IT consultant who hacked the Russian embassy questioned by the police
The most secure network of anonymous Tor servers turned out to be not so secure at all. Two months ago, a real scandal broke out in Sweden when it became aware of the act of the well-known IT security consultant, 22-year-old Dan Egerstad (Dan Egerstad). He filtered Tor traffic and posted logins and passwords to mailboxes and servers belonging to national embassies, non-governmental organizations, commercial firms and government agencies in different countries on his blog. Among the victims - the embassies of India, Russia, Uzbekistan, Kazakhstan and Iran, as well as the British office in Nepal. Anyone could go to read mail on these accounts.
That publication became a sensation. Now the story got its development . On a tip from the US authorities, the Swedish police closed Den’s blog, searched his apartment and seized equipment, and released him after two hours of interrogation. Dan is still at large and gives interviews, explaining his position. He is sure that he has not violated any laws, however, this will probably be decided by the court.
A special piquancy of this story is given by the fact that the Tor network is considered an ultra-secure anonymous system, and therefore it is used by those citizens who potentially have something to hide. However, to crack the "most secure network" did not need any super efforts. The procedure took only a few minutes using a couple of hacker programs.
The fact is that Den Egerstad personally installed five Tor servers (anyone can download and install a special program, after which his computer will become a Tor server). Thus, he gained access to all traffic passing through these nodes. To Den's surprise, it turned out that a huge amount of traffic is transmitted in an unprotected form, including logins and passwords.
')
Tor servers make up the global network. When traffic is transmitted, multilevel hiding of the user's IP address is performed: a new level of protection is added with each host, which is then removed layer by layer (onion principle). Due to this, the Tor network is considered the most reliable system for anonymous surfing. In the chain of anonymous Tor proxy servers, even discrediting one or two of them still does not allow to calculate the real IP address of the user.
Theoretically, the Tor network was created for high goals. For example, to oppose surveillance by authoritarian political regimes, so that residents of oppressed countries can safely roam free Internet. Although Tor is used as intended by citizens of more than 20 countries where human rights are violated, but this is far from being the main audience. The reality was more cynical. According to Egerstal, the overwhelming part of Tor traffic is ... pornography. All sorts of perverts got a reliable tool to completely anonymously climb over the resources of interest. “It's even sad,” says Dan.
The Tor network reliably hides the user's IP address, but the messages themselves are not encrypted on the network. As Dan’s history has shown, many users do not understand this and transmit information in the network in open form. Moreover, more than 50% of users can even determine IP addresses due to incorrect settings of their computers.
Den Egerstad says that all the passwords published by him from the boxes of non-governmental organizations, embassies, human rights organizations, etc. do not actually belong to the above users. These are all hacker accounts that were created to access other people's systems, and spies used Tor to ensure anonymity.
Finding the activities of intruders, Den Egerstad did not go to the police. He says that in this case, the state secret services could use spyware accounts for their intended purpose, that is, for wiretapping. Then he spoke directly to the victims of the wiretapping. However, of all government organizations, only Iran responded. Specialists from Iran have demanded to immediately give all the information that Dan has.
Irritated by the lack of attention to his person, Den just picked up and published all the passwords on his blog, DEranged Security (now closed).
It was a real sensation. Many of the email accounts were soon verified and recognized as real. Some organizations themselves recognized, while others were independently verified. For example, one Indian journalist was able to log into the mailbox of the Indian ambassador to China and download a transcript of the meeting with the Chinese foreign minister.
This story shows that in a distributed technology, the strength of the Tor network and at the same time its weakness. Thousands of users form a theoretically invulnerable network of anonymizers, but you can never be sure that this or that computer does not belong to an attacker who will listen to your traffic.
Now Dan Egerstad has deleted all the information he received. He has long no hard drives on which information was recorded. However, the leak has already occurred. Trust in the Tor network is seriously undermined.
via The Sydney Morning Herald
That publication became a sensation. Now the story got its development . On a tip from the US authorities, the Swedish police closed Den’s blog, searched his apartment and seized equipment, and released him after two hours of interrogation. Dan is still at large and gives interviews, explaining his position. He is sure that he has not violated any laws, however, this will probably be decided by the court.
A special piquancy of this story is given by the fact that the Tor network is considered an ultra-secure anonymous system, and therefore it is used by those citizens who potentially have something to hide. However, to crack the "most secure network" did not need any super efforts. The procedure took only a few minutes using a couple of hacker programs.
The fact is that Den Egerstad personally installed five Tor servers (anyone can download and install a special program, after which his computer will become a Tor server). Thus, he gained access to all traffic passing through these nodes. To Den's surprise, it turned out that a huge amount of traffic is transmitted in an unprotected form, including logins and passwords.
')
Tor servers make up the global network. When traffic is transmitted, multilevel hiding of the user's IP address is performed: a new level of protection is added with each host, which is then removed layer by layer (onion principle). Due to this, the Tor network is considered the most reliable system for anonymous surfing. In the chain of anonymous Tor proxy servers, even discrediting one or two of them still does not allow to calculate the real IP address of the user.
Theoretically, the Tor network was created for high goals. For example, to oppose surveillance by authoritarian political regimes, so that residents of oppressed countries can safely roam free Internet. Although Tor is used as intended by citizens of more than 20 countries where human rights are violated, but this is far from being the main audience. The reality was more cynical. According to Egerstal, the overwhelming part of Tor traffic is ... pornography. All sorts of perverts got a reliable tool to completely anonymously climb over the resources of interest. “It's even sad,” says Dan.
The Tor network reliably hides the user's IP address, but the messages themselves are not encrypted on the network. As Dan’s history has shown, many users do not understand this and transmit information in the network in open form. Moreover, more than 50% of users can even determine IP addresses due to incorrect settings of their computers.
Den Egerstad says that all the passwords published by him from the boxes of non-governmental organizations, embassies, human rights organizations, etc. do not actually belong to the above users. These are all hacker accounts that were created to access other people's systems, and spies used Tor to ensure anonymity.
Finding the activities of intruders, Den Egerstad did not go to the police. He says that in this case, the state secret services could use spyware accounts for their intended purpose, that is, for wiretapping. Then he spoke directly to the victims of the wiretapping. However, of all government organizations, only Iran responded. Specialists from Iran have demanded to immediately give all the information that Dan has.
Irritated by the lack of attention to his person, Den just picked up and published all the passwords on his blog, DEranged Security (now closed).
It was a real sensation. Many of the email accounts were soon verified and recognized as real. Some organizations themselves recognized, while others were independently verified. For example, one Indian journalist was able to log into the mailbox of the Indian ambassador to China and download a transcript of the meeting with the Chinese foreign minister.
This story shows that in a distributed technology, the strength of the Tor network and at the same time its weakness. Thousands of users form a theoretically invulnerable network of anonymizers, but you can never be sure that this or that computer does not belong to an attacker who will listen to your traffic.
Now Dan Egerstad has deleted all the information he received. He has long no hard drives on which information was recorded. However, the leak has already occurred. Trust in the Tor network is seriously undermined.
via The Sydney Morning Herald
Source: https://habr.com/ru/post/16287/
All Articles