Fake Wi-Fi network fools top Swedish security experts
The 26-year-old hacker created the Wi-Fi network called 'Open Guest' at a conference earlier this week. Given the network was not encrypted, Nipe managed to monitor the sites people visited, along with emails and text messages of up to 100 delegates, politicians, journalists and security experts among them.
“The security establishment was in Sälen pushing for more surveillance, but then leading figures go and log on to an unsecure Wi-Fi network,” the president of the Swedish Pirate Party's youth wing told The Local.
He said it was "very embarrassing" because the data he collected showed that some people were using Skype, surfing eBay and Blocket or looking for holidays and hiking spots. "This was during the day when I suppose they were being paid to be at the conference working," Nipe said.
"The scary part is that with unsecure networks like these you can end up getting access even to secure servers because people so often use the same passwords for different sites. So we could have got into the government's server or used other information to track people in their everyday lives," he added.
Since 2006, the Pirate Party's goal has been to "fight for a better world, free of oppression and censorship.” Nipe said he wasn't targeting a particular person, but only wanted to raise awareness about network monitoring in Sweden. His stunt drew fire on social media with some accusing him of breaching Sweden's Personal Data Act.
According to a lawyer at the Swedish Data Inspection Board, Nipe had acted without the "explicit consent" of the Wi-Fi network's users, even though the participants of the conference had themselves agreed to join an open network.
"To collect data in order to create some sort of mapping of [how people are] using the network, or to collect sensitive data, may be contrary to the Personal Data Act," Martin Brinnen told Dagens Nyheter daily, adding that there were exceptions in the law allowing logging personal information for journalistic purposes.
Nipe said he is confident "we are on the right side of the law,” pledging that all the data he had collected would be stored in an encrypted way and erased after being analyzed.