Create an Account
username: password:
 
  MemeStreams Logo

RE: Hacker arrested for... um... *not* hacking?

search

dc0de
Picture of dc0de
dc0de's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

dc0de's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
  War on Terrorism
Recreation
Local Information
Science
Society
  Politics and Law
   Surveillance
  Media
   Blogging
  Security
Sports
Technology
  Biotechnology
  Computers
   Computer Networking
   Computing Platforms
    Linux
    Microsoft Windows
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
RE: Hacker arrested for... um... *not* hacking?
Topic: Technology 10:40 pm EST, Nov 15, 2007

Rattle wrote:
Dagmar posted up this summary of the situation with Dan Egerstad (Google Cache).

In a move almost staggeringly myopic, agents from Swedish National Crime and the Swedish Security Police raided Dan Egerstad on Monday of this week, rather clearly on the basis of his massive non-hack of the TOR routing service.

For those not catching on, Dan is the gentleman we all cheered a short while ago for having the ingenuity to set up and connect several new TOR (an anonymizing packet routing system) nodes and see if people were actually using the network with unencrypted protocols (which would basically be foolish in the extreme). It turns out that Dan's suspicions were right, and that not only were people using the network insecurely, lots of people, up to and including embassies and government and military offices were using the network unsafely--effectively sending emails and other sensitive traffic across the network completely in the clear where anyone who added their connectivity to the network could see it. This is very, very bad.

Let me make this clear... Anyone, myself included, can at any time, add their resources to and use the TOR network, simply by joining it and using it. (Non-technical explanation for simplicity) Participants in the network pass each other's traffic back and forth randomly through encrypted links, counting on the misdirection of a massive shell game to protect their privacy. Users are supposed to encrypt all their traffic as well as an additional step to keep the last site that handles the traffic before it goes back out to the Internet at large from being able to see what's being sent around. The encryption of the TOR network itself protects the contents up to that point, but no farther. For embassies and other installations that might have things going on where a breach of security could mean people die, incorrect use of the network almost guarantees that someone's likely to get hurt--possibly many, many someones. Dan figured that if anyone can do this, bad people were probably already doing it.

After doing his due diligence and trying to tell the people using the network unsafely the mistakes they were making (and getting nowhere), Dan took the more civic-minded approach of shouting it to the heavens by publishing samples and account information of the hapless fools on his website, and announcing the disturbing results of his completely legal and ethical research to security-oriented mailing lists in hopes that people would take notice and stop endangering themselves and others. The resulting splash should certainly penetrate far and wide and just maybe, make the problem go away.

It now appears that, true to history, anyone foolish enough to take away any powerful organization's ability to lie to itself about utter and terrifying failures of their security model is someone those organizations are going to try to hold responsible for it. Seeming to be under pressure from other organizations (very likely the ones Dan was trying to protect) the Swedish authorities have basically confiscated most of Dan's stuff, and it remains to be seen just how far this will go before sanity takes hold again.

We can now chalk up another one to the forces of ignorance and stupidity for attacking people who are working to help them stay safe. Dan should have been getting a medal (or at least a thank you) for this work, and instead, people are trying to destroy his life. Way to go, folks.

Tor has it's uses.. But they have mostly to do with obscuring the view of your traffic on the segment of the network which you currently reside. At the exit points, you have zero knowledge of how trustworthy the network is or isn't.. Hence, you always need to assume that your traffic hits the open network on a hostile segment. This fact needs to be understood by anyone who uses the Tor network to protect their identity.

Tor doesn't actually provide any kind of end-to-end security unless you are using Tor hidden services.

Yet another dumb move by groups that don't understand technology.

RE: Hacker arrested for... um... *not* hacking?



 
 
Powered By Industrial Memetics
RSS2.0