Dan Egerstad, a Stockholm-based specialist in IT security, created the list of computers’ IP addresses, usernames and passwords.
“I could have taught anyone how to do this in two minutes,” he said.
Egerstad’s list contains log-in details for the Russian and Indian embassies in Sweden, the Iranian Foreign Ministry, a number of Kazakhstan’s and Uzbekistan’s embassies, a British visa office in Nepal and a number of political parties in Hong Kong.
“They have failed in their routines and have poor knowledge of their own systems, which mean they practically give their passwords and their email details to me,” he said.
“I haven’t logged in to anyone’s account, but I can read their email,” he said.
Egerstad would not reveal exactly how he had come into possession of the information, but Computer Sweden magazine confirms that his information appears correct.
The consultant read an email to the magazine’s journalist that had been sent from the Royal Palace in Stockholm to the Russian Embassy. A palace employee confirmed that the email was genuine. Stockholm embassies featured on the list also confirmed that they had security issues.
Asked why he had collected the information, Egerstad denied his intention was to earn money, gain publicity or get a name for himself in hacking circles.
He said he had published the list because it would have been too time-consuming to contact all 100 organizations named. Had he handed the list to the Swedish Security Service (Säpo), he would have been guilty of spying. He claimed that by publishing the list he saved himself trouble.
“This rescues me from the shit,” he said.