Security expert used Tor to collect government e-mail passwords

A security expert who exposed the passwords and login information for a number of embassies and foreign government organizations revealed today that the information was acquired by operating a Tor node.Last month, Swedish security specialist Dan Egerstad exposed the passwords and login information for 100 e-mail accounts on embassy and government servers. In a blog entry today, Egerstad disclosed his methodology. He collected the information by running a specialized packet sniffer on five Tor exit nodes operated by his organization, Deranged Security. Tor is an onion routing service that facilitates anonymous Internet communication. Originally developed by the US Naval Research Laboratory and currently funded by the Electronic Frontier Foundation, Tor is designed to protect users from traffic analysis and other kinds of network surveillance. It works by relaying connections through a series of distributed network servers. When a Tor user visits a web site, the IP address detected and logged by that site will be the IP address of one of the Tor nodes rather than the actual user. This makes it possible for users to obscure their identity under certain circumstances.

read more | digg story