Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Saturday July 22 2017, @09:55PM   Printer-friendly
from the outsourcing-oopsie dept.

We had two reports of an ongoing situation in Sweden where confidential information held by the government has been compromised:

Outsourcing Nightmare

Sweden might just be experiencing an outsourcing nightmare on a national level. The Swedish transport agency outsourced the entire driver's license database to IBM which in turn made it accessible to three IT workers in the Czech Republic, none of whom had security clearance. With it also came access to various police databases and access to SGSI (Swedish Government Secure Intranet), the secure and encrypted government network. Access to SGSI could also have acted as a backdoor into the STESTA (Secure Trans European Services for Telematics between Administrations) network which is the European and EU equivalent.

Part of the drivers license database and related system are also databases that contain information about active military personnel, vehicles owned and operated by the armed forces, and people with a protected identity. For normal people, beyond all the usual information a drivers license gives such as the personal ID number — that could be used for identity theft — it might also contain medical information that had to be filed to obtain a drivers license.

The former head of the agency was fired in January 2017 after being under investigation from SÄPO (secret service) and fined 70000 SEK (about $8500) for her part in the wrongdoing. So someone got a slap on the wrist, as this was about half a month's salary for her.

Turns out now everyone in power and government might have known about it for about two years give or take a couple of months and had not done anything about it.

Heads are about to roll. I wouldn't want to be in scapegoat range as someone is about to have to fall on the sword to save their incompetent political bosses arses.

https://www.thelocal.se/20170721/it-workers-in-other-countries-had-access-to-secret-records-report
https://www.thelocal.se/20170717/swedish-authority-handed-over-keys-to-the-kingdom-in-it-security-slip-up

"The Cloud" Facilitates Worst Known Leak of Government Material To-date

Over at the Privacy News Online blog, Rick Falkvinge writes about Sweden's lack of foresight and knowledge regarding the nature of hosted services and what kind of data they might be appropriate for:

Sweden’s Transport Agency moved all of its data to “the cloud”, apparently unaware that there is no cloud, only somebody else’s computer. In doing so, it exposed and leaked every conceivable top secret database: fighter pilots, SEAL team operators, police suspects, people under witness relocation. Names, photos, and home addresses: the list is just getting started. The responsible director has been found guilty in criminal court of the whole affair, and sentenced to the harshest sentence ever seen in Swedish government: she was docked half a month’s paycheck.

Source: https://www.privateinternetaccess.com/blog/2017/07/swedish-transport-agency-worst-known-governmental-leak-ever-is-slowly-coming-to-light/


Original Submission #1 Original Submission #2

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Saturday July 22 2017, @11:50PM

    by Anonymous Coward on Saturday July 22 2017, @11:50PM (#543169)

    "Say, for example, that I hacked the OPM and acquired and publicly released the SF-86's of all who applied for a security clearance."

    No need. The Chinese already did 2 years ago and the US did...nothing.