Ejoh

Last week Dan Egerstad, a Swedish security consult, published usernames and passwords for hundreds of email accounts belonging to governments and embassies all over the world. Now he tells us how he did it.

When accessing the information he used Tor. Tor, short for The Onion Router, is one of the most popular ways of being anonymous on Internet today. Today iy’s used by anyone you can think of who wants to communicate without anybody else interfering.  To understand how he did you must know how the system works. It’s based on that every user makes his/her computer a server. The information when you browse bounces around at different nodes before arriving at the final destination. This means that everything you write can be picked up and read if not encrypted.

This was exactly what Dan Egerstad did. He made his own computer a node in the network and picked up information which was not encrypted. Off course this security flaw has been pointed out by lots of people but no-one have really paid any attention. Maybe that will change now.

In total Dan Egerstad has the login information to about 1000 email accounts over the world. He says some of them belongs to fortune-500 companies and he claims to have read several mail about things that should not be known to the public yet.

When Dan Egerstad stated that 95 % of the traffic he received wasn’t encrypted. Considering that the Swedish security police, SÄPO, has been warning for this it is alarming.  The conclusion is that Tor is not safe unless you protect your computer . You don’t know who’s reading  so watch your back.