Young Pirate hacker gets top security secrets
The Local/ms - [email protected]
Published: 14 Jan, 2015 CET.
Updated: Wed 14 Jan 2015 16:06 CET
UPDATED: The president of the Swedish Pirate Party's youth wing has told The Local that Sweden's leading security and military experts searched for 'holidays' and 'forest hikes' during working hours, after he tricked them into logging onto an unsecure server at a conference.
Gustav Nipe, 26, set up a Wi-Fi network called 'Open Guest' at the conference earlier this week and claims that several high profile officials used the network to log into their email accounts and surf the internet. As the Wi-Fi network was not encrypted, Nipe says he was able to track which sites people visited as well as the emails and text messages of around 100 delegates, including politicians and journalists as well as security experts. “The security establishment was in Sälen pushing for more surveillance, but then leading figures go and log on to an unsecure W-Fi network,” he told The Local. "It is very embarrassing because the data we collected showed that some people were looking at Skype, eBay and Blocket and stuff like that, or looking for holidays and where you could go and hike the forest. This was during the day when I suppose they were being paid to be at the conference working." Nipe insists he didn't carry out the stunt to target a particular person, rather to draw attention to the issue of network monitoring in Sweden, and says he won't be revealing which sites were visited by specific experts. "The scary part is that with unsecure networks like these you can end up getting access even to secure servers because people so often use the same passwords for different sites. So we could have got into the government's server or used other information to track people in their everyday lives." The stunt has sparked criticism in Swedish newspapers and on social media, with some arguing that he breached Sweden's Personal Data Act. Martin Brinnen, a lawyer at the Swedish Data Inspection Board told Dagens Nyheter that Nipe had acted without the "explicit consent" of the Wi-Fi network's users, despite the fact that they had agreed to join an open network. He said that while each case should be considered separately, how information is gathered from open networks and for what purpose plays a major role in determining whether or not tracking email traffic is legal. "To collect data in order to create some sort of mapping of [how people are] using the network, or to collect sensitive data, may be contrary to the Personal Data Act," he told the newspaper. Dagens Nyheter said there were exceptions in the law that permit logging this kind of personal information, such as for journalistic purposes. Nipe told The Local that all the data he had collected would be stored in an encrypted way so that no-one else could access it and added that it would be erased after it had been analysed. "I am confident that we are on the right side of the law and if anything was illegal then it was people using our network without permission and high ranking people working in security using unprotected, unencrypted networks to log into their emails." The Pirate Party (Piratpartiet) was founded in Sweden in 2006, and says its goal is to "fight for a better world, free of oppression and censorship". But support for the group has been waning and it scored less than one percent of the vote in Sweden's last general election in September 2014.
Comments
See Also
Gustav Nipe, 26, set up a Wi-Fi network called 'Open Guest' at the conference earlier this week and claims that several high profile officials used the network to log into their email accounts and surf the internet.
As the Wi-Fi network was not encrypted, Nipe says he was able to track which sites people visited as well as the emails and text messages of around 100 delegates, including politicians and journalists as well as security experts.
“The security establishment was in Sälen pushing for more surveillance, but then leading figures go and log on to an unsecure W-Fi network,” he told The Local.
"It is very embarrassing because the data we collected showed that some people were looking at Skype, eBay and Blocket and stuff like that, or looking for holidays and where you could go and hike the forest. This was during the day when I suppose they were being paid to be at the conference working."
Nipe insists he didn't carry out the stunt to target a particular person, rather to draw attention to the issue of network monitoring in Sweden, and says he won't be revealing which sites were visited by specific experts.
"The scary part is that with unsecure networks like these you can end up getting access even to secure servers because people so often use the same passwords for different sites. So we could have got into the government's server or used other information to track people in their everyday lives."
The stunt has sparked criticism in Swedish newspapers and on social media, with some arguing that he breached Sweden's Personal Data Act.
Martin Brinnen, a lawyer at the Swedish Data Inspection Board told Dagens Nyheter that Nipe had acted without the "explicit consent" of the Wi-Fi network's users, despite the fact that they had agreed to join an open network.
He said that while each case should be considered separately, how information is gathered from open networks and for what purpose plays a major role in determining whether or not tracking email traffic is legal.
"To collect data in order to create some sort of mapping of [how people are] using the network, or to collect sensitive data, may be contrary to the Personal Data Act," he told the newspaper.
Dagens Nyheter said there were exceptions in the law that permit logging this kind of personal information, such as for journalistic purposes.
Nipe told The Local that all the data he had collected would be stored in an encrypted way so that no-one else could access it and added that it would be erased after it had been analysed.
"I am confident that we are on the right side of the law and if anything was illegal then it was people using our network without permission and high ranking people working in security using unprotected, unencrypted networks to log into their emails."
The Pirate Party (Piratpartiet) was founded in Sweden in 2006, and says its goal is to "fight for a better world, free of oppression and censorship".
But support for the group has been waning and it scored less than one percent of the vote in Sweden's last general election in September 2014.
Join the conversation in our comments section below. Share your own views and experience and if you have a question or suggestion for our journalists then email us at [email protected].
Please keep comments civil, constructive and on topic – and make sure to read our terms of use before getting involved.
Please log in here to leave a comment.