By Asher Moses
The Sydney Morning Herald
November 15, 2007
The Swedish hacker who perpetrated the so-called hack of the year has
been arrested in a dramatic raid on his apartment, during which he was
taken in for questioning and several of his computers confiscated.
Dan Egerstad, a security consultant, intercepted data carried over a
global communications network used by embassies around the world in
August and gained access to 1000 sensitive email accounts. They
contained confidential diplomatic memos and other sensitive government
Details of the hack were reported on this site on Tuesday .
After informing the governments involved of their security failings and
receiving no response, Egerstad published 100 of the email accounts,
including login details and passwords, on his website for anyone curious
enough to have a look. The site, derangedsecurity.com, has since been
The hack required little more than tools freely available on the
internet, and Egerstad maintains he broke no laws. In fact, he is
confident the email accounts he gained access to were already
compromised by other hackers, so his efforts in fact prevented them from
continuing their spying.
Egerstad was soon back to his regular routine but, on Monday morning,
his apartment, located 650 kilometres from Stockholm, was raided by four
agents from Swedish National Crime (which Egerstad calls "our FBI") and
Swedish Security Police ("our CIA").
About 9am Egerstad walked downstairs to move his car when he was
accosted by the officers in a scene "taken out of a bad movie", he said
in an email interview.
"I got a couple of police IDs in my face while told that they are taking
me in for questioning," he said.
But not before the agents, who had staked out his house in undercover
blue and grey Saabs ("something that screams cop to every person in
Sweden from miles away"), searched his apartment and confiscated
computers, CDs and portable hard drives.
"They broke my wardrobe, short cutted my electricity, pulled out my
speakers, phone and other cables having nothing to do with this and been
touching my bookkeeping, which they have no right to do," he said.
While questioning Egerstad at the station, the police "played every
trick in the book, good cop, bad cop and crazy mysterious guy in the
corner not wanting to tell his name and just staring at me".
"Well, if they want to try to manipulate, I can play that game too. [I]
gave every known body signal there is telling of lies ... covered my
mouth, scratched my elbow, looked away and so on."
Egerstad said the police also accused him of theft because he had eight
PlayStation 2 consoles in his apartment. He said he owns a company that
Egerstad was released and no charges have been laid against him, but the
police are in the process of investigating the matter and nothing has
been ruled out.
Linus Larsson, a reporter for Computer Sweden magazine whom Egerstad
called after the ordeal, said in a phone interview he had confirmed with
Swedish police that the raid took place.
"We don't know exactly what they [police] are doing now but they took
his hard drives and his computers, and according to him the
interrogation went on for about 2 hours and he was then released but he
did not get his equipment back," Larsson said.
Egerstad said his lawyer was looking into whether the Swedish police had
broken the law by making several "unnecessary actions".
"They aren't giving me any information on who filed the report but said
that they have been exchanging information with other countries."
He said he hadn't heard anything from police since the raid but he did
not expect to receive the seized equipment back for months, even years.
"[I'm] losing money and trust in my company and even if i'm never
charged I will not get any compensation it looks like."
The raid occurred around the same time a feature article on Egerstad's
hack appeared in the Next IT section in The Age and The Sydney Morning
Herald, but it is unlikely the story sparked the raid.
Patrick Gray, who wrote the article, has published a detailed audio
interview with Egerstad, which took place before the raid, on his
website ( http://itradio.com.au/security/ ).
Visit InfoSec News