Accessibility links

Breaking News

Internet: Swedish Hacker Accesses Embassy E-Mail Accounts

By Alisher Sidikov September 12, 2007 (RFE/RL) -- A 21-year-old Swedish hacker has confounded some governments with his revelation that a flaw allows easy access to more than 100 sensitive e-mail accounts at embassies and private companies.

Dan Egerstad says he accidentally stumbled onto the problem and made passwords and other details of those accounts public to highlight the security risk.

Egerstad told RFE/RL's Uzbek Service that he decided to publicize the problem because contacting all the affected groups personally would have been a huge task.

He released addresses and passwords on a blog ( from the list of easily compromised accounts, which included accounts from Indian, Pakistani, Uzbek, and Kazakh embassies and other government institutions.

In fact, the list included 26 embassies and six consulates of Uzbekistan alone. Ten accounts belonged to the Kazakh Embassy in Russia, according to a technology-based website,, that covered the story.

They also included Chinese human-rights groups and one of Tibetan spiritual leader Dalai Lama's liaison offices.

Exposing Security Flaws

Egerstad says that the only officials who have contacted him from the embassies or governments involved are Iranians, including the Iranian Embassy in Stockholm.

"They pretty much said, 'Thank you.' The Indians, they were kind of pissed," Egerstad says. "No one wanted to talk to me except Iran."

Egerstad says the affected governments are merely those using software that is susceptible to the hack that he discovered.

He says that after he accidentally uncovered the flaw, those vulnerable accounts were like an open book.

Egerstad has stressed that he never actually opened the correspondence, so as to avoid breaking the law. He said he released the information to shed light on security problems to allow the groups involved to fix them.

"After they calm down a little bit and get over the first shock, they will realize I didn't do this to hack into their system or anything like that, I did it because they have a major problem," Egerstad says.

Egerstad lives in Malmo, in southern Sweden, and describes himself as a security specialist who works for Danish and Swedish companies. But he also says the discovery did not even require much expertise.

"This is very, very easy," he says. "If only I could do this or the best computer people in the world could do this, then it wouldn't be a problem. The problem is that anyone can do this. Give me two minutes [and] I can teach anyone to do this."

Could Egerstad Face Legal Problems?

It is unclear whether authorities are considering any measures against Egerstad.

But a Swedish national security officer who asked not to be identified suggested to RFE/RL's Uzbek Service that sharing the sensitive information involved in the hack with other Internet users might be prosecutable.

"It is one thing to imagine that evil hackers can find information themselves, [and] another thing [when] somebody publishes it for them," says Per Hellqvift, a security expert at Symantec AB, a company that specializes in computer-protection software.

"They can do quite a [lot of] damage with this kind of information," Hellqvift adds. "They can read the e-mails being sent from this e-mail address from certain embassies and they can also send the e-mails [pretending to be] an embassy employee."

Hellqvift warns that Egerstad might be "heading into trouble" if he continues with such unorthodox techniques.

But Egerstad insists that he simply happened across a problem and acted in a way that allows the holders of those affected to correct the flaw. He says he only wants to help people correct a problem that could cause serious damage to their interests.

Iran's 'No Browse' Zone

Iran's 'No Browse' Zone

BLOCKED SITES: Iran's state Information Technology Company announced in September 2006 that more than 10 million websites were being "filtered" in Iran. They included the following, organized by category.

Forums, Sharing, and Entertainment:

The Google-owned Internet social network system

The video-sharing website

The photo-sharing website and web services

The Kurdish version of Wikipedia's online encyclopedia

Social and Human Rights:

London-based, one of the world's leading human rights defenders

New York-based Human Rights Watch, also one of the leading human rights defenders in the world

The Paris-based Reporters Without Borders, a leading media watchdog

The official website of the Tahkim Vahdat Organization, the largest reformist university organization in Iran The group covers news concerning student activism in Persian

The website, a monthly Persian-English journal devoted to democracy and human rights

The website, a Persian site dedicated to women's rights and activism in Iran

News and Politics:

The Prague- and Washington-based, a joint venture of RFE/RL and VOA covering news in Persian

The Persian service of the London-based BBC

The Persian service of the Washington-based Voice of America

The Amsterdam-based, which covers news in Persian

The pro Islamic Republic Tehran based covering political and social issues

Brussels-based, featuring articles by journalists and political figures

The Amsterdam-based daily journal, which features articles and interviews in Persian and English


The Google-owned blog publishing system

The Harvard-based, a blog that summarizes events in the blogosphere in every corner of world

Numerous personal weblogs from around the world, both in Persian and English, with different views and focusing on different subjects including: (satirical blog) (photo blog)

(source: Radio Farda)