“The case is of Swedish national interest due to the very extensive character of the intrusion. The preliminary investigation involves Swedish authorities such as the Swedish Prosecution Authority, the National Bureau of Investigation (Police), the Stockholm Regional Investigation Unit (Police) and the Swedish Security Service (Security Police). […] The accessed data may cause considerable damage to authorities, companies and individuals. The intrusion handled by the on-going criminal investigation is probably the most serious suffered by Swedish IT-systems linked to public authorities. […] The analysis of the intruded mainframe computer makes it evident that an IP-number connected to Cambodian Internet Service Providers/Hosting Services have been used for part of the criminal intrusions, including extensive copying of sensitive data from the mainframe computer.”
This writing covers the Swedish government’s legal aid request which you can read in PDF format here.
The Swedish government’s request for legal assistance again proves that the kidnapping had nothing to do with TPB. The trial conviction was a cheap flag for Interpol to wave so that the Cambodian authorities would act, unlike how they usually go “meh” over internationally wanted pedophiles and murderers hiding in the region.
4th October, while the prosecution spokesperson told the media that this circus was due to TPB, Cyrus Farivar wrote in an article published by Ars Technica: Femerstrand also accused the Swedish Security Service of conducting surveillance of Svartholm Warg in Cambodia, “since [at least] March 2012.” (The Swedish Security Service did not reply to our request for comment.) How did I know? They were checking me out too. They visited me in restaurants and documented what I was eating, they photographed the house that I lived in and they filmed me taking out my garbage. Spotting agents is sometimes easy, and probably much easier in Phnom Penh; they don’t blend in. They must’ve sent rookies to Cambodia, I mean we’re talking Hawaii shirts, straw hats and sunglasses. Reading about myself in the intel on Gottfrid as “one or more Swedish hacktivist in Cambodia ” confirms my previous suspicions that they did their homework about me.
Evidence in the case has been gathered from equipment seized from the suspects’ possessions, Pastebin, Ubuntu One, Passagen and IRC (primarily EFNet). Two computers seized from one of the suspects were, according to the lawsuit, encrypted and could not be analyzed by forensics personnel. A few individuals living in Sweden have been visited by Swedish Police agents and had equipment seized and forced to sit in hearings with IT forensics staff simply for having online contact with suspects in the case. Several friends who had IRC contact with Gottfrid have noticed hacking attempts on their machines that were traced back to Swedish police agencies. It appears safe to claim that the current police tactic is to throw rocks in the water to observe which rings form.
The Swedish government’s panic request for legal assistance claims that the alleged data breaches, when added together, is historically the most dangerous one targeting the Swedish government – ever. Interestingly enough the media hasn’t dared mentioning it despite it being said in the lawsuit that the machines that were used by the attackers to hack the Swedish Nordea bank (which spent over 10 billion SEK on their secure systems) were in fact owned by the Swedish Parliamentary Administration and the Swedish National Police, which is supposedly also entirely hacked. What should be more interesting to discuss than how somebody allegedly tries to increase some integers in database row columns is how somebody allegedly gained full control of a country’s most important infrastructural parts and not be noticed for two years.
The question regarding whether Gottfrid did or did not attempt to transfer money to his bank account is highly irrelevant. What’s actually interesting in this case is that no matter if Gottfrid is guilty or innocent the Swedish government is right now standing bent over with their pants down saying somebody took control of their most critical systems and they didn’t even notice it for two years, despite somebody taking full copies of the data. These obviously existing security issues are not limited to Sweden. The customers of computer systems, both in the public and private sector, are all purchasing IBM products. IBM mainframes are ranked most secure in the world. Regardless of whether Gottfrid is guilty or innocent the fact remains: somebody has broken the systems on which shoulders all society critical elements stand: governments and banks.
The digitalization of our entire society has been proved to be broken, is the world ready to discuss that or do you want to continue debating the morals of stealing money on a bank mainframe? Open your eyes, the entire world just broke down and a lonesome bearded supposed drug addict is the alleged mastermind. In your face, Sweden.
Tor node gets raided
In June 2012 the Swedish International Public Prosecution Office requested legal aid from Germany to retrieve all data related to IP 184.108.40.206 after it had been discovered that it was used to connect to Logica mainframes. The Berlin police agency raided the address and the IP owned by Speedbone Internet & Connectivity. The server turned out to be a Tor exit node and no information could be retrieved about any users. No evidence was found during the raid and nothing was seized. The mainframe accessed stored big amounts of personal and financial data for the Swedish tax agency. Big amounts of data stored on systems used by the Prosecution Office and police authorities were also accessed and downloaded.
No evidence from Leaseweb
In September 2012 the Swedish International Public Prosecution Office requested legal aid from Germany to retrieve all data related to IP 220.127.116.11. The customer that rented the server could never be found since the service had been terminated a long time before the request arrived and Leaseweb did not keep customer data.
The info below is from the PDF linked in the top and not my personal words.
Detailed information of suspect (12 July 2012)
National Bureau of Investigation
Cyber Crime Unit
Family name: SVARTHOLM WARG
Forename: Per Gottfrid
Date of birth: 17/10/1984
Passport number: 23810667
Date of issue: 28/01/2003
Place of issue: Stockholm, Sweden
Expiry date: 28/01/2013
Description (dated 26/05/2011)
Height: 175 cm
Eye colour: Blue
Skin colour: Fair skinned
Hair colour: Medium blonde
Links to Cambodia
In September 2011 the trials concerning The Pirate Bay started in the Svea Court of Appealing. Gottfrid Svartholm Warg was not present and it was told that he was in Phnom Penh, Cambodia. He posted a medical certificate, written in Khmer, to his attorney stating that he suffered from some kind of illness.
According to an article 2009 on the blog of the travel writer Adam Bray, Svartholm Warg had lived for a time in an apartment on top of the Cadillac Bar & Grill in Phnom Penh.
This article also said that Svartholm Warg was the owner of the company Estoy Ltd. Seychelles IBC in Phnom Penh. When he registered the company’s website he stated the phone number +855 929 607 72 (Cambodian number).
In chat logs from the IRC network Svartholm Warg posted in 2009 and 2010 that he was operating from Cambodia. For instance he wrote that he uses the border crossing at Poipet from Thailand to Cambodia.
In the seizure from the current investigation a picture of Gottfrid Svartholm Warg’s Cambodian driving license was found. The picture is attached to this document.
Card code: A1.000034
Issue date: 21/01/2009
Address of Svartholm Warg: 4 St. 104 Wat Phnom, Daun Penh
In chat logs from the investigation Svartholm Warg has been logged on from IP-numbers pointing to Cambodia. These IP-numbers with timestamps are:
18.104.22.168 unknown time Cogetel Online
22.214.171.124 25/03.2012 2015 (UTC 0) Cogetel Online
126.96.36.199 10/03/2012 12:42 (UTC 0) Cogetel Online
188.8.131.52 04/03/2012 16:11 (UTC 0) Cogetel Online
Other IP-numbers pointing to Cambodia in the investigation are:
184.108.40.206 10/03/2012 01:00 (UTC 0) Mekongnet
220.127.116.11 10/03/2012 19:30 (UTC 0) DTV Starnet
Credit card number
A credit card number with the name Gottfrid Svartholm was found in the investigation.
Number: 4111 3418 0000 2947
Expiry date: 12/10
Name: Gottfrid Svartholm
Issuing bank: Acleda Bank PLC, Cambodia
The information about Svartholm Warg that follows is to be seen as unconfirmed intelligence information:
- he is a drug addict and a frequent user of marijuana and crystal meth
- he is in very bad shape and may have spent time in hospital recently
- he has earlier or recent rented a house in Cambodia from an unknown American citizen
- he may have contact with one or more Swedish hacktivist in Cambodia
- he (and his network) may have access to at least one Internet Service Provider in Cambodia. That ISP is Cogetel.
- he (and his network) may have access to the mail account of the Mayor of Phnom Penh
Request for assistance
Cyber Crime Unit
The Swedish National Bureau of Investigation is currently involved in a Cyber Crime investigation concerning a serious computer intrusion. In this investigation we request assistance from the Cambodian Police.
The criminal offence being investigated is a very serious case of breach of data secrecy according to the Swedish Penal Code Chapter 4, Section 9c. The case is of Swedish national interest due to the very extensive character of the intrusion. The preliminary investigation is handled by several Swedish authorities such as the Swedish Prosecution Authority, the National Bureau of Investigation, the Stockholm Regional Investigation Unit and the Swedish Security Service.
Two suspects have been detained during part of the preliminary investigation and we would appreciate your help with a third one. All suspects are Swedish citizens. The third suspect is:
Family name: SVARTHOLM WARG
Forename: Per Gottfrid
Date of birth: 17/10/1984
Gottfrid Svartholm Warg is suspected for a breach of data secrecy together with others, on numerous occasions during the period January 1 2012 to April 15 2012. There has not yet been application for a detention order.
Svartholm Warg is international wanted (Interpol file number 2012/318024) in another case as a result of an imposed sentence of 1 year imprisonment in the Svea Court of Appeal 17/04/2009. The diffusion is attached.
His present location is unknown though we believe that he lives in Phnom Penh, Cambodia. See more detailed information in the attached files.
Intrusions have been made against, inter alia, a mainframe computer operated by a private company, hosting large amounts of personal data/census data from the Swedish Tax Agency, including protected personal data, as well as data of financial nature. Large amounts of data from the Enforcement Authority and the Police have been accessed as well.
The accessed data may cause considerable damage to authorities, companies and individuals.
The intruion handled by the on-going criminal is probably the most serious suffered by Swedish IT-systems linked to public authorities.
Our request concerns investigative assistance locating the suspect Gottfrid Svartholm Warg. Furthermore we would like assistance with surveillance of the suspect with the purpose of documenting and analyzing his activities, contacts and locations.
In order to locate the suspect, see the attached document with detailed information. There you can find information about, inter alia, IP-addresses, credit card number, driving license and intelligence information. We have tried to collect and analyse information about his specific whereabouts but we cannot come any gfurther. We now need your assistance.
When the suspect has been located the intention of the prosecutor in this case, Senior Public Prosecutor Henrik Olin, is to file a Rogatory Request concerning a search warrant. In addition to the arrest of Svartholm Warg we would like to seize his computers, mobile phones, hard drives, other digital storage media and personal belongings that can be used as evidence in our case. If necessary and if possible Swedish police officers can assist in the house search.
HAND OVER RECORDS
Evidence number Description
1 Hard Drive Seagate 80 G
2 Hard Drive Hitachi 80 G
3 USB Stick
4 USB Stick
5 USB Stick
6 Memory Card
7 Wireless Access Point
9 3G Dongle With Sim Card
10 Modem Zon
11 Sim Card Tele2
12 Plastic Cover belonging to a Switch
13 Paper With Addresses
14 Business Card
15 Paper From EuroBank
16 Bagage Tag
19 Nokia Phone
20 Invoice for MacBook
21 Note Book
27 Plastic Cover belonging to a Router
28 Surveillance Camera, CCTV
29 16 Home Burned CDs
30 Lock Picking Tools
31 Modem Online