Researcher Purposefully Posts 100 Government E-Mail Addresses And Passwords
Those exposed include accounts to the Kazakhstan Embassy in Russia, the Hong Kong Human Rights Monitor, and the Office of the Dalai Lama.
A security researcher in Sweden published the addresses and passwords for about 100 government and embassy e-mail accounts, to "put light" on serious security problems.
Dan Egerstad, the researcher behind the DErangedSecurity blog, posted the e-mail account information late last week. The listing supposedly includes e-mail addresses and related information for the Kazakhstan Embassy in Russia, the Uzbekistan Embassy in Dubai, the Hong Kong Human Rights Monitor, and the Office of the Dalai Lama.
"Yes, it's the real deal and still working when we are posting this," Egerstad wrote in the blog entry. "So why in the world would anyone publish this kind of information? Because seriously, I'm not going to call the president of Iran and tell him that I got access to all their embassies. I'm DEranged, not suicidal!"
Egerstad went on to say in his blog that he hopes publishing the information will shed some light on security issues that generally don't get discussed and that it will push the various governments to fix the problems faster than normal.
"Here is everything you need to read classified e-mail and (expletive) up some serious international business," he added. "It's only a matter of time until someone else gets the same information. Or wait, does someone else have this already? For how long have they had it? What are they doing with it?... I would like to remind everyone that using ANY of this is a serious crime and I trust that nothing here will be used, ever!"
The blogger's move to release the information got mixed reviews from readers leaving comments. As of early Tuesday afternoon, there were 315 responses.
One reader, calling herself Anna, simply wrote, "great job dude."
Another reader, calling himself Saviour, took an alternative view, writing, "u stupid, u r putting our security at risk... this is not fair for any sensible mind to do such kind of henious act... u r encouraging crime in the society and playing with the lives of 100 of millions of people... by putting their countries' key installations' passwords on the net... this can have grave consequences for our national security."
And a reader identifying himself as Wakeupcall, wrote, "I hope this is a kind of wakeupcall to everyone out there. I think this is just a glimpse of how careless Companies, Organisations etc. are and the fact, that most of the passwords still have not been changed is a good example of stupidity."
About the Author
You May Also Like
2024 InformationWeek US IT Salary Report
May 29, 20242022 State of ITOps and SecOps
Jun 21, 2022