SoylentNews is people
SoylentNews
Sweden's Transport Agency moved all of its data to "the cloud", apparently unaware that there is no cloud, only somebody else's computer. In doing so, it exposed and leaked every conceivable top secret database: fighter pilots, SEAL team operators, police suspects, people under witness relocation. Names, photos, and home addresses: the list is just getting started. The responsible director has been found guilty in criminal court of the whole affair, and sentenced to the harshest sentence ever seen in Swedish government: she was docked half a month's paycheck.
This discussion has been archived.
No new comments can be posted.
Swedish Agency Moved Nation's Secret Data to “the Cloud”
|
Log In/Create an Account
| Top
| 29 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
innovate, v.:
To annoy people.
(Score: 5, Informative) by canopic jug on Wednesday August 30 2017, @10:46AM (5 children)
It would have been nice to have a followup instead of a repeat. Falkvinge notes at the end of the post that they might get around to addressing the problem maybe somtime in the autumn. This was covered here a few weeks ago under the title Outsourcing Nightmare [soylentnews.org]
Here are two other old articles on the topic
It looks so far like the government is choosing spin rather than actually addressing the problem.
Money is not free speech. Elections should not be auctions.
(Score: 5, Informative) by looorg on Wednesday August 30 2017, @12:24PM (1 child)
To update since this was news last time. They are still arguing about who know what and when, not to mention whom did they inform about what they knew and not now know and when. There is still about a two year gap between when various ministers say they knew or got informed, some got informed in September of 2015 but then others in the beginning of 2016 and apparently nobody bothered to tell the Prime minister until January of 2017. If one is to believe them and their various statements.
Two ministers had to leave their positions in the government so far. Ygeman (Inrikesminister, Secretary of the interior) and Johansson (Infrastrukturminister, Minister of infrastructure). A third, Hultqvist (Försvarsminister, Minister for Defence), is still hanging somewhat lose. They left instead of falling to no-confidence votes/motions. So it's not like they saw the errors of their ways and took responsibility for their actions or anything like that. It's just better to leave then to be fired.
One of the Prime minsters secretaries of state resigned a few days ago, due to her own negligence according to her self. She had failed to inform the Prime minister and ask the right questions in various secret meetings OR just as likely she didn't want to be called to KU (Konstitutions utskottet, committee of the constitution) and answer questions about who know what and when and such.
When all the issues are dealt with it seems that the servers and data will now be maintained by the Social Insurance Agency (Försäkringskassan), in Sweden for obvious reasons. They are also talking about building a their own cloud solution in Sweden to be used by all the various state and government agencies and such so nobody will ever fall victim to storing their data on a foreign machine ever again ... except say all the universities and such that let Google run all their mail-servers etc.
(Score: 2) by driverless on Thursday August 31 2017, @10:13AM
I've also heard that they've gone to a sophisticated encryption system [www.tuco.de] that would make the data useless outside Sweden.
(Score: 1) by Rich26189 on Wednesday August 30 2017, @04:39PM (1 child)
Mea culp. I try to read SN everyday but don’t and I didn’t have enough SN foo to search old stories to see if this was a repeat. I came across this story a few day ago while reading Schneier On Security. Bruce had posted an article re this on Aug 24 I read it a few days later. The referenced article was interesting to me but I failed to check the date.
(Score: 1, Troll) by realDonaldTrump on Wednesday August 30 2017, @05:13PM
Touch Search. Select Most Recent Touch the white rectangle. Type Sweden. Touch Go on your keyboard. And there it is, Outsourcing Nightmare! Very glad you turned this in again. Important reminder of what happened because Sweden joined the European Union. They lost control of their country. They had to outsource their cyber. To Islamic (Muslim) extremists. Horrible cyber terrorism going on in Sweden! 🇺🇸
(Score: 0) by Anonymous Coward on Thursday August 31 2017, @12:54AM
Yes that country is useless at every level of governance. And I dare to blame Feminism.
Most hillarious part, for me anyway, is the fact that the reason they have so much data is because they decided to gather as much data on their own citizens as possible (for no good reason).
(Score: 0, Funny) by Anonymous Coward on Wednesday August 30 2017, @11:13AM (1 child)
The Director would only have been docked a tin of Surströmming if she were a man!
(Score: -1, Offtopic) by Anonymous Coward on Wednesday August 30 2017, @05:03PM
Aw, poor snowflakes can't take a joke.
Just a reminder, Hillary lost.
Have a Trumpaliscious day!
(Score: 4, Funny) by kazzie on Wednesday August 30 2017, @11:31AM
On the Google-translated article mentioned at the bottom of TFA (wrt. fixing the leak):
(Score: -1, Troll) by Anonymous Coward on Wednesday August 30 2017, @11:48AM (8 children)
"she was docked half a month's paycheck."
Unlike in America, where you get mandatory minimum sentences for things someone decided to call "offences" like smoking trees, being black etc. It is all a jewish conspiracy.
Giving someone the punishment of half a month's paycheck is not necessary either. The damage is done and there is no point in punishment ... unless you're the rich jewish conspirators on a quest for world domination and want to make a point of punishing bad behavior among the slaves.
(Score: 0) by Anonymous Coward on Wednesday August 30 2017, @12:03PM (1 child)
> The damage is done
yes, um... punishment is also intended as a dissuasion for the same kind of offense by everybody else. It feels strange that these concept have become so foreign.
(Score: 0) by Anonymous Coward on Wednesday August 30 2017, @06:22PM
We call it negative feedback.
https://www.allaboutcircuits.com/textbook/semiconductors/chpt-8/negative-feedback/ [allaboutcircuits.com]
Sorry, couldn't stop the EE humor.
(Score: 2, Touché) by Anonymous Coward on Wednesday August 30 2017, @01:21PM (5 children)
> It is all a jewish conspiracy.
I hate replying to trolls, but in this case...
Since you believe that Jewish people control all these things, I'm very surprised that you haven't converted to Judaism. That way you could get in on the power and wealth yourself. After a few generations of mixing, your descendants will be on the winning side.
(Score: 0) by Anonymous Coward on Wednesday August 30 2017, @06:20PM (1 child)
Not supporting what he said, but Judaism isn't a normal religion in terms of joining it. Firstly it is genetic. If your mother was a Jew, you are considered a Jew even if you call yourself an atheist. In fact an atheist female Jew who has a child will also be a Jew, and so on. [Converting to Judaism](https://en.wikipedia.org/wiki/Conversion_to_Judaism) is a huge deal that involves complete immersion in the "Jewish life" overseen by a rabbi and a panel that judges a person a true Jew. And once that happens you're a permanent Jew. So you could denounce Judaism, become a Buddhist, and still be considered a Jew so long as the initial conversion was performed and passed properly. And once you pass the 'conversion test', you literally get a certificate verifying yourself a Jew. Your shtar giyur. That certificate would be necessary to do things like marry a Jew.
In many ways it is more like a hyper ethnocentric race than a religion. Anyhow, just something interesting. I think most people don't really know anything about Judaism and just picture as being like Christianity (or really any other religion) but with different beliefs. It's its own unique beast.
(Score: 0) by Anonymous Coward on Wednesday August 30 2017, @10:11PM
Jews today are of Khazar origin, it ought to be mentioned.
-- Chapter XI - Race and People
(Score: 0) by Anonymous Coward on Wednesday August 30 2017, @10:00PM (2 children)
When money and control is all you desire, you are a parasite. Just like rats are parasites and destroy value wherever they go, jews destroy everything of value and give back wars and conflict in return. In the Russian revolution, jews hijacked the system and put themselves in power to the detriment of everyone else. That was a conspiracy. Jews are conspirators by nature. They do this because their devil-worshiping "religion" told them to.
Most humans today care less about infinite riches and control. They want to produce value and make the world a richer place, where wealth and knowledge is shared instead of hoarded.
The original post mentioned keeping people under control by punishing bad (unapproved) behavior severely, making an example of the non-jew to all other non-jews ... in order to divide them and gain more control. Someone gains more power when people are fighting among themselves.
Rothschild dynasty does not need any more money but they keep us all poor. For if we had more than rent money in our pockets, we would be free and the jews would lose control over us.
Race mixing is a bad idea. Your mixed children will not thank you but will curse you because mixed humans have no soul. Mixing with jews is the worst kind of self-inflicted punishment anyone can undertake. Avoid jews like the plague they are.
Suggesting someone mix races is best left as a joke and insult.
(Score: 0) by Anonymous Coward on Wednesday August 30 2017, @10:15PM (1 child)
> Suggesting someone mix races is best left as a joke and insult.
I disagree with this statement in the strongest possible way. The sooner we all interbreed and become "mutts" the better things will get for all of humanity. All these damn high strung purebreds (self-segregating by race, nationality and/or religion) are causing most of the fundamental problems in the world. The worst are the ones that are actually called "fundamentalists" and play the "like-me vs. unlike-me" cards the most.
(Score: 0) by Anonymous Coward on Wednesday August 30 2017, @10:23PM
I'm glad you mentioned purebred.
The only nation on this planet that is purebred is Israel. They run genetic tests to make sure their population is purebred (by race).
By your definition, we need to nuke Israel from orbit.... I only suggest putting them all in work camps, aka concentration camps (like the good old days).
Humans did race-mix a long time ago, and we ended up with different races that are actually different from each other. Diversity is good. Mongrels are bad.
(Score: 0, Offtopic) by Anonymous Coward on Wednesday August 30 2017, @12:14PM (2 children)
Now they are at their weakest for a long time. Hit hard, hit fast.
And maybe, just maybe somebody will learn a lesson.
(Score: 0) by Anonymous Coward on Wednesday August 30 2017, @09:19PM (1 child)
Seriously, if a civil war breaks out in Europe, Sweden is arguably the most likely place. And this kind of news gets paranoid people to think that preparations are underway.
(Score: 2) by qzm on Thursday August 31 2017, @01:10AM
I can only assume you are not from Sweden and/or dont know any people from there?
There is a big difference between being grumpy about nearly everything, and actually doing something about it.
When being unhappy is a national passtime, why would they want to change?
(Score: 3, Informative) by inertnet on Wednesday August 30 2017, @01:57PM (4 children)
The cloud hype has been really strong. I've heard clients sigh of relief after confirming their question: "but my data is going to the cloud, right?"
To the average person "the cloud" is something magic but good, and your data is safe there.
(Score: 2, Interesting) by pTamok on Wednesday August 30 2017, @03:51PM
Aye.
'the cloud' == 'somebody else’s servers, over which you have no control'
It's worth looking up what happens to information held on servers owned by a company that goes into bankruptcy. As far as I know there is some legal protection for consumers personal information (especially medial records), but for corporate information?
Healthcare Privacy and Bankruptcy - http://www.creditslips.org/creditslips/2007/01/healthcare_priv.html [creditslips.org]
(Score: 2) by crafoo on Wednesday August 30 2017, @04:48PM (2 children)
All that IT stuff is someone else's problem. All those annoying IT people wringing their hands about bugs and security are located somewhere else (away from me). We have a contract and I have someone outside the organization to blame. The cost is a fixed and predictable payment. I get to reduce headcount (and therefore show an improvement in efficiency). Win-win-win-win. It's all just wins!
(Score: 2) by canopic jug on Thursday August 31 2017, @06:00AM (1 child)
All that IT stuff is someone else's problem. All those annoying IT people wringing their hands about bugs and security are located somewhere else (away from me). We have a contract and I have someone outside the organization to blame. The cost is a fixed and predictable payment. I get to reduce headcount (and therefore show an improvement in efficiency). Win-win-win-win. It's all just wins!
Even better, all those IT people contracted outside the organization are 100% dependent on that one single contract which I have sole control over. Keep me happy and back me up in all political in-fights and I will renew that contract every time. Again, win-win-win-win all around.
Money is not free speech. Elections should not be auctions.
(Score: 2, Informative) by pTamok on Thursday August 31 2017, @07:00AM
Well, actually, outsourcing contract renewal times are interesting.
If you outsource to a small player, you do have more power, but the likelihood of them going bust or being taken over by a large player goes up. If they go bust, your IT services can be turned off unexpectedly, and permanently, which normally has bad repercussions for the organisation buying the outsourced IT services.
If you outsource to a large player, (or to a small player taken over by a large player) who is less likely to go bust or be taken over, when contract renewal time comes, they are not dependant on your business: at which point, any sweetheart deals made to get you on board can be taken away. Your organisation's IT (and operations) are too entwined for easy withdrawal, so you end up having to accept different conditions. It's also well known how expensive modifications to outsourced contracts can suddenly become.
Overall, if you need to keep control of your IT, outsourcing is a high-risk strategy. Having your own data centres and IT staff that you control does, funnily enough, give you more control than buying services from an outsourcing supplier*. It is, also, more expensive, so there is a risk calculation - do you accept the risk of outsourcing going horribly wrong, at the benefit of (usually) lower cost, making your organisation more competitive in the market - or do you maintain control. From an MBA's perspective, buying a service and thereby reducing direct headcount and the buying organisation's operational complexity looks like a 'slam-dunk' good thing.
*In principle, you can generate any degree of control you require via the outsourcing contract. In practice, outsourcing contracts seem to be quite difficult to get right, and few organisations publicise the mistakes they make. They can even be under NDA.
(Score: 2) by bradley13 on Wednesday August 30 2017, @07:24PM (2 children)
Ok, they uploaded sensitive data to "the cloud", without having much of a clue. Worse than usual, but not exactly *un*usual. But this particular cloud was managed by IBM, who surely had some sort of a contract, which must have contained some sort of terms. Surely IBM is liable for serious leaks of data?
What is unclear in TFA: The only alleged leak is this: "the entire register of vehicles was sent to marketers subscribing to it.". "Sent" implies that it was mailed, or otherwise deliberately made available. Sure, they "sent" the wrong version of the list, but that's not a leak, that's just human stupidity.
So...where are the actual leaks? Or is the data actually (so far) secure in IBM's cloud? Or did someone forget to give IBM clearance to host the stuff? Or what? TFA is really unclear about just what the problem is...
Everyone is somebody else's weirdo.
(Score: 2) by looorg on Wednesday August 30 2017, @08:45PM (1 child)
Quick summary. IBM transferred (or had transferred to them) data from a server park in Sweden to a server park ("the cloud") which was physically located in the Czech Republic, the hosting staff turned out to have previously worked with armies and intelligence agencies in various eastern European countries. Non of which had Swedish security clearance to work with the data in question. Since they had physical access to both hardware, software encryption keys etc they could have made as many copies and queries as they liked and nobody is every going to know. It's the known unknowns or something. One has to assume leak since one can't prove the not leak scenario.
IBM has not said anything since the story broke except that all questions should be answered by Transportstyrelsen (the agency in charge of the data in the first place).
The previous posts in the other older thread has better and more in depth links and comments I would say.
(Score: 2) by arslan on Thursday August 31 2017, @12:35AM
That doesn't sound like a thing unique to cloud. That sounds more like poor outsourcing control. People that use physical data centers move data all the time for various reasons, i.e. they lease space and move to another DC, they have backups moved by 3rd party specialists, etc. The moment you outsource any point in the whole process you're vulnerable unless you vet the company thoroughly including any sub-contractors.
In this case it is particularly dumb to hand your data and operations to a 3rd party and allow them to move your data outside of the country especially since it is data belonging to a sovereign nation. IBM's cloud just so happens to be the end product but this really is a case poor outsourcing (it if should be outsourced in the first place).
Call it for what it is, even if the cloud doesn't exist, an organization or entity could easily have done the same thing and hand the control of their data and operations to another party via outsourcing and the same shit would have happened.
The MBAs and CxOs and decision makers (like the ministers in this case) have been drinking the outsourcing kool-aid much longer than before "the cloud" came along. The cloud, regardless of its deficiencies, just provides another medium for those idiots to re-apply all their failed strategies all over again and the sooner people call out the real source of the problem the better.