Pirate Party Schools Sweden’s Security Experts
Sweden’s Pirate Party was formed in 2006 by Richard Falkvinge (@falkvinge) and others involved in the operation of torrent tracker Pirate Bay. Since then the party has gone on to win national parliament seats in the Czech Republic, Iceland, and in 2009 two of the Swedish European Parliament seats were claimed by the party.
Recently party members Gustav Nipe (@gustavnipe) and Elin Andersson (@piratfeminist) attended the annual Swedish security conference hosted by Folk och Försvar (Folk & Defense), set up WiFi under the SSID Open Guest, and captured traffic from about a hundred attendees. They published an opinion piece (Swedish) about their findings, not naming those they observed, nor releasing their data, but making it clear how poorly prepared the attendees were in terms of cybersecurity.
What Folk & Defense Does
Folk & Defense formed on the eve of World War II in 1940. Follow the war the organization expanded as a bridge between the military and NGOs, somewhat similar to America’s Center for Strategic & International Studies. Their broad mission statement has this to say:
We contribute to the spread of knowledge and debate about everything from climate threats and cyber attacks the defense industry, international operations and the gender perspective on security policy.
As an example of their activities, there were over five hundred training sessions for 12,000 young people during 2010. Attendees role play being leadership for select countries facing policy issues, and journalism students are offered a separate, but related track where they sharpen their skills by reporting on the event.
If this honeypot had been run by blackhats or a foreign intelligence service rather than political activists, the follow-on effects would likely have been subversion of the networks of each of the organizations who had a careless employee in attendance.
The Global Backdrop
Half an hour east from Stockholm, across the Baltic Sea, lies Tallinn, Estonia. NATO’s Cooperative Cyber Defense Center of Excellence has produced a document known as the Tallinn Manual, which codifies international law in regards to cyberwar. This is a non-theoretical issue for Estonia, who stood up the Küberkaitseliit, their National Cyber Defense League, after an all-out attack by Russia in 2007.
Meanwhile, the U.S. Is having convulsions, first attempting to blame North Korea for the Sony intrusion, and then suffering the humiliation of the @CENTCOM Twitter account’s seizure. The first seems to be an insider, the second a skiddie move, but politicians and press are attempting to stampede the country into surrendering more civil liberties in response.
The Pirate Party has provided much-needed political disruption in the Nordic Region, reaching right into the European Parliament from their local power base. The mild, civic-minded disruption of this conference is a gentle lesson compared to what Estonia faced. We should check back in a year to see how this event affects the 2016 conference.
Images from Folk och Försvar and Wikimedia Commons.