Interview with Dan Egerstad

22/11/2007 Written by minor

egerstad Few days ago we informed about raid in house of Dan Egerstad. Now he agreed with brief inter­view, where we tried to get his point of view on the issue.

Could you please explain, how did you come to the idea of cre­at­ing exit TOR nodes and inter­cept­ing traf­fic?

I wanted to know how many peo­ple were encrypt­ing their mails and needed some fig­ures for a lec­ture I was hold­ing. Set­ting up a ToR node to ana­lyze mail-​traffic was an easy way to get some num­bers. Right before shut­ting this auto­mated process down I by acci­dent saw an email that caught my eye and led me to doing this in a big­ger way.

From media sources, we know, that there were only few reac­tions, when you con­tacted affected orga­ni­za­tions. Did this approach sur­prised you, in time, when also pub­lic is start­ing to talk about cyber threads? Were you sur­prised, that such data aren’t sent encrypted?

My expe­ri­ence from the busi­ness is that few people/​companies take secu­rity seri­ously. Even large cor­po­ra­tions that you would believe have the high­est level often lack the basics such as anti-​virus, back­ups or encrypted email. This is my work allot today to raise aware­ness. Same when con­tact­ing peo­ple about prob­lems in their sys­tems, often you get a bad response if any.
Example1: Called up a large cor­po­ra­tion hav­ing a server hacked and used to do some major spam­ming. They refused talk­ing to me and said it was BS, 30min later the spam stopped.
Example2: Called up a major ISP telling them that a por­tion of their cus­tomer data (10.000 end-​users) was leak­ing all over the net­work for any­one to lis­ten in. After three attempts, three days and still get­ting the response that there is noth­ing wrong and that it was my com­put­ers even though I work with IT-​sec I pub­lished an arti­cle instead. This time they reacted, didn’t like the head­lines on Sweden’s largest news­pa­per appar­ently. Still it took a day or two for them to con­fess and fix it.
So basi­cally, no it doesn’t sur­prise me that you won’t get any response.


Do you think that intel­li­gence does not the same, as you tried in your exper­i­ment? What do you think about lat­est accu­sa­tions of Hush­mail to be coop­er­at­ing with intel­li­gence and pos­si­ble back­door in new encryp­tion stan­dard?

ToR is devel­oped by Amer­i­can mil­i­tary and used by peo­ple want­ing to hide them­selves, of course oth­ers are sniff­ing the net­work! I want to believe that hush is secure and have an ethic busi­ness not shar­ing any infor­ma­tion. I don’t have any opin­ion other than that.


Were there already some charges set in your case?

I haven’t been charged for any­thing, how­ever I’m sus­pected for “com­puter break in”. A crime that can give fines and jail up to two years.

Dan, your approach was crit­i­cized from many sides. What was the main idea behind these crit­ics? Are there also pos­i­tive voices?

Most crit­ics came before I told what was done. Many thought that I found an exploit, hacked or broke in some­where. The first one you always con­tact the ven­dor, how­ever here there is no exploit and no ven­dor to fix it. The other two are just uneth­i­cal. Even though I kept on say­ing that nei­ther of those three were the case peo­ple still based their crit­i­cism on that, peo­ple never read the whole story. When the whole story later came out with no exploit or hack­ing involved and that this infor­ma­tion most likely already was in the hands of “bad guys the same peo­ple kept their mouth shut ;-)

Since August until the raid in Novem­ber, there was lot of time in between. Why the raid came now, after rel­a­tively long time?

Beats me and every other per­son I talked to. Usu­ally this takes hours or a few days so I was very sur­prised hav­ing the police at my door. How­ever they said some stuff dur­ing the ques­tion­ing that leads me to believe that some other coun­try might have been involved and it’s a polit­i­cal thing. Maybe Swe­den have been get­ting some pres­sure from a for­eign coun­try and needs to prove that they are doing some­thing.
They aren’t work­ing fast, 2,5 months for the raid and today 10 days after the raid they still don’t even know what stuff they took and even less looked at it. This being a pri­or­i­tized case and all…


Share this content: