SoylentNews is people
SoylentNews
We had two reports of an ongoing situation in Sweden where confidential information held by the government has been compromised:
Outsourcing Nightmare
Sweden might just be experiencing an outsourcing nightmare on a national level. The Swedish transport agency outsourced the entire driver's license database to IBM which in turn made it accessible to three IT workers in the Czech Republic, none of whom had security clearance. With it also came access to various police databases and access to SGSI (Swedish Government Secure Intranet), the secure and encrypted government network. Access to SGSI could also have acted as a backdoor into the STESTA (Secure Trans European Services for Telematics between Administrations) network which is the European and EU equivalent.
Part of the drivers license database and related system are also databases that contain information about active military personnel, vehicles owned and operated by the armed forces, and people with a protected identity. For normal people, beyond all the usual information a drivers license gives such as the personal ID number — that could be used for identity theft — it might also contain medical information that had to be filed to obtain a drivers license.
The former head of the agency was fired in January 2017 after being under investigation from SÄPO (secret service) and fined 70000 SEK (about $8500) for her part in the wrongdoing. So someone got a slap on the wrist, as this was about half a month's salary for her.
Turns out now everyone in power and government might have known about it for about two years give or take a couple of months and had not done anything about it.
Heads are about to roll. I wouldn't want to be in scapegoat range as someone is about to have to fall on the sword to save their incompetent political bosses arses.
https://www.thelocal.se/20170721/it-workers-in-other-countries-had-access-to-secret-records-report
https://www.thelocal.se/20170717/swedish-authority-handed-over-keys-to-the-kingdom-in-it-security-slip-up
"The Cloud" Facilitates Worst Known Leak of Government Material To-date
Over at the Privacy News Online blog, Rick Falkvinge writes about Sweden's lack of foresight and knowledge regarding the nature of hosted services and what kind of data they might be appropriate for:
Sweden’s Transport Agency moved all of its data to “the cloud”, apparently unaware that there is no cloud, only somebody else’s computer. In doing so, it exposed and leaked every conceivable top secret database: fighter pilots, SEAL team operators, police suspects, people under witness relocation. Names, photos, and home addresses: the list is just getting started. The responsible director has been found guilty in criminal court of the whole affair, and sentenced to the harshest sentence ever seen in Swedish government: she was docked half a month’s paycheck.
(Score: 3, Informative) by Anonymous Coward on Sunday July 23 2017, @01:14AM (1 child)
The general director Staffan Widlert 2009–2015 started the headless outsource it all project under the the conservative government 2006-2014 led by Fredrik Reinfeldt that were totally into the got mine and fuck you theme. Also called new public management or such. So when the next director came around, Maria Ågren (2015-2017) she were told to sign a paper on her first day, allowing this breaking the law mode of operation or essential services in society would halt operations almost immediately, like being able to issue any drivers license as an example. However she anchored it with the chairman of the board, Rolf Annerberg. So when the blame game started she had a meeting with the government at no later than February 2016 and some kind of deal was made. That is why she only got fired and a ~$8500 fine. But Rolf Annerberg resigned this week.
These actions are official crimes that can render many years in prison..
It's obvious from interrogation documents from the security services (SÄPO) and others that the minister of interior and minister for Infrastructure knew about this exposure for 1.5 years without taking appropriate action. And it's likely that the prime minister did know for some time too. That is how high this affair goes and thus why it can take the government down in a vote of no confidence, new election etc.
The point is that the government 2014-now has mishandled a lot of other services like the police, health care, school, housing, immigration social services, foreign policy etc for a long time. So the patience with them is very low with large parts of the population. To top it of Serbia where the firewall services were outsourced is a amusement park of security services and their military is a partner with Russia while Sweden is more aligned with the western powers. The database part went to Czech Republic as mentioned above.
Take home:
* Don't trust mainstream media. If it's owned by Bonnier or Schibstedt, they are traitors.
* Elect a sane government that isn't a bunch of traitors and sellouts.
* Provide a budget for in-house staff to do the security sensitive stuff. Outsourcing security that matters is a really bad idea.
* Hire boards that have sane values (meritocracy, security and getting shit done) and brains.
* Hire general directors that stays with the law, treats employees nice and gets shit done.. and brains. Preferably they know computing.
As always the fish rots from the head down and the smell comes a long time later than when the rotting started.
(Score: 1, Informative) by Anonymous Coward on Sunday July 23 2017, @05:30AM
Latest from Incompetence-R'-Us:
Worst known governmental leak ever is slowly coming to light: Agency moved nation’s secret data to “The Cloud” [privateinternetaccess.com] (2017-07-21)
How the Swedish administration leaked EU’s secure STESTA intranet to Russia, then tried glossing over it [privateinternetaccess.com] (2017-07-22)