Swedish police Monday raided the office of the security consultant Dan Egerstad, who in August published 100 passwords for embassies and governments worldwide.
Police confirmed that his office was searched and that he was charged with unauthorized computer access, but the police would not say anything more.
Computers, disks and drives were seized during the raid, which took place at 9 a.m. local time. Egerstad was taken to the police station for questioning. Both the security police and the national criminal investigation department were involved. Although the operation took place in the southern Swedish city Malmo, it was directed by the IT crime section of the National Criminal Investigation Department in Stockholm.
He was questioned for about two hours and after that he was released, he said. "I was told that pressure has been applied from other nations and that there are certain countries that I shouldn't travel to," Egerstad said.
"They mentioned Hong Kong and some other countries where there has been a lot of activity," he said. "My guess is India, but they wouldn't say more."
Egerstad has always been forthcoming about publishing the passwords. He insists that he never committed unauthorized access and that he wanted to draw attention to a security problem.
He said that the hardware that was seized is what he uses in his work as a security consultant. "The laptop that they took was my work computer, and the other ones weren't even connected. I can't do any work now," he said.
Egerstad has closed the Web site where the passwords, along with other security information, were published. Egerstad published the log-in details for 100 embassies and government agencies. The list included the foreign department of Iran and the Russian and Indian embassies in Stockholm.
According to Egerstad, he only published this information in order to draw attention to a major security weakness. He waited almost two weeks before he revealed how he uncovered the information. He had set up a node in the Tor anonymity network, which caused a number of unencrypted passwords to pass his server. Many of them belonged to governments and embassies. The method used, he says, means that no unauthorized access was needed to intercept the information.
One probable explanation for why the passwords passed Egerstad's Tor node is that other illegal users, who were reading embassy e-mail using stolen passwords, used the Tor anonymity service to avoid being discovered.
By Swedish law, the penalty for unauthorized computer access is a fine or a maximum of two years in prison.