Create an Account
username: password:
 
  MemeStreams Logo

Hacker arrested for... um... *not* hacking?

search

Rattle
Picture of Rattle
Rattle's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Rattle's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
  Music
Business
  Tech Industry
  Telecom Industry
Games
Health and Wellness
Holidays
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
Recreation
  Travel
Local Information
  SF Bay Area
   SF Bay Area News
Science
  Biology
  History
  Nano Tech
  Physics
  Space
Society
  Economics
  Futurism
  International Relations
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Security
Sports
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   Cyber-Culture
   PC Hardware
   Computer Networking
   Macintosh
   Linux
   Software Development
    Open Source Development
    Perl Programming
    PHP Programming
   Spam
   Web Design
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Hacker arrested for... um... *not* hacking?
Topic: Computer Security 5:11 pm EST, Nov 15, 2007

Dagmar posted up this summary of the situation with Dan Egerstad (Google Cache).

In a move almost staggeringly myopic, agents from Swedish National Crime and the Swedish Security Police raided Dan Egerstad on Monday of this week, rather clearly on the basis of his massive non-hack of the TOR routing service.

For those not catching on, Dan is the gentleman we all cheered a short while ago for having the ingenuity to set up and connect several new TOR (an anonymizing packet routing system) nodes and see if people were actually using the network with unencrypted protocols (which would basically be foolish in the extreme). It turns out that Dan's suspicions were right, and that not only were people using the network insecurely, lots of people, up to and including embassies and government and military offices were using the network unsafely--effectively sending emails and other sensitive traffic across the network completely in the clear where anyone who added their connectivity to the network could see it. This is very, very bad.

Let me make this clear... Anyone, myself included, can at any time, add their resources to and use the TOR network, simply by joining it and using it. (Non-technical explanation for simplicity) Participants in the network pass each other's traffic back and forth randomly through encrypted links, counting on the misdirection of a massive shell game to protect their privacy. Users are supposed to encrypt all their traffic as well as an additional step to keep the last site that handles the traffic before it goes back out to the Internet at large from being able to see what's being sent around. The encryption of the TOR network itself protects the contents up to that point, but no farther. For embassies and other installations that might have things going on where a breach of security could mean people die, incorrect use of the network almost guarantees that someone's likely to get hurt--possibly many, many someones. Dan figured that if anyone can do this, bad people were probably already doing it.

After doing his due diligence and trying to tell the people using the network unsafely the mistakes they were making (and getting nowhere), Dan took the more civic-minded approach of shouting it to the heavens by publishing samples and account information of the hapless fools on his website, and announcing the disturbing results of his completely legal and ethical research to security-oriented mailing lists in hopes that people would take notice and stop endangering themselves and others. The resulting splash should certainly penetrate far and wide and just maybe, make the problem go away.

It now appears that, true to history, anyone foolish enough to take away any powerful organization's ability to lie to itself about utter and terrifying failures of their security model is someone those organizations are going to try to hold responsible for it. Seeming to be under pressure from other organizations (very likely the ones Dan was trying to protect) the Swedish authorities have basically confiscated most of Dan's stuff, and it remains to be seen just how far this will go before sanity takes hold again.

We can now chalk up another one to the forces of ignorance and stupidity for attacking people who are working to help them stay safe. Dan should have been getting a medal (or at least a thank you) for this work, and instead, people are trying to destroy his life. Way to go, folks.

Tor has it's uses.. But they have mostly to do with obscuring the view of your traffic on the segment of the network which you currently reside. At the exit points, you have zero knowledge of how trustworthy the network is or isn't.. Hence, you always need to assume that your traffic hits the open network on a hostile segment. This fact needs to be understood by anyone who uses the Tor network to protect their identity.

Tor doesn't actually provide any kind of end-to-end security unless you are using Tor hidden services.

Hacker arrested for... um... *not* hacking?



 
 
Powered By Industrial Memetics
RSS2.0