Hacker Publishes E-mail Accounts of Government Agencies
A security expert from Sweden declared in the end week of August 2007 the passwords and addresses for hundred e-mail accounts to show that he has discovered a flaw capable of exposing 1,000 or more private mailing accounts at govt. organization like corporations and embassies.
Computer Sweden has crosschecked the information and contacted the person who posted it on the Internet. The information includes a variety of details like names of the governments and embassies, e-mail Ids, usernames and passwords. With this information, it is possible for anyone to compromise and access the accounts.
The organizations on the information list also include Iran's foreign ministry, the Russian embassy in Sweden and the Indian and Kazakh embassies in the United States.
The information relating to the e-mail account came up on the DerangedSecurity blog that Swedish hacker, Dan Egerstad, runs. Many accounts were for the workers of civil rights and government officials. While Egerstad published the information for hundred accounts, he had actually collected over 1,000 as he reported to Wired News. WIRED BLOG NETWORK published this on August 31, 2007.
When Computer Sweden spoke to Egerstad, he clarified his claim by saying that he had simply tripped over this information. In fact, it was very easy to obtain it. He said he released the information to draw experts' attention to the flaws and to get them fixed. TIMESNOW.tv published this in news on August 31, 2007.
Among the affected embassies, only Russia still needs to acknowledge the problem. Head Secretary at the Russian embassy in Stockholm, Roman Mironov, told a TV channel in Sweden that the information was correct but now irrelevant as new login details have been introduced. ARS Technical reported this on August 30, 2007.
Declaring the weak security conditions of the government agencies could be risky. In 2006, the Federal Bureau of Investigation (FBI) barged into the residence of a security boffin who had shown the security loopholes in boarding pass checks, and constructed a Website where it was possible to print one's own pass. In 2003, Brett O'Keefe, the President of California's ForensicTec, was arrested after he pointed out flaws in many military networks of US by demonstrating a hacking attempt on them.
Related article: Hacker & Virus in MySpace
» SPAMfighter News - 14-09-2007