Below is the translated transcription of the hearing with GSW regarding charges related to intrusions in the Nordea Bank. Original Swedish recording can be downloaded here.
Dag 5, 2013-05-31
11:00 Förhör med tilltalad GSW (åp 5-13)
OLIN: Thank you. I think Ola Salomonsson has already answered some of my questions, but I thought I would ask you to make some comments. Perhaps you would first like to say something in general about these charges.
GSW: Yes, well… I don’t know what more to say than that I don’t have anything to do with it.
OLIN: Then I would like to ask a little about… first the harddrive, point 2. On it there are traces of all kinds of datasets from Nordea, do you have any comments on that?
GSW: I’m not denying that they are there, I’m denying that I have put them there.
OLIN: Yes. And you heard my statement about these 14 different IP addresses that were relevant and the 13 direct occurrence and 14 indirect occurrences in the MacBook, point 26. A big portion of them was from the ISP Cogetel, which perhaps is a big provider in Cambodia or?
GSW: I actually don’t know that.
OLIN: No. You said earlier that you had used that ISP?
GSW: Yes exactly.
OLIN: And yes… Perhaps it’s not so easy, but do you recognize any of these IP addresses?
GSW: No. I can say that I recognize that they are from Cogetel based on the numbers they are starting with but… I don’t recognize them otherwise.
OLIN: This other Cambodian ISP, what was the name again… Maybe you know that better than I? Citylink and Digi, do you recog–
GSW: No, it’s nothing I recognize. I may have heard the names but I haven’t been a customer of them.
OLIN: Malmö Borgarskola, (inaudible) group, nothing you–
GSW: Never heard of them.
OLIN: No familiar names at all?
OLIN: Returning to this Mysec content that we discussed in previous hearings. In the Mysec content, if I can express myself like that… The files connected to Mysec in your computer, there are 4 of these IP addresses that are connected to the intrusion against Nordea.
GSW: Which page?
OLIN: Oh no… Perhaps I am wrong a little bit I’m realizing, these IP addresses…
?: Which page?
OLIN: I am on page 130. Oh, okay. Sorry. I will reformulate the question. I think that you should interpret this on page 130 that after contact with Mysec and in data that they have delivered they have informed that 4 out of these 14 IP addresses connected to Cambodia have been discovered at Mysec. Do you have any comment?
GSW: I will begin by pointing out that Cogetel uses so called dynamic IP addresses, meaning the customer gets a new IP address every time he connects. So you have to look at the timestamp also.
OLIN: Yes. But you have connected to Mysec’s environment from your computer in Cambodia.
GSW: That’s correct.
OLIN: And you naturally don’t know which IP?
OLIN: Especially considering they are dynamic?
OLIN: And that your defense already answered to but I’ll ask anyway at the risk of being a bit repetitive, but regarding these transactions… these names of individuals and companies, is there anything that is familiar to you?
GSW: The first time I heard any of the names was during the interrogation on 8th March.
OLIN: The company called (inaudible)?
GSW: Never heard of it. I think on 8th March you asked about three recipients.
OLIN: During interrogations?
OLIN: Oh, OK. But now that you’ve heard all names you don’t have any..
OLIN: No. I have no more questions, thank you.
Judge: Ola Salomonsson.
OLA: The question can seem a bit distant in relation to all these technical things… But I will begin by asking you, without going into personal things, how are you living in Cambodia during this time? How is it financially for you?
GSW: I didn’t have any financial problems. I was partially working, running a business down there.
OLA: And you had a lot of employees too?
GSW: Yes, in the previous year.
OLA: But at this time, more exactly during the summer 2012.
GSW: I was freelancing as a consultant and didn’t have any financial problems at all. I was getting money from my parents too.
OLA: Is it the same residence and same conditions as you said in earlier hearings?
OLA: I mean with the guestroom and the computers and so forth.
OLA: There is no difference I think. Now… the technology isn’t so easy at least for me, but when you say that the ISP in this case had a dynamic timestamp or…
GSW: Dynamic IP address.
OLA: That’s right, dynamic IP address. What does that mean, explain a little bit.
GSW: It means that customers are assigned new IP addresses every time they connect.
OLA: OK. So that many different IP addresses are occuring…
GSW: That can both mean that one and the same computer has multiple IP addresses or that multiple computers have the same IP address. They only have it at the same time.
OLA: If we apply that on the fact that there are 14 different IP addresses here, does it have any value then?
GSW: No, not really.
OLA: No, OK. I said but perhaps it should also come from you, or perhaps that question was asked. But you didn’t recognize any of these companies…
OLA: that the money has supposedly been sent to…
OLA: We have Iran here, now your computer might have been remotely accessed but do you have any connection there?
GSW: No, none.
OLA: Do you have any similar reflection as you had on the previous charge, a slight idea over which individual or group could be behind this?
GSW: This is closer in time so it’s easier to remember things that have happened and I have my suspicions of who could…
OLA: Is that going in the same direction as what we talked about previously?
GSW: Yes, it’s more or less the same.
OLA: More or less the same?
GSW: It’s the same.
OLA: I have thought, and of course you think a lot about this case, it’s a pretty large investigation but… I am wondering if it’s not you that is responsible for the intrusion and transactions then one can ask, and you have your suspicions, but is there anything in this material that you can point at that shows that you didn’t do it?
GSW: It’s hard to say that it’s not me except by saying that I don’t know anyone of those involved.
(OLA and GSW talking at the same time, inaudible.)
GSW: Besides that I can say that I actually had work to do and didn’t have time to sit and do these things.
OLA: Summer 2012?
GSW: Yes exactly.
OLA: Maybe it doesn’t take so long to do this but you can tell anyway, what are you doing when you are busy?
GSW: I am freelancing as a consultant doing graphical development and other…
OLA: Mm, and it was a little bit what you said earlier.
OLA: So to say you were active summer 2012.
OLA: One can either way ask, since we are specifically asking about the summer 2012, even though the intrusions happened a short while before that, were you physically in Phnom Penh where the computers stood?
GSW: Yes I was.
OLA: You know that you were?
OLA: Have you had any guests at all?
GSW: I have had many.
OLA: Even during this timeframe?
GSW: Exactly. Also people that have been living there for longer periods. I had, like I said, a pretty large apartment very centrally so people often came to the city when living somewhere else in Cambodia or were temporarily in Cambodia and lived in my apartment instead of renting a hotel room.
OLA: I asked the question to the prosecutor if the intrusions and data transfers had to be made (inaudible) is there anything in that regard that you want to inform or say?
GSW: I have nothing to do with neither the intrusions nor the data transfers so I can just generally point out that it doesn’t have to be the same person.
OLIN: One more question from my side.
JUDGE: Go ahead.
OLIN: You don’t have any obligations to prove your innocence of course, Gottfrid. But now both under this charge and the previous one you have repeated these suspicions that you have, when you’ve said one part don’t you want to say the second part and give some more information about your suspicions?
GSW: Now I will speak personally from the heart so to say. You must understand that here you come and first you talk about several years in prison. Do you know what happens to so called snitches in prison?
OLIN: It’s not my part to answer any questions right now but I understand your viewpoint.
GSW: You have to understand that I can’t expose myself to the obvious risk losing life and limb. It’s also quite large sums of money so it’s very likely that the actual offenders would go after me if I…
OLIN: So your own security is the reason why you don’t want to say anything more. I respect your answer, that’s what I wanted an answer to. Thank you.
OLA: To add on the same theme, there are even journalists that have called me, not only one but pretty many, but people are wondering a little about whether you’ve been threatened or are afraid of threats from individuals or groups, have there been any?
GSW: I haven’t received any concrete threats, no.
OLA: This with the computer world, hackers breaking into every mainframe and banks and transfer money, this can spontaneously possibly be connected to international crime and serious crime…
GSW: It’s a little bit why I brought up this with that different people can have done the hackings and transfers.
OLA: I can imagine that this is extremely organized.