Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: Hacker arrested for... um... *not* hacking?. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Hacker arrested for... um... *not* hacking?
by Rattle at 5:11 pm EST, Nov 15, 2007

Dagmar posted up this summary of the situation with Dan Egerstad (Google Cache).

In a move almost staggeringly myopic, agents from Swedish National Crime and the Swedish Security Police raided Dan Egerstad on Monday of this week, rather clearly on the basis of his massive non-hack of the TOR routing service.

For those not catching on, Dan is the gentleman we all cheered a short while ago for having the ingenuity to set up and connect several new TOR (an anonymizing packet routing system) nodes and see if people were actually using the network with unencrypted protocols (which would basically be foolish in the extreme). It turns out that Dan's suspicions were right, and that not only were people using the network insecurely, lots of people, up to and including embassies and government and military offices were using the network unsafely--effectively sending emails and other sensitive traffic across the network completely in the clear where anyone who added their connectivity to the network could see it. This is very, very bad.

Let me make this clear... Anyone, myself included, can at any time, add their resources to and use the TOR network, simply by joining it and using it. (Non-technical explanation for simplicity) Participants in the network pass each other's traffic back and forth randomly through encrypted links, counting on the misdirection of a massive shell game to protect their privacy. Users are supposed to encrypt all their traffic as well as an additional step to keep the last site that handles the traffic before it goes back out to the Internet at large from being able to see what's being sent around. The encryption of the TOR network itself protects the contents up to that point, but no farther. For embassies and other installations that might have things going on where a breach of security could mean people die, incorrect use of the network almost guarantees that someone's likely to get hurt--possibly many, many someones. Dan figured that if anyone can do this, bad people were probably already doing it.

After doing his due diligence and trying to tell the people using the network unsafely the mistakes they were making (and getting nowhere), Dan took the more civic-minded approach of shouting it to the heavens by publishing samples and account information of the hapless fools on his website, and announcing the disturbing results of his completely legal and ethical research to security-oriented mailing lists in hopes that people would take notice and stop endangering themselves and others. The resulting splash should certainly penetrate far and ... [ Read More (0.2k in body) ]


 
RE: Hacker arrested for... um... *not* hacking?
by dc0de at 10:40 pm EST, Nov 15, 2007

Rattle wrote:
Dagmar posted up this summary of the situation with Dan Egerstad (Google Cache).

In a move almost staggeringly myopic, agents from Swedish National Crime and the Swedish Security Police raided Dan Egerstad on Monday of this week, rather clearly on the basis of his massive non-hack of the TOR routing service.

For those not catching on, Dan is the gentleman we all cheered a short while ago for having the ingenuity to set up and connect several new TOR (an anonymizing packet routing system) nodes and see if people were actually using the network with unencrypted protocols (which would basically be foolish in the extreme). It turns out that Dan's suspicions were right, and that not only were people using the network insecurely, lots of people, up to and including embassies and government and military offices were using the network unsafely--effectively sending emails and other sensitive traffic across the network completely in the clear where anyone who added their connectivity to the network could see it. This is very, very bad.

Let me make this clear... Anyone, myself included, can at any time, add their resources to and use the TOR network, simply by joining it and using it. (Non-technical explanation for simplicity) Participants in the network pass each other's traffic back and forth randomly through encrypted links, counting on the misdirection of a massive shell game to protect their privacy. Users are supposed to encrypt all their traffic as well as an additional step to keep the last site that handles the traffic before it goes back out to the Internet at large from being able to see what's being sent around. The encryption of the TOR network itself protects the contents up to that point, but no farther. For embassies and other installations that might have things going on where a breach of security could mean people die, incorrect use of the network almost guarantees that someone's likely to get hurt--possibly many, many someones. Dan figured that if anyone can do this, bad people were probably already doing it.

After doing his due diligence and trying to tell the people using the network unsafely the mistakes they were making (and getting nowhere), Dan took the more civic-minded approach of shouting it to the heavens by publishing samples and account information of the hapless fools on his website, and announcing the disturbing results of his completely legal and ethical research to security-oriented mailing lists in hopes that people would take notice and stop endangering themselves and others. The resulting splash shou... [ Read More (0.2k in body) ]


  
RE: Hacker arrested for... um... *not* hacking?
by Decius at 5:05 pm EST, Nov 16, 2007

dc0de wrote:
Yet another dumb move by groups that don't understand technology.

You're assuming honest intentions. He was monitoring accounts that had been hacked by government intelligence agencies. Its possible that the people who had him raided understand what he did perfectly well, and are unhappy with him for making their operations less successful.


Hacker arrested for... um... *not* hacking?
by Dagmar at 3:51 pm EST, Nov 15, 2007

In a move almost staggeringly myopic, agents from Swedish National Crime and the Swedish Security Police raided Dan Egerstad on Monday of this week, rather clearly on the basis of his massive non-hack of the TOR routing service.

For those not catching on, Dan is the gentleman we all cheered a short while ago for having the ingenuity to set up and connect several new TOR (an anonymizing packet routing system) nodes and see if people were actually using the network with unencrypted protocols (which would basically be foolish in the extreme). It turns out that Dan's suspicions were right, and that not only were people using the network insecurely, lots of people, up to and including embassies and government and military offices were using the network unsafely--effectively sending emails and other sensitive traffic across the network completely in the clear where anyone who added their connectivity to the network could see it. This is very, very bad.

Let me make this clear... Anyone, myself included, can at any time, add their resources to and use the TOR network, simply by joining it and using it. (Non-technical explanation for simplicity) Participants in the network pass each other's traffic back and forth randomly through encrypted links, counting on the misdirection of a massive shell game to protect their privacy. Users are supposed to encrypt all their traffic as well as an additional step to keep the last site that handles the traffic before it goes back out to the Internet at large from being able to see what's being sent around. The encryption of the TOR network itself protects the contents up to that point, but no farther. For embassies and other installations that might have things going on where a breach of security could mean people die, incorrect use of the network almost guarantees that someone's likely to get hurt--possibly many, many someones. Dan figured that if anyone can do this, bad people were probably already doing it.

After doing his due diligence and trying to tell the people using the network unsafely the mistakes they were making (and getting nowhere), Dan took the more civic-minded approach of shouting it to the heavens by publishing samples and account information of the hapless fools on his website, and announcing the disturbing results of his completely legal and ethical research to security-oriented mailing lists in hopes that people would take notice and stop endangering themselves and others. The resulting splash he hoped would penetrate far and wide and just maybe, make the problem go away.

It now appears that, true to history, anyone foolish enough to take away any powerful organization's ability to lie to itself about utter and terrifying failures of their security model is someone those organizations are going to try to hold responsible for it and crush. Seeming to be under pressure from other organizations (very likely the ones Dan was trying to protect) the Swedish authorities have basically confiscated most of Dan's stuff, and it remains to be seen just how far this will go before sanity takes hold again.

We can now chalk up another one to the forces of ignorance and stupidity for attacking people who are working to help them stay safe. Dan should have been getting a medal (or at least a thank you) for this work, and instead, people are trying to destroy his life. Way to go, folks.


There is a redundant post from ubernoir not displayed in this view.
 
 
Powered By Industrial Memetics