Swedish Police Use WhatsApp For Surveillance Ops, Share Intel With Civilians

← Back to Stories (view on slashdot.org)

Swedish Police Use WhatsApp For Surveillance Ops, Share Intel With Civilians

Posted by Soulskill on Saturday February 15, 2014 @09:57AM from the what-happens-in-CopSpace-stays-in-CopSpace dept.

New submitter TheP4st writes "A group of Swedish police officers thought it would be a good idea to use WhatsApp as a work tool for surveillance operations. The officer that set up their chat group mistyped one of the phone numbers to mistakenly include a civilian IT teacher. Once the teacher informed authorities about the mistake, it took more than 24 hours before he stopped receiving sensitive case information, which included criminal records, passport photos, and communications between surveillance teams tailing suspects. When confronted by Computer Sweden (Google translation of Swedish original), the officer responsible for setting up the group said, 'I know this server is not located in Sweden and that one cannot share every kind of information.' The only mobile chat medium approved for sensitive information is BlackBerry, and this initiative by a small group of officers happened because they do not have access to BlackBerry handsets."

37 comments

Min score:

Reason:

Sort:

LOL by Anonymous Coward · 2014-02-15 10:00 · Score: 1

The only mobile chat medium approved for sensitive information is BlackBerry, and this initiative by a small group of officers happened because they do not have access to BlackBerry handsets.
This problem could have been solved in two ways: 1. Get Blackberries, 2. Upload sensitive data to a private company in a foreign country. It's shouldn't be this easy to pick the wrong one.
1. Re:LOL by Anonymous Coward · 2014-02-16 03:39 · Score: 1
  
  Aren't those two options pretty much the same thing? Option three: increase police budget to include a system for such communications, and the necessary insurance, supervision and monitoring to not to fuck the project and the operations up. Surely Swedish engineers are capable enough to implement and run such a system.
2. Re:LOL by gl4ss · 2014-02-16 05:13 · Score: 1
  
  police don't need insurance in nordic countries... they'll just say oops.
  (and any damage payments would come from state anyways)
  
  --
  world was created 5 seconds before this post as it is.
3. Re:LOL by Kichigai+Mentat · 2014-02-17 04:05 · Score: 1
  
  Aren't those two options pretty much the same thing? Option three: increase police budget to include a system for such communications [...]
  Nope. BlackBerry Enterprise Server (BES) was developed to do just this job. You spin up a BES instance in your existing IT infrastructure (much like you would set up a Exchange server), and then link your BlackBerry to it. Then basically all communications go through that, rather like a VPN setup. And it's encrypted, too.
  
  --
  Rawr
4. Re: LOL by Anonymous Coward · 2014-02-17 20:15 · Score: 0
  
  Our how about just the fact that they have a company that is going down in flames as the only legit device. Good on you sir's... good on you. Way to aim to be the biggest possible train wreck possible. Go big or go home... that's what I always say ( no really I do )
SubjectsInCommentsAreStupid by lesincompetent · 2014-02-15 10:02 · Score: 3, Funny

And this is why i use Telegram.
And why you should, too.
Truly cross-platform (even PC!)
1. Re:SubjectsInCommentsAreStupid by lesincompetent · 2014-02-15 10:04 · Score: 3, Funny
  
  No, i did not read the article before commenting. I hereby certify myself a veritable idiot.
2. Re:SubjectsInCommentsAreStupid by wonkey_monkey · 2014-02-15 10:15 · Score: 0
  
  Spoilsport!
  
  --
  systemd is Roko's Basilisk.
Oh FFS! by Anonymous Coward · 2014-02-15 10:09 · Score: 5, Insightful

A shoddy chat app that is hardly good enough for personal communication is used for sensitive police work? And if they hadn't used that, they would have used fucking Blackberrys, which also store everything on foreign servers? Does the Swedish police not have an IT department which can provide them with secure communication tools?
1. Re:Oh FFS! by Anonymous Coward · 2014-02-15 11:10 · Score: 1
  
  "Blackberrys, which also store everything on foreign servers"
  Why do you say Blackberry runs only on "foreign" servers? You can have your own Blackberry server in any country you like. Even your own
2. Re:Oh FFS! by Anonymous Coward · 2014-02-15 13:37 · Score: 0
  
  Yes. They use Oracle. It has gone about as well as you would expect. Seriously (in Swedish, sorry).
3. Re:Oh FFS! by stymy · 2014-02-15 14:31 · Score: 1
  
  BlackBerrys only store stuff in foreign servers by default. You can set up your own servers, with end-to-end encryption from them to the phones, and that's presumably what the Swedish police has done.
4. Re:Oh FFS! by rasmusbr · 2014-02-16 00:29 · Score: 3, Funny
  
  Yes. They use Oracle. It has gone about as well as you would expect. Seriously (in Swedish, sorry).
  The last comment on that article claims that the Swedish police basically got a new CIO who felt he had to prove his worth by making some sort grand decision. He decided to switch tracks and use Siebel as the basis of their new system.
  Sounds plausible enough.
5. Re:Oh FFS! by Kichigai+Mentat · 2014-02-17 04:11 · Score: 1
  
  This seems to be the part that everyone is forgetting about why BlackBerries were so popular among IT professionals. You just drop BES into your setup, and now connected BlackBerries can be managed like any other part of the infrastructure. It's encrypted, you control the server and all the data, and you can do all sorts of remote provisioning and security tasks. It's the same reason that many companies still like using Microsoft Exchange: they control the servers, and hence the data.
  It's not like Android or iOS where the system has to (and does, on its own) phone home in order to use basic, built-in services. You can't just plunk down your own private Gmail or Siri server inside of your racks.
  
  --
  Rawr
blackberry by Anonymous Coward · 2014-02-15 10:10 · Score: 1

Just got a Z10, I love it! It's OK if you guys hate me though :)
1. Re:blackberry by fuzzyfuzzyfungus · 2014-02-15 10:22 · Score: 3, Funny
  
  Just got a Z10, I love it! It's OK if you guys hate me though :)
  No, no, I find endangered species from vanishing ecosystems to be quite interesting. Some of them are also cute, tasty, or a source of fascinating new biologically active compounds. Like those wacky Amazonian frogs.
2. Re:blackberry by cold+fjord · 2014-02-15 17:56 · Score: 2
  
  Narrator: The bug-eyed Blackberry has entered the clearing.... by the way its moving it appears to be looking for market share. But wait, what's this? It looks like an iSnakepad has grabbed it in a lightning fast strike! The iSnakepad is wrapping itself around the bug-eyed Blackberry and is starting to squeeze. Sadly now, there can be but one outcome.
  
  --
  much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
3. Re:blackberry by SpzToid · 2014-02-15 23:05 · Score: 1
  
  Hey folks, you won't believe this but I just shot that entire well-lit video sequence using my Nokia N9, and it looks great! I'd share it with you, except I'm in one of those countries, and you are probably in one of the other ones.
  
  --
  You can't be ahead of the curve, if you're stuck in a loop.
4. Re:blackberry by Kichigai+Mentat · 2014-02-17 04:15 · Score: 1
  
  Why would we hate you? It's the disjointed user interface of BBX that most of us have trouble stomaching. That and the lackluster native app selection. There was a lot I really liked about my old BlackBerry Curve, but RIM did a poor job of attracting third party developers, and made a total hash of the touch interface in the latest OS iteration.
  It's very much how I felt about Nokia and Symbian. Great hardware, and the OS wasn't too shabby, but there were a lot of things you just couldn't do on the platform simply because no one was writing the programming to do it. Also the S60 email client was beyond basic.
  
  --
  Rawr
Common problem. by SuricouRaven · 2014-02-15 10:15 · Score: 5, Insightful

1. Workplace has confidential information.
2. Workplace puts up elaborate high-security protocols and technology intended to protect that data.
3. Workers find that all this security is getting in the way of actually doing their jobs.
4. Workers ignore protocol and devise their own means of going behind the backs of those dictating security.
5. Embarassing breach occurs.
A common example occurs when IT dictates all passwords must be at least seven characters an include mixed case and punctuation. Faced with difficulty remembering passwords, the staff respond by putting them on post-it notes under their keyboards. Or when getting a new staff member approved for access to the confidential data takes a few days, leading to staff letting temps borrow their credentials so they can get started right away.
1. Re:Common problem. by ottothecow · 2014-02-15 10:32 · Score: 5, Insightful
  
  Pretty much this.
  When an organization sees people doing things like this, they should recognize that they are not providing the right kind of IT services to their employees.
  
  --
  Bottles.
2. Re:Common problem. by ottothecow · 2014-02-15 10:34 · Score: 3, Insightful
  
  And if the free software (Whatsapp) isn't deemed secure enough...then they need to look into something like Good where they can still keep the communication walled in but let people use things that aren't outdated blackberries.
  
  --
  Bottles.
3. Re:Common problem. by Anonymous Coward · 2014-02-15 14:00 · Score: 0
  
  Have fun with you non dictated password where people use password, 123456 or the like and your network gets hacked easily.
4. Re:Common problem. by allypally · 2014-02-15 21:45 · Score: 1
  
  > all passwords must be at least seven characters an include mixed case and punctuation
  People can and will work around any barrier that stops them working, even if they are now working in an unsafe environment.
  I worked somewhere once with those rules, plus the password had to be changed monthly, and no reuse of ones you'd used previously.
  Pretty much everyone would have a compliant password today that was a slight variant on the unforgettable:
  Feb.2014
5. Re:Common problem. by ProzacPatient · 2014-02-16 05:54 · Score: 1
  
  A common example occurs when IT dictates all passwords must be at least seven characters an include mixed case and punctuation.
  Ha! My IT department where I work (I shall not disclose whom I work for) requires that all passwords have a minimum of 14 characters and the password is required to be changed on a regular interval in a mandatory basis. There is a policy in place against passwords; on post-it notes, in notebooks and so forth so it's really frustrating and really easy to forget if you're not careful.
6. Re: Common problem. by Anonymous Coward · 2014-02-16 07:49 · Score: 0
  
  Actually, step 3 would be "some workers don't have access to the approved technology and come up with their own solution".
7. Re:Common problem. by Anonymous Coward · 2014-02-16 20:22 · Score: 0
  
  A place I worked at almost 20 years ago had the IT department generate random passwords monthly and leave them in envelopes on the users desks.
So... by fuzzyfuzzyfungus · 2014-02-15 10:20 · Score: 1

On a scale from 'paid vacation' to 'hahaha, paid vacation' do we have any estimates on the penalty for this sort of fantastic adherence to good evidence handling practices and adherence to both the security of an investigation in progress and the rights on anyone who turns out to be investigated but uninvolved?

(Incidentally, who wants to bet that the officers involved may not have adhered to every tedious little 'best practice' in their handling of past cases? Sure is a good thing that they aren't in a position where sloppiness could cause real damage or anything, or I might be concerned.)
1. Re:So... by Anonymous Coward · 2014-02-15 17:53 · Score: 0
  
  I honestly think that the only thing that will happen is that someone will tell them that they shouldn't do that and that will be the end of it.
I accidentally a wrong phone number.. by Anonymous Coward · 2014-02-15 11:19 · Score: 0

yeah right.
But? by Anonymous Coward · 2014-02-15 13:42 · Score: 0

Yes, but beta sucks.
Slightly improved translation by Anonymous Coward · 2014-02-15 19:03 · Score: 0

The machine translation of the quote in the summary sounds a bit wonky. A better (tone-maintaining) translation is:
"Yes, I know the server isn't in Sweden and it's a medium where you can't just drone on about any old info you have"
DO NOT CALL IT FREE by Anonymous Coward · 2014-02-16 07:24 · Score: 0

Do not call proprietary (gratis) software as Whatsapp free!
It is not!
BBM is cross platform now. Was there an excuse? by Anonymous Coward · 2014-02-16 07:25 · Score: 0

Aren't these officers aware of BlackBerry Messenger being available for iOS and Android devices? Surely they would also be aware of Whats Apps recent public vulnerabilities in the news (I'm sure they consider themselves somewhat tech savvy).
Re:you Fail It... by Anonymous Coward · 2014-02-17 05:10 · Score: 0

damn it, you know you've been too long on the interwebs when you scroll past a goatse link, and it is marked in the 'visited' color.