13:55 Itconsultant broke the Russian Embassy ??questioned by police | |
| The most secure network of anonymous servers, Tor was not such secure. Two months ago in Sweden a scandal erupted when it became aware of the deed of a well-known consultant on IT-security, 22-year-old Dena Egerstada (Dan Egerstad). He made a traffic filtering Tor and posted on his blog logins and passwords to mailboxes and servers belonging to the embassies of countries, NGOs, commercial firms and government agencies in different countries. Among the victims - the Embassy of India, Russia, Uzbekistan, Kazakhstan and Iran, as well as the British representative in Nepal. Anyone could go to read a post on these accounts. That article became a sensation. Now the story gets its development. On a tip from U.S. authorities Swedish police shut down blog Dehn, searched his apartment and confiscated equipment, and him after two hours of interrogation were released. Dan is still at large and giving interviews, explaining his position. He sure has not violated any laws, but it already seems to be resolved by the court. Special piquancy to the story adds that the Tor network is considered to be ultra-secure anonymous system, so it enjoyed by those citizens who potentially have something to hide. However, for breaking the "most secure network does not need any sverhusily. The procedure took only a few minutes using a pair of hacking programs. The fact that Dan Egerstad personally installed five servers Tor (anyone can download and install the program, after which the computer becomes a server Tor). So he got access to all traffic passing through these nodes. To the surprise of Dan, it turned out that a huge amount of traffic transmitted in the clear form, including logins and passwords. Tor servers constitute the global network. When passing traffic is a multilevel hide IP-address of the user: each host adds a new level of protection, which is then removed in layers (the principle of the bulb). Due to this, the Tor network is considered the most reliable system for anonymous surfing. In the chain of anonymous proxy servers Tor even discredit one or two of them still can not calculate the real IP-address of the user. Theoretically, the Tor network created for higher goals. For example, to counter spying by authoritarian political regimes, the residents of the oppressed nations can safely surf the internet freely. While Tor is used to appoint citizens of more than 20 countries where human rights are infringed, but this is not the main audience. The reality proved to be more cynical. According Egerstala, the bulk of Tor traffic is ... pornography. All sorts of deviants have a reliable tool to anonymously climb in interest to their resources. "It's not even sad," - says Dan. Tor network securely hides user IP-address, but the messages in the network not encrypted. As history has shown Dehn, many users do not understand this and provide information to the network in clear text. Moreover, more than 50% of the users can even define the IP-address due to incorrect settings of their computers. Dan Egerstad assures that all published their passwords from mailbox of NGOs, embassies, human rights organizations, etc. does not actually belong to the above users. All this hacking accounts that were created to access the wrong system, and spies have used Tor for anonymity. Discovering malicious activity, Dan Egerstad not to the police. He said that in this case, the state intelligence agencies could use spyware accounts for its intended purpose, ie for the wiretaps. He then appealed directly to the victims of wiretaps. However, of all government organizations to respond only to Iran. Specialists from Iran immediately demanded to give all the information, which is owned by Den. Riley lack of attention to his person, Dan just picked up and released all the passwords on his blog DEranged Security (now closed). It was a real sensation. Many of the email accounts were soon tested and proven true. Some of the organizations themselves have recognized, while others have been independently verified. For example, one Indian journalist was able to log into the mailbox Indian Ambassador to China, and download the transcript of a meeting with Chinese Foreign Minister. This story shows that in a distributed technologies - the power of the Tor network and also its weakness. Thousands of users form a network proxy is theoretically invulnerable, but you can never be sure that one or the other computer does not belong to the attacker, who will listen to your traffic. Dan Egerstad now deleted all the information he received. It has long been no hard disk on which information was recorded. However, the leakage has already occurred. Confidence in the Tor network is seriously undermined. Via The Sydney Morning Herald | |
|
| |
| Total comments: 0 | |