[LINK] hack of the year

Jan Whitaker jwhit at janwhitaker.com
Wed Nov 14 15:27:30 AEDT 2007

The hack of the year
November 13, 2007

A Swedish hacker tells how he infiltrated a global communications 
network used by scores of embassies over the world, using tools 
freely available on the internet.
In August, Swedish hacker Dan Egerstad gained access to sensitive 
embassy, NGO and corporate email accounts. Were they captured from 
the clutches of hackers? Or were they being used by spies? Patrick 
Gray investigates the most sensational hack of 2007.

The problem, says Vitaliev, is some Tor users assume their data is 
protected from end to end. "As in pretty much any other internet 
technology, its vulnerabilities are not well understood by those who 
use it (and) need it most," he says.

The discovery that sensitive, government emails were passing through 
Tor exit nodes as unencrypted, readable data was only mildly 
surprising to Egerstad. It made sense - because Tor documentation 
mentions "encryption", many users assume they're safe from all 
snooping, he says.

"People think they're protected just because they use Tor. Not only 
do they think it's encrypted, but they also think 'no one can find 
me'," Egerstad says. "But if you've configured your computer wrong, 
which probably more than 50 per cent of the people using Tor have, 
you can still find the person (on) the other side."

Initially it seemed that government, embassy, NGO and corporate 
staffers were using Tor but had misconfigured their systems, allowing 
Egerstad to sniff sensitive information off the wire. After Egerstad 
posted the passwords, blame for the embarrassing breach was initially 
placed on the owners of the passwords he had intercepted.

Jan Whitaker
JLWhitaker Associates, Melbourne Victoria
jwhit at janwhitaker.com
business: http://www.janwhitaker.com
personal: http://www.janwhitaker.com/personal/
commentary: http://janwhitaker.com/jansblog/

Living, like writing, requires no wisdom. Only revising does. - Jim 
Sollisch, Sept, 2007
'Seed planting is often the most important step. Without the seed, 
there is no plant.' - JW, April 2005
_ __________________ _

More information about the Link mailing list