Gustav Nipe set up a Wi-Fi network called ‘Open Guest’ at a security conference earlier this week and several high profile officials used the network to log into their email accounts and surf the internet.
The Wi-Fi network was not encrypted which meant that Nipe could track which sites people visited as well as the emails and text messages of around 100 delegates, including politicians and journalists as well as security experts.
He said it was ironic that the security establishment was in Sälen pushing for more surveillance, but its leading figures go and log on to an unsecure W-Fi network.
Some people were looking at Skype, eBay and Blocket and stuff like that, or looking for holidays and where you could go and hike the forest. This was during the day when I suppose they were being paid to be at the conference working, Nipe said.
Nipe said that the stunt was to draw attention to the problem of network monitoring in Sweden, and says he will not be revealing which sites were visited by specific experts.
With insecure networks like these, you can end up getting access even to secure servers because people so often use the same passwords for different sites. So he could have got into the government’s server or used other information to track people in their everyday lives, he pointed out.
However, some think that Nipe’s stunt might have actually broken Sweden’s Personal Data Act.
Martin Brinnen, a lawyer at the Swedish Data Inspection Board told Dagens Nyheter that Nipe had acted without the “explicit consent” of the Wi-Fi network’s users, despite the fact that they had agreed to join an open network.
Nipe told The Local that all the data he had collected would be encrypted so that no-one else could access it and added that it would be erased after it had been analysed.