IT Consultant Hacking Russian Embassy Interrogated by Police

    The most secure network of Tor anonymous servers turned out to be less secure at all. Two months ago, a real scandal erupted in Sweden when it became known about the act of the famous IT security consultant, 22-year-old Dan Egerstad. He filtered Tor traffic and posted on his blog logins and passwords for mailboxes and servers belonging to embassies of countries, non-governmental organizations, commercial firms and government agencies of different countries. Among the victims are the embassies of India, Russia, Uzbekistan, Kazakhstan and Iran, as well as the British mission in Nepal. Anyone could come in to read the mail on these accounts.

    That publication became a sensation. Now the story has developed. Following a tip from the American authorities, the Swedish police closed Den’s blog, searched his apartment and confiscated his equipment, and he was released after two hours of interrogation. Den remains at large and gives out interviews, explaining his position. He is sure that he did not violate any laws, but this, apparently, will be decided by the court.

    A special piquancy of this story is given by the fact that the Tor network is considered to be a highly protected anonymous system, and therefore it is used by those citizens who potentially have something to hide. However, no extra effort was needed to break into the “most secure network”. The procedure took only a few minutes using a pair of hacker programs.

    The fact is that Den Egerstad personally installed five Tor servers (anyone can download and install a special program, after which his computer will become a Tor server). Thus, he gained access to all traffic passing through these nodes. To Den's surprise, it turned out that a huge amount of traffic is transmitted in an unprotected form, including logins and passwords.

    Tor servers make up the global network. When traffic is transmitted, a multilevel concealment of the user's IP address is carried out: a new level of protection is added with each host, which is then removed in layers (onion principle). Due to this, the Tor network is considered the most reliable system for anonymous surfing. In the chain of anonymous Tor proxies, even discrediting one or two of them still does not allow you to calculate the user's real IP address.

    Theoretically, the Tor network was created for high purposes. For example, to counter surveillance by authoritarian political regimes, so that residents of oppressed countries can safely roam the free Internet. Although Tor is used for its intended purpose by citizens of more than 20 countries where human rights are violated, this is far from the main audience. Reality turned out to be more cynical. According to Egerstal, the vast majority of Tor traffic is ... pornography. All sorts of perverts received a reliable tool to climb absolutely anonymously on the resources of interest to them. “It's even sad,” Den says.

    The Tor network reliably hides the user's IP address, but the messages themselves on the network are not encrypted in any way. As the story of Dan has shown, many users do not understand this and transmit information on the network in an open form. Moreover, more than 50% of users can even determine IP addresses due to incorrect settings on their computers.

    Den Egerstad assures that all the passwords published by him from the boxes of non-governmental organizations, embassies, human rights organizations, etc. not really owned by the above users. These are all hacker accounts that were created to access other people's systems, and spies used Tor to ensure anonymity.

    Having discovered the activity of intruders, Den Egerstad did not contact the police. He says that in this case, state intelligence agencies could use spy accounts for their intended purpose, that is, for wiretapping. Then he turned directly to the victims of wiretapping. However, of all government organizations, only Iran responded. Iranian experts demanded to immediately give out all the information that Dan possesses.

    Annoyed by the lack of attention to his person, Dan simply picked up and published all the passwords on his DEranged Security blog (now closed).

    It was a real sensation. Many of the email accounts were soon verified and recognized as real. Some organizations themselves recognized, while others passed independent verification. For example, an Indian journalist was able to log in to the mailbox of the Indian ambassador to China and download a transcript of a meeting with the Chinese Foreign Minister.

    This story shows that in distributed technology - the strength of the Tor network and at the same time its weakness. Thousands of users form a theoretically invulnerable network of anonymizers, but you can never be sure that one or another computer does not belong to an attacker who will listen to your traffic.

    Now Dan Egerstad has deleted all the information he received. He has long had no hard drives on which information was recorded. However, a leak has already occurred. Confidence in the Tor network is seriously undermined.

    via The Sydney Morning Herald

    Also popular now: