The hack of the year

The hack of the year
Links: home · search · speed test · login · more ·

Links: Reply New Topic
Forums » Security » Security » The hack of the year

anon @ 14th Nov 12:52AM:
The hack of the year

"In August, Swedish hacker Dan Egerstad gained access to sensitive embassy, NGO and corporate email accounts. Were they captured from the clutches of hackers? Or were they being used by spies? Patrick Gray investigates the most sensational hack of 2007."
»www.theage.com.au/news/security/···522.html
reply

caffeinator @ 14th Nov 03:01AM:
Re: The hack of the year

said by anon101 :

"In August, Swedish hacker Dan Egerstad gained access to sensitive embassy, NGO and corporate email accounts. Were they captured from the clutches of hackers? Or were they being used by spies? Patrick Gray investigates the most sensational hack of 2007."
»www.theage.com.au/news/security/···522.html

Sounds like a review for a Tom Clancy novel...
--
My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages
reply

anon @ 14th Nov 03:55AM:
Re: The hack of the year

It's a nice article on how one can sniff TOR traffic easily like that hacker did which brings up a question of why would anyone set a free TOR node that would costs thousands of dollars to maintained, could it be spies.
reply

Vista RTM @ 15th Nov 08:43PM:
Re: The hack of the year

I always thought Tor (The Onion Router) was a trap.....free software that can hide illegal acts is like such an obvious trap.
reply

pinkcarpet @ 16th Nov 06:56AM:
Re: The hack of the year

.. Sarcasm?

Tor is open source and you have as much privacy as your node is offering.
»www.torproject.org/download.html.en
reply

Davebo_ @ 16th Nov 10:08AM:
Re: The hack of the year

said by Vista RTM :

I always thought Tor (The Onion Router) was a trap.....free software that can hide illegal acts is like such an obvious trap.

Well, it's a "trap" if used stupidly, so......
reply

EGeezer @ 16th Nov 11:17AM:
Re: The hack of the year

I always wondered how those TOR servers and exit nodes and fat pipes were paid for, who paid and who controlled them.

All this guy had to do was sniff the exit nodes he created and filter the packets for interesting keywords and domains. There were no legal issues for him since all he did was view traffic on his own servers.

I have no doubt that there are lots of clueless TOR users who configure their systems wrong and have less than a full understanding of the TOR system. The folks who think that they have the silver bullet are most at risk. A false sense of security is worse than no security at all.

As he said, TR has its uses, but only if the user understands the application and its limitations. According to the guy, about half of TOR users don't.

Link to a more complete MP3 interview and detail can be found here as well as in the OPs article.
The first few minutes are other topics, but after that there's a good interview and follow-up discussion.

It's also interesting that the major use of TOR (about half per interviewee) is to surf porn sites.

Maybe I should set up an exit node and see what goes through my system. This sounds like fun :D
--
My Flickr Gallery
reply

beenshutdown @ 16th Nov 12:02PM:
Re: The hack of the year

An interesting follow up. He was raided, hardware was confiscated, arrested, interrogated and let go the other day.

»www.smh.com.au/news/security/pol···481.html
reply

EGeezer @ 16th Nov 12:08PM:
Re: The hack of the year

The title of that story should be "What happens when you stir the pot". Sounds like some embarrassed politicians are looking to discourage public disclosure of bureaucratic incompetency and poor security practices.
--
My Flickr Gallery
reply

TK Junk Mail @ 18th Nov 09:43AM:
Re: The hack of the year

Well, so much for the security all those TOR users brag about which they claim hides their online file sharing of copyrighted content.
reply

fatness @ 18th Nov 10:02AM:
Re: The hack of the year

quote:
After informing the governments involved of their security failings and receiving no response, Egerstad published 100 of the email accounts, including login details and passwords, on his website for anyone curious enough to have a look.

quote:
Egerstad was soon back to his regular routine but, on Monday morning, his apartment, located 650 kilometres from Stockholm, was raided by four agents from Swedish National Crime (which Egerstad calls "our FBI") and Swedish Security Police ("our CIA").

Nice priorities there.

quote:
The raid occurred around the same time a feature article on Egerstad's hack appeared in the Next IT section in The Age and The Sydney Morning Herald, but it is unlikely the story sparked the raid.

Ha ha. :)
--
Sure, that'll work..
reply

La Luna @ 18th Nov 10:42AM:
Re: The hack of the year

This isn't really *new* news, other than the specific incident. It has been discussed previously how easy it is to sniff a TOR server:

»Tor hack proposed to catch criminals

HD Moore, the lead developer of the Metasploit Project, has created a rough set of tools that allows anyone operating a Tor server to attempt to track the source of network data. Moore originally created the software to block file sharers from eating up his computer's bandwidth, but soon targeted potential child pornographers who appeared to be using the network, he said.....

For his part, Moore intends to turn the tools over to law enforcement for their own use, he said.....

The Tor Project has already taken steps to inform its users. On Thursday, the project added a warning to its documentation and further outlined what users need to do to protect their anonymity online.

"Tor by itself is NOT all you need to maintain your anonymity," the site read. "There are several major pitfalls to watch out for."

The list of threats is not small: misconfigured applications, using any of a number of browser plugins, visiting sites that have set cookies, and a lack of encryption from the Tor network to the destination server.

If nothing else, the list underscores that, in the digital world, anonymity is not easy.

»www.securityfocus.com/news/11447
--
10,019 DEADLY TERROR ATTACKS SINCE 9/11~~TEAM DISCOVERY
Can't feel you anymore, don't need you anymore, don't believe you anymore, I don't need you anymore

reply