14 DAY TRIAL // Gustav Nipe, president of the youth wing of the Swedish Pirate Party, set up his own WiFi spot at a conference pushing for more government surveillance in Sweden, attended by leading security and military experts.
He named the insecure wireless network “Open Guest” and noticed that about 100 people connected to it not only for browsing the Internet but also for logging into email accounts.
Collected information will be deleted after analysis
With no encryption available, Nipe was privy to the entire traffic produced by those using the network for Internet access. As such, he was able to see that the officials queried search engines for results for “holidays” and “forest hikes.”
Swedish newspaper The Local reports that Nipe did not set up the honeypot to target particular individuals, but to raise awareness about the issue of Internet monitoring.
He stated that he would not reveal who visited what website and that all the data would be deleted after first analyzing it.
“The scary part is that with unsecure networks like these you can end up getting access even to secure servers because people so often use the same passwords for different sites. So we could have got into the government's server or used other information to track people in their everyday lives,” Nipe told the newspaper.
It is worrisome indeed that security experts dared connect to an unencrypted network, be it at a security conference where stunts like these are not to be expected.
However, even if it is a safe place, an open network is not to be trusted because it can be compromised by a malicious actor.
Was the stunt against the law or not?
The debate in Sweden at the moment is whether Nipe’s action was in accordance with the law, as many voices say that he breached the Personal Data Act in the country since he had no explicit consent from the users to monitor their traffic, even if they connected by their own accord.
On the other hand, Nipe defends by saying that “if anything was illegal then it was people using our network without permission and high ranking people working in security using unprotected, unencrypted networks to log into their emails.”