidentiality laws as well.

I don't think you realize just how serious what this guy did is.

Re:Your good natured intent is clouding your think

[davidsyes]

Which probably made him the most wanted man on (the/this) Earth. Wanted not just by Interpol, or a few DOZEN countries, but maybe a few HUNDRED countries. He should have put asterisks back in the passwords and fuzzed the names. Shouldn't have exposed the email, nor the user contacts in those e-mails.

However, once the various governments were apprised, they ALL had a DUTY, and a moral obligation to close the holes. Make the users change names and passwords. Lock them out until they reported to the cognizant

Re:

[caluml]

Perhaps just publishing the usernames, and not the passwords. Or just the passwords, and not the usernames.

Re:

[aminorex]

> there are better ways of doing it.

I've heard that before. Such as? Name a "better way" that (1) he didn't already try and (2) wouldn't involve turning over sensitive data of another nation to spooks of a potentially adversarial power.
     

Re:

[Anpheus]

What better ways can we think of then? Perhaps he could call local government offices. Perhaps he could contact embassy officials from various countries whose login data is being compromised in this way. He did both. (Apparently the only foreign government interested in his statements was Iran.)

Now, he had exhausted all of this easy options. He could have gone to the press, but I think you'll find it's a little harder to get on the national news, even in Sweden, with computechbabble as they understand it, a

Re:

[Elemenope]

Is sniffing tor packets illegal? Clue me in.

Yes it's illegal

[emj]

I would think so, of course as long as no one can probe you are doing it, it should be fine. If you lend you computer to someone and sniff his traffic, that's going to be illegal, same thing. The question is if your intent is to inform people, does that make it less illegal. Of course it does, now being called a hacker certainly doesn't help.

Information wants to be free.

Re:

[arkane1234]

I'm afraid sniffing packets going across YOUR network interface is in no way illegal.
At least not in the USA... not yet anyway.
Otherwise it'd be illegal to reverse engineer protocols, or even use ethereal or whatever the hell it's called today.
Thanks for playing.

Re:

[rasjani]

Depends.. Whats in the package?

Re:Good.

[Opportunist]

A law is not to be observed blindly. A law is to be questioned to test it against real life requirements. If people would not question laws, people would still be enslaved because of the color of their skin and the US would still be a colony of Britain.

Re:

[the_womble]

the US would still be a colony of Britain.

and the problem would be?

Re:

[MightyYar]

the US would still be a colony of Britain.

and the problem would be?

Not a decent cup of coffee on the whole continent.

(Kidding... I know that "American" drip coffee is considered horrible by most of the world. It was better than my "driving on the wrong side of the road joke, though.)

Re:

[arkane1234]

(Kidding... I know that "American" drip coffee is considered horrible by most of the world. It was better than my "driving on the wrong side of the road joke, though.)

Considering that a majority of coffee beans used throughout the world comes from the Panamanian areas, I'd say that's in north America.
Central America is not a continent, it's a designation.
What you're referring to as "American" coffee must be the cheap swill that is sold on the bottom row of supermarkets that for some reason people buy.
Heck,

Re:

[MightyYar]

My history on Central America is rusty, but I don't think that the British had much of a stake there, except possibly for Belize.

My comment was in reference to how we'd all be drinking tea.

I'm not a big fan of pre-ground supermarket coffee, but it's still better than nothing. Plus it is way cheaper than spending several dollars a day at some shop. And it can even taste better if you don't like the over-roasted beans at your everyone's favorite chain.

Damn it, I knew I should have just made a straight teeth j

Re:Good.

[celtic_hackr]

I won't delineate all the reasons why what you said is a stupid troll.

But here's a few gems for you.

1) He became a tor node.
2) All the data he examined was on his own computers.
3) Everything on the computers belonged to him.
4) As a responsible tor node person, he examined the contents of it.
5) Refer to number 3. Also in the US, he could be found responsible for
      people using his tor node to traffic in say copyrighted works or child
      abuse. So he would really pretty much HAVE to inspect the contrents of
      his traffic to make sure that no illegal activity was taking place.
6) What law is it you think he broke?

Re:

[Professor_UNIX]

Crackers break the copyright protection on computer software. Hackers use their skills to find weaknesses in the security of software, hardware, and networks. Those that exploit them for malicious purposes are black hat hackers and those that report them to the proper people so the vulnerabilities can be fixed are white hat hackers. Script kiddies are ones that take programs written by bad hackers and just run them without actually comprehending what they're doing other than the fact that they've owned a

Re:

[Deanalator]

He hacked NOTHING. He sat on a tor exit node with dsniff. You can do that setup in minutes (I used to run driftnet-gtk on my tor exit node for kicks). He noticed a large amount of dumbasses using email with no encryption, and wanted it to stop ASAP, so he released the info.

Re:

[Lazy Jones]

Personally, Egerstad sounds like the kind of a sanctimonious dick that SHOULD get the beatdown. They should give him "every known signal" that the police don't like it when when someone is lying to them...tasers, nightstick, whatever.

Personally, you sound like the kind of guy the police should protect us from. Too bad that they don't seem to get people with better morals for their own ranks.

Re:

[Opportunist]

You don't read news and media altogether too often. Let me clue you in:

Hacker is someone who does illegal stuff with a computer. People have seen sneakers and swordfish, so they know the term and know it's some computer guy that does illegal stuff. So hacker is it.

Re:

[cromar]

He didn't really hack anything: just take advantage of others' stupidity. He's not a cracker because he wasn't being malicious.

Re:

[Kazrath]

I know this is off-topic but...

If you are not well traveled (IE you have never traveled outside of the USA) you could not possibly fathom women walking around on beaches topless/naked without people leering at them. Topless women in Swim settings is the norm in the Europeian Mediterranean and also FKK (Nudism) is very popular in Germany.

The "first" comment about pictures allows me with high accuracy to determine it is an American Civilian making the comment. Ignorance is not bliss it only makes you look s

Re:

[arkane1234]

The "first" comment about pictures allows me with high accuracy to determine it is an American Civilian making the comment. Ignorance is not bliss it only makes you look stupid.


It's not ignorance, it's called a fucking joke.
You've made yourself look stupid by what was referred to in the 80's as eurocentric behavior.
Get over yourself.

Re:

[Patrik_AKA_RedX]

In other news, Swedish feminists were heard crying out for the right to display their breasts in public - "we too [want to] pull off our shirts at football matches".

I so support their cause. Where do I sign up?