Interview with Dan Egerstad22/11/2007 Written by minor
Few days ago we informed about raid in house of Dan Egerstad. Now he agreed with brief interview, where we tried to get his point of view on the issue.
Could you please explain, how did you come to the idea of creating exit TOR nodes and intercepting traffic?
I wanted to know how many people were encrypting their mails and needed some figures for a lecture I was holding. Setting up a ToR node to analyze mail-traffic was an easy way to get some numbers. Right before shutting this automated process down I by accident saw an email that caught my eye and led me to doing this in a bigger way.
From media sources, we know, that there were only few reactions, when you contacted affected organizations. Did this approach surprised you, in time, when also public is starting to talk about cyber threads? Were you surprised, that such data aren’t sent encrypted?
My experience from the business is that few people/companies take security seriously. Even large corporations that you would believe have the highest level often lack the basics such as anti-virus, backups or encrypted email. This is my work allot today to raise awareness. Same when contacting people about problems in their systems, often you get a bad response if any.
Example1: Called up a large corporation having a server hacked and used to do some major spamming. They refused talking to me and said it was BS, 30min later the spam stopped.
Example2: Called up a major ISP telling them that a portion of their customer data (10.000 end-users) was leaking all over the network for anyone to listen in. After three attempts, three days and still getting the response that there is nothing wrong and that it was my computers even though I work with IT-sec I published an article instead. This time they reacted, didn’t like the headlines on Sweden’s largest newspaper apparently. Still it took a day or two for them to confess and fix it.
So basically, no it doesn’t surprise me that you won’t get any response.
Do you think that intelligence does not the same, as you tried in your experiment? What do you think about latest accusations of Hushmail to be cooperating with intelligence and possible backdoor in new encryption standard?
ToR is developed by American military and used by people wanting to hide themselves, of course others are sniffing the network! I want to believe that hush is secure and have an ethic business not sharing any information. I don’t have any opinion other than that.
Were there already some charges set in your case?
I haven’t been charged for anything, however I’m suspected for “computer break in”. A crime that can give fines and jail up to two years.
Dan, your approach was criticized from many sides. What was the main idea behind these critics? Are there also positive voices?
Most critics came before I told what was done. Many thought that I found an exploit, hacked or broke in somewhere. The first one you always contact the vendor, however here there is no exploit and no vendor to fix it. The other two are just unethical. Even though I kept on saying that neither of those three were the case people still based their criticism on that, people never read the whole story. When the whole story later came out with no exploit or hacking involved and that this information most likely already was in the hands of “bad guys the same people kept their mouth shut ;-)
Since August until the raid in November, there was lot of time in between. Why the raid came now, after relatively long time?
Beats me and every other person I talked to. Usually this takes hours or a few days so I was very surprised having the police at my door. However they said some stuff during the questioning that leads me to believe that some other country might have been involved and it’s a political thing. Maybe Sweden have been getting some pressure from a foreign country and needs to prove that they are doing something.
They aren’t working fast, 2,5 months for the raid and today 10 days after the raid they still don’t even know what stuff they took and even less looked at it. This being a prioritized case and all…