The hack of the year


JF-Expert Member
Mar 21, 2007
Patrick Gray
November 13, 2007

In August, Swedish hacker Dan Egerstad gained access to sensitive embassy, NGO and corporate email accounts. Were they captured from the clutches of hackers? Or were they being used by spies? Patrick Gray investigates the most sensational hack of 2007.

IT WASN'T supposed to be this easy. Swedish hacker Dan Egerstad had infiltrated a global communications network carrying the often-sensitive emails of scores of embassies scattered throughout the world. It had taken him just minutes, using tools freely available for download on the internet.

He says he broke no laws.

In time, Egerstad gained access to 1000 high-value email accounts. He would later post 100 sets of sensitive email logins and passwords on the internet for criminals, spies or just curious teenagers to use to snoop on inter-governmental, NGO and high-value corporate email.

The question on everybody's lips was: how did he do it? The answer came more than a week later and was somewhat anti-climactic. The 22-year-old Swedish security consultant had merely installed free, open-source software - called Tor - on five computers in data centres around the globe and monitored it. Ironically, Tor is designed to prevent intelligence agencies, corporations and computer hackers from determining the virtual - and physical - location of the people who use it.

"Tor is like having caller ID blocking for your internet address," says Shava Nerad, development director with the Tor Project. "All it does is hide where you're communicating from."

Tor was developed by the US Navy to allow personnel to conceal their locations from websites and online services they would access while overseas. By downloading the simple software, personnel could hide the internet protocol address of their computers - the tell-tale number that allows website operators or intelligence services to determine a user's location.

Eventually the navy realised it must take Tor beyond the armed forces. "The problem is, if you make Tor a tool that's only used by the military . . . by using Tor you're advertising that you're military," Nerad says.

So Tor was cast into the public domain. It is now maintained and distributed by a registered charity as an open-source tool that anyone can freely download and install. Hundreds of thousands of internet users have installed Tor, according to the project's website.

Mostly it is workers who want to browse pornographic websites anonymously. "If you analyse the traffic, it's just porn," Egerstad told Next by phone from Sweden. "It's kind of sad."

However, Dmitri Vitaliev, a Russian-born, Australian-educated computer security professional who lives in Canada, says Tor is a vital tool in the fight for democracy. Vitaliev trains human-rights campaigners on how to stay safe when online in oppressive regimes. "It's incredibly important," he said in a Skype chat from the unrecognised state of Transnistria, a breakaway region in Moldova where he's assisting a local group working to stop the trafficking of women. "Anonymity is a high advantage in countries that perform targeted surveillance on activists."

It's also used to bypass website censorship in more than 20 countries that censor political and human rights sites, he says........Continues
2 Reactions
Top Bottom