Slashdot Mirror

← Back to Stories (view on slashdot.org)

Latvian "Robin Hood" Hacker Leaks Bank Details

Posted by ScuttleMonkey on from the too-many-hoods-in-the-forest dept.

eldavojohn writes "Move over Russell Crowe, an anonymous hacker in Latvia is being hailed as a real life modern Robin Hood. The hacker refers to himself as 'Neo,' claims allegiance with the Fourth Awakening People's Army, and is outing banks that are capitalizing off of the horrible economic status Latvia is currently suffering from. No word on how he is acquiring the information but it is slowly being leaked to TV sources via Twitter and the common people love him. The hacker is thought to be based in Britain but a TV reporter pointed out the fine line Neo is walking, 'On the one hand of course he has stolen confidential data ... and he actually has committed a crime. But at the same time there is value for the public in the sense that now a lot of information gets disclosed and the whole system maybe becomes a little more transparent.' An example of a juicy tidbit he revealed is that managers of a Latvian bank did not take the salary cuts they promised they would after the government bailed them out of economic trouble. You can imagine that taxpayers were upset and thankful they knew this information."

7 of 170 comments (clear)

  1. Re:Latvia explained in pictures and comments by jayme0227 · · Score: 2, Informative

    I suppose it would be better if I could actually read what was written in the pictures, but really, I only lost about 38 seconds of productivity. Without a sense of context, the humor in most of those was lost on me.

    --
    But then I realized the cable was blue, so I only gave it one star. I hate blue.
  2. Re:Who? Wha? Huh? by SOdhner · · Score: 4, Informative

    He's playing Robin Hood in a new movie that's not out yet.

  3. Hacker? Not really by hammeraxe · · Score: 4, Informative

    I think calling the guy a hacker is a bit over the top. Basically what he did was change the document id numbers in the URL. The information he was accessing was not secured in any sensible way: the login page could be bypassed by simply entering an address by hand. It's pretty much an epic fail of the company that made the system (unless the flaw was introduced intentionally for some reason). Source: http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&layout=1&eotf=1&u=http%3A%2F%2Fwww.diena.lv%2Flat%2Fpolitics%2Fhot%2Fneo-no-4ata-mes-bijam-parsteigti-ka-mums-tik-ilgi-lava-datus-kopet&sl=auto&tl=en

    1. Re:Hacker? Not really by ACS+Solver · · Score: 4, Informative

      The BBC article doesn't entirely reflect the situation. I live in Latvia and do know better ;)

      The main thing they're not mentioning is the origin of that data. It wasn't just "downloaded" from the State Revenue Service via a hack or somesuch. This part has made headlines here - it turned out that the Revenue Service's internal system that contains information on all tax payers had no security, at all. You could view the confidential info by accessing an unsecured URL. And just by changing the entry id parameter in the URL, you could get to information about different tax payers, as the parent says. Any moron could get that data and apparently the "hackers"/whistleblowers in question downloaded it over the course of a couple months.

      Latvia is no US and of course the organizations here don't have the same kind of security experience that organizations from big countries. Still, this is an important governmental organization we're talking about and the security hole in question is blatant and obvious. As such, many here have doubts that it was accidental, it's quite possible that the Revenue Service was sabotaged.

      This Neo guy and his organization are apparently planning now to release information about the financial activities of a bunch of organizations, including governmental ones, as allegedly they believe it will help the society here, create more responsibility, etc. They have, banks aside, so far released information about the salaries of police and public transportation employees. The bank is a separate story really, it got bailed out when the recession hit hard here, and this bailout has in itself been a subject of much contention.

  4. Not a Hack by MrTripps · · Score: 4, Informative

    "The nation's security council discussed the breach and expressed concern that only 50 percent of the country's 175 state-run data systems have security oversight. President Valdis Zatlers called for immediate action to install proper security on all systems. Computer experts concluded that the breach did not constitute a cyber-attack and was the result of poorly developed software and systems management." http://www.kansascity.com/2010/02/24/1770170/cyber-whistleblower-stuns-latvia.html I'd hate to be that CIO.

    --
    "I'm not a quack, I'm a mad scientist! There's a difference." - Dr. Cockroach
  5. Correction to the story by karuna · · Score: 5, Informative

    The summary is completely wrong. The actual history in short is as follows: Latvian Neo claims that the anonymous group 4ATA has downloaded about 7.4 million tax statements from the Latvian tax authority website that is used by businesses to submit their tax declarations electronically. It was done over 3 months period before the IT department realized that something is wrong. The stolen data includes practically full information about salaries and payments received by employees of all Latvian public and private enterprises.

    4ATA is now periodically releasing the detailed pay information of certain public companies one at a time. He is careful to remove actual names of employees and for many this data seems trivial. But with this he is trying to prove that the claimed austerity measures undertaken by the government to fight the economic crisis is a big lie. However, the periodic release is annoying politicians who can't find a way to stop this leak.

    As for Neo walking the fine line, he downloaded the data without circumventing any security measures as he claims that the website was open to everyone. The hole was one specific URL normally used by an authorized user to review his own statements. Each document in the total database is assigned an ID number and by sequentially changing the ID number in the said URL, everyone could download the whole database as no authorization was checked by the script on the server. After some time the tax department notice irregularities and noticed the developer of the system but they were rather slow to fix the breach. When they finally managed to get the act together, Neo had already downloaded about 98% of the database.

  6. Re:STOP THE PRESSES! by muntis · · Score: 3, Informative

    Hah, any country would like to have Internet like we have here in Latvia. http://www.speedtest.net/global.php Don't underestimate developing countries, we don't have legacy infrastructure to rely on.