AOH :: ISNQ4491.HTM

Hacks hit embassy, government e-mail accounts worldwide




Hacks hit embassy, government e-mail accounts worldwide
Hacks hit embassy, government e-mail accounts worldwide



http://www.infoworld.com/article/07/08/30/Hacks-hit-embassy-government-e-mail-accounts-worldwide_1.html 

By Daniel Goldberg and Linus Larsson
Computer Sweden
August 30, 2007

Usernames and passwords for more than 100 e-mail accounts at embassies 
and governments worldwide have been posted online. Using the 
information, anyone can access the accounts that have been compromised.

Computer Sweden has verified the posted information and spoken to the 
person who posted them. The posted information includes names of the 
embassies and governments, addresses to e-mail servers, usernames and 
passwords. Among the organizations on the list are the foreign ministry 
of Iran, the Kazakh and Indian embassies in the U.S. and the Russian 
embassy in Sweden.

Freelance security consultant Dan Egerstad posted the information. He 
spoke openly about the leak when Computer Sweden contacted him.

"I did an experiment and came across the information by accident," he 
said.

Egerstad says he never used the information to log in to any of the 
compromised accounts in order not to break any laws.

Computer Sweden confirmed that the login details for at least one of the 
accounts is correct. Egerstad forwarded an e-mail sent on Aug. 20 by an 
employee at the Swedish royal court to the Russian embassy. The person 
who sent the e-mail, in which she declines an invitation to the Russian 
embassy, has confirmed that she sent the e-mail.

"Yes, that is right. We did decline the invitation. As far as I can 
remember I did send the e-mail," she said.

Computer Sweden has not been able to confirm the authenticity of any of 
the other information that has been posted.

"When something like this happens you usually contact people and ask 
them to fix it. But in this case it felt too big for that, calling to 
other countries," Egerstad said.

Of the compromised accounts, 10 belong to the Kazakh embassy in Russia.

Around 40 belong to Uzbeki embassies and consulates around the world.

Login details for e-mail accounts at the U.K. visa office in Nepal were 
also posted. Login details for the foreign ministry of Iran, the Kazakh 
and Indian embassies in the U.S. and the Russian embassy in Sweden were 
also posted.

"I hope this makes them take action. Hopefully, faster than ever before, 
and I hope they become a bit more aware of security issues," Dan 
Egerstad says.

Computer Sweden has contacted both the Russian and Indian embassies in 
Stockholm for comment. The Russian embassy confirmed the leaks and says 
that logins have now been changed. The Indian embassy declined to 
confirm the information and give comment.

Computer Sweden has not published where the login details can be found. 
The information in this story has been verified by Computer Sweden 
without using any of the published login details.

Computer Sweden is an InfoWorld affiliate.


____________________________________
Attend HITBSecConf2007 - Malaysia 
Taking place September 3-6 2007 featuring seven tracks of technical 
training and a dual-track security conference with keynote speakers 
Lance Spitzner and Mikko Hypponen!  -  Book your seats today! 
http://conference.hitb.org/hitbsecconf2007kl/ 

Site design & layout copyright © 1986-2014 CodeGods