There’s a really interesting story making the round today about the arrest of Dan Egerstad, a Swedish security consultant who claims to have compromised a private data network used by embassies around the world earlier this year. Swedish police apparently braced Egerstad outside his apartment yesterday, confiscated a bunch of his PCs and other hardware and dragged him in for two hours of questioning. In a story in the Sydney Morning Herald newspaper, Egerstad says that “the police ‘played every trick in the book, good cop, bad cop and crazy mysterious guy in the corner not wanting to tell his name and just staring at me. Well, if they want to try to manipulate, I can play that game too. [I] gave every known body signal there is telling of lies … covered my mouth, scratched my elbow, looked away and so on.'”
What’s really interesting about this is that even though Egerstad’s exploits were widely publicized and he went so far as to post on his web site account information for some of the unsecured email accounts he found, the police let him walk without even charging him. Egerstad has claimed all along that didn’t break any laws and got the account information by installing Tor on a few servers and monitoring the traffic. But the Swedish police apparently weren’t buying that and felt they had enough evidence to impound his computers and subject him to several hours of questioning. It could have been a simple fishing expedition on their part, but Egerstad should probably count himself very lucky that he’s a Swede. Had he been living in Germany or the UK or even the U.S. when he pulled his stunt, he likely would still be sitting in an interrogation room drinking warm Fresca.
The other interesting note here is that Egerstad now says he thinks the people sending the messages from the email accounts he was monitoring were not the accounts’ owners, but hackers who had compromised them and were using Tor to hide their activities. I’m not sure that helps his case at all, but it’s a good indication that these embassies, NGOs and other organizations need to take a look around their networks and see what’s happening.