Slashdot Mirror
Sweden Accidentally Leaks Personal Details of Nearly All Citizens (thehackernews.com)
An anonymous reader quotes a report from The Hacker News: Swedish media is reporting of a massive data breach in the Swedish Transport Agency (Transportstyrelsen) after the agency mishandled an outsourcing deal with IBM, which led to the leak of the private data about every vehicle in the country, including those used by both police and military. The data breach exposed the names, photos and home addresses of millions of Swedish citizen, including fighter pilots of Swedish air force, members of the military's most secretive units, police suspects, people under the witness relocation program, the weight capacity of all roads and bridges, and much more. The incident is believed to be one of the worst government information security disasters ever.
In 2015, the Swedish Transport Agency hand over IBM an IT maintenance contract to manage its databases and networks. However, the Swedish Transport Agency uploaded IBM's entire database onto cloud servers, which covered details on every vehicle in the country, including police and military registrations, and individuals on witness protection programs. The transport agency then emailed the entire database in messages to marketers that subscribe to it. And what's terrible is that the messages were sent in clear text. When the error was discovered, the transport agency merely thought of sending a new list in another email, asking the subscribers to delete the old list themselves.
In 2015, the Swedish Transport Agency hand over IBM an IT maintenance contract to manage its databases and networks. However, the Swedish Transport Agency uploaded IBM's entire database onto cloud servers, which covered details on every vehicle in the country, including police and military registrations, and individuals on witness protection programs. The transport agency then emailed the entire database in messages to marketers that subscribe to it. And what's terrible is that the messages were sent in clear text. When the error was discovered, the transport agency merely thought of sending a new list in another email, asking the subscribers to delete the old list themselves.
This story is more fun if, in your head, you read the summary using a Swedish accent.
#DeleteChrome
Swedish Transport Agency uploaded IBM's entire database onto cloud servers
The transport agency then emailed the entire database in messages to marketers that subscribe to it.
were sent in clear text
error was discovered, the transport agency merely thought of sending a new list in another email, asking the subscribers to delete the old list
every conceivable top secret database: fighter pilots, SEAL team operators, police suspects, people under witness relocation.
One of the multiple questions coming to my mind after reading all this is: why are so different types of top-level secret information of a country being stored in the same database?!
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
switch cars with your neighbors.
>> was made available to IT workers in Eastern Europe who had not gone through the usual security clearance checks when the agency outsourced its IT maintenance to IBM in 2015.
Um...according to TFA it WAS a corporation (IBM) that coughed up the data.
Russian spies just got accepted their requests for a couple of years of sabbatical, because there's no more work to do.
> ..the transport agency then emailed the entire database in messages to marketers that subscribe to it.
This sentence makes no sense. What did the marketers subscribe to? The top secret database??!! This must have been quite a large database, I doubt that you can attach and mail it. Who mailed what to whom?
The whole article reads like something Google translate did on a day when the server was drunk or half asleep.
The dangers of excessive individualism are nothing compared to the oppressiveness of excessive collectivism
You joke, but when a corporation screws up, you can sue it, you can quit buying their products, you can convince your friends to stop supporting it.
When the government screws up, you're stuck with it (short of revolution). In fact the way a lot of government union employment contracts are structured, you can't even fire the people responsible for the screwup.
I've never bought into the claim that all government is good and all corporations bad. Nor have I bought into the claim that all corporations are good and all government is bad. Both can do good things, both can do bad things. The trick is figuring out which things one tends to do better than the other, and giving the job to the more capable entity.
Says a dude that is morbidly obese even while supposedly on a low-calorie, low-carb diet.
A smaller government obviously requires skinnier people. Check out my blog post where I lost ten pounds in ten weeks after getting the Greater Goods Basic Bathroom Scale for $20 to accurately measure my weight when the gym scales stopped thunking at 350 pounds.
I hope they can sue IBM / jail someone for this.
It took you 10 weeks to lose 10 lbs? And you're bragging?!
According to coworker who is a martial arts expert, losing a pound per week is a sustainable over the long term.
Nonsense,
The future is the issue, not the cloud.
aaaaaaa
This is why we need to tear down Hoover Dam and abandon hydroelectric power.
Have you been to Hoover Dam in recently? I was there in 2013. The water level has dropped substantially due to global warming. If the water level continues to drop, there won't be enough water to run the turbines.
Funny this, yesterday, we were discussing the Norwegian story about how everybody has access to everyone else's income, and it's no big deal, since they have a sense of community & everyone trusts each other. Now, I know that Sweden is not Norway, but culturally, from what I understand, very similar. In which case, this accidental leak should be no issue at all, since all Scandinavians are perfectly honest people who wouldn't dream of even SCANNING other people's personal data, let alone steal from them, just b'cos they can. So this story is essentially much ado about nothing
"When the error was discovered, the transport agency merely thought of sending a new list in another email, asking the subscribers to delete the old list themselves." Hey guys, yeah, could you just ignore that last email we sent? That would be great, thanks. I'm surprised they didn't just try an Exchange "recall message". Is this their actual policy for data leaks?
Does that include chest size for the women? We need to know!
#DeleteFacebook
Although the data breach happened in 2015, Swedish Secret Service discovered it in 2016 and started investigating the incident, which led to the fire of STA director-general Maria Ågren in January 2017.
Holy shit. I have a hard time wrapping my head around how massive of a fuckup this is.
Ågren was also fined half a month's pay (70,000 Swedish krona which equals to $8,500)
Oh. Well hell, that ought to teach her.
Why would a transport agency have any access to witness relocation data?
The data breach exposed the names, photos and home addresses of millions of Swedish citizen, including fighter pilots of Swedish air force, members of the military's most secretive units, police suspects, people under the witness relocation program, the weight capacity of all roads and bridges, and much more.
Oh yeah, and it also reveals the names of catholic priests, pedophiles, skull-fuckers, rapists, and community leaders. Which, as anyone knows, are all the same people. And fuck, they also reveal who knows about Area 51, alien invaders, and [enter your tinfoil here].
In all seriousness though, wtf is the spin in TFS. It reads as if it was a national security issue, whereas TFS holds that it's about names, photos and home addresses. Not activity.
Fuck you Slashdot editors. You're worthless.
Article is bullshit and bad translation. It is explained better here Transportstyrelsens IT-upphandling (in swedish, do your own translation)
Jag Ãr Brian och sa Ãr min fru!
once again, slashdot continues to FAIL IT with unicode
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
And now it is according to You. You have a reference to a more secure source? Your coworker could have got it from an idiot.
You have a reference to a more secure source?
https://www.cdc.gov/healthyweight/losing_weight/index.html
It's natural for anyone trying to lose weight to want to lose it very quickly. But evidence shows that people who lose weight gradually and steadily (about 1 to 2 pounds per week) are more successful at keeping weight off. Healthy weight loss isn't just about a "diet" or "program". It's about an ongoing lifestyle that includes long-term changes in daily eating and exercise habits.
So you're doing the bare minimum and think it's bragworthy?
Yes. Now bitch about something else.
Nowhere in TFA does it say IBM coughed up the data. It specifically says the government did it.
You can sue the government in many democracies. Not sure if Sweden is one of those places, but its certainly not something you can arbitrarily claim without looking into it. (Whether its useful to sue the government is another question of course..)
and giving the job to the more capable entity
Unfortunately neither organization has mastered preventing human error, so while you're not incorrect.. your statement is rather irrelevant to "someone f'd up," no matter how big an f they upped.
When the government screws up, you're stuck with it (short of revolution).
I don't know where you live but around here we have these things called elections which let us change governments without all the shooting, rioting and deaths of a typical revolution. You should try them, they aren't fantastic but they are a lot better than the alternative.
Yes, so long as you aren't simultaneously sustaining any other thing. Like a day job.
I'm joking just a bit, but the word "sustain" is commonly abused in exactly this way.
Weakly sustainable: when just this one thing can be sustained.
Strongly sustainable: a member of the set such that all strongly sustainable things can be sustained at the same time without surpassing the labours of Hercules.
Whenever someone says to me "sustainable" regarding a personal resolution, my first (usually silent) question is: have you ever given one hour notice at work, and then set foot in Tibet the very next day?
Because, if so, that's just a steaming pile of dedication porn.
When you're fat and just starting out, you can lose 10 pounds in a week.
If you're a butterball, which I haven't been in 30 years. I rode a bike for 20 years and worked out at the gym for the last ten years. I carry more muscle than fat.
I guess what I'm saying is, a 375 pound man losing 10 pounds in 10 weeks isn't statistically significant enough to imagine a larger trend.
Check back in January when my weight is 325 or so. That was my lowest adult weight when I rode a bike to work for 100 miles per week for three years.
... right after I copy it to safe harbour.
It little behooves the best of us to comment on the rest of us.
This is why the US need a smaller government...
How would a smaller government in the US mitigate a problem in Sweden?
It little behooves the best of us to comment on the rest of us.
https://slashdot.org/comments....
But ran into a case of communism. Anyway, my comments about the current situation of Sweden still holds:
https://slashdot.org/comments....
https://slashdot.org/comments....
https://slashdot.org/comments....
Though totally unrelated to the leak and 100% about the only party which was voting against letting foreign companies handle this information and the current threats of democracy of Sweden and so on.
Seriously, Russia had been trying to do this for a year, and then Sweden goes and does it for them.
All those wasted hacker hours.
Sigh.
-- Tigger warning: This post may contain tiggers! --
First of all - it needs to be made clear that the article is misleading since it is conflating two unrelated incidents. First there was the leak of addresses of people with hidden identities, then there was the handover the foreign IBM staff that had not had proper background checks. There is no (public) evidence in the second problem that any data was actually leaked due to this.
One thing to remember here is that what triggered this shit to begin with was the government agency slimming down by replacing it's internal IT services by outsourcing them to a private company.
Another third thing to remember is that the director-general was fired and convicted. The board members has been replaced. The discussions now are whether the ministers, that were notified by the director-general that the agency intended to ignore the laws by fore-going the backgrund checks but took no actions, will have to go.
Heads are rolling because of this, and it's the heads at the very top. Sue a private company, who would lose their job?
This will be small potatoes compared to the leaks of private financial and medical data we can expect from the CFPB and the reporting required by ACA.
The discussions now are whether the ministers, that were notified by the director-general that the agency intended to ignore the laws by fore-going the backgrund checks but took no actions, will have to go.
I think you mean forgoing, unless you mean they preceded the background checks?
Google it, dipshit. There was even a cop who came forward about it and was immediately attacked by their cuck-filled, globalist-infiltrated government and leftist stooges who didn't like their lies being exposed.
Islam happened to Sweden.
...or a personal website that exposes every detail of your life going back to childhood, huh Tubby?
The personal website that got 60+ visitors today because of this comment shit storm? Keep up the good job! ;)
$#@! 'em. And good on you for finding something that tilts the tide and sticking to it. Any idiot can get fast, satisfying results for a little while - it takes determination and vision to accept that what took years to put on will take years to take off. Best of luck in maintaining your vision and embracing your needed lifestyle changes.
An old friend of mine had a sailing metaphor philosophy on life - as long as you can keep trending in the right direction you'll get where you want to go. The important thing is to keep your hand on the wheel and not let yourself get discouraged when you occasionally get blown off course.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
Hate to spoil your narrative, but I'm not from Sweden.
Il n'y a pas de Planet B.
You can sue the government in many democracies.
I.e., you can sue yourself, the taxpayer. How would anyone in Sweden receive remedy given that every Swede was affected? You would have to tax each citizen the exact cost of the judgement they receive or else reallocate money from their public services.
Unfortunately neither organization has mastered preventing human error,
Government seems to think that punishing 'human error' is a great way to prevent it -- provided we are talking about citizens acting privately. If I make the human error of not noticing a change in speed limit the government is happy to fine me and possibly jail me and take away my driving privileges.
Businesses can and do punish human error by firing people, or the business itself may be snuffed out by consumer boycott, loss of contracts, or revenue-gobbling lawsuits. Governments, however, tend not apply such drastic consequences to themselves. If the government, e.g., 'accidentally' violates law concerning privacy of its citizens, no one is going to prison.
So while it's true that mistakes happen regardless, in only one case is there a significant incentive to avoid them.
When things get complex, multiply by the complex conjugate.
Even worse - the responsible people were told that the transfer was even an illegal move by the internal revision people of that department but they moved ahead anyway. Responsible ministers kept silent and didn't even inform the prime minister of this.
Nothing less than a public flogging would be suitable.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
"A government big enough to give you everything you want, is a government big enough to take away everything that you have."
- Thomas Jefferson
This should be a reminder that an omnipresent government like the Swedish government has some inherent risks.
"..the transport agency then emailed the entire database in messages to marketers that subscribe to it."
This sentence makes no sense. What did the marketers subscribe to? The top secret database??!! This must have been quite a large database, I doubt that you can attach and mail it. Who mailed what to whom?
The whole database WAS indeed leaked. In clear text. To former Soviet countries. And also by mail. As decided by a senior official(!).
Most content of the DB is official data under the the freedom of information act (Offentlighetsprincipen), so it does make sense to supply that information to any commercial subscriber, such insurance companies etc., but from a military standpoint, this leak is the most severe leak since 1980's, when russian spy Stig Bergling stole enormous amounts of top secret information.
A government database like containing things like names, street-names, car make and models contains mostly repeating information, very easily compressed to mailable size using zip. The "funny" thing is that the officials confirm the database was leaked, "but any villain do not have the correct interface, so they cannot read it". Well, is not a problem for any scriptkiddie to google an appropriate extraction tools, don't you think? The only exaggeration in the post, is that minors and adults without a drivers license isn't included in the database, which still means that ~75% of the entire population is included.
So this story is essentially much ado about nothing
So while some 90% of the database is official, it DOES contain secret military information without any marking of that, or at least that wasn't removed prior to publishing the database.
From a military perspective, this is the largest leak since the 1980's, when Russian spy Stig Bergling stole huge amounts of even more dangerous information, which basically forced a complete(!) re-organization of the whole military.
Classy with the affiliate link there, that wasn't at all transparently motivated.
"To any truly impartial person, it would be obvious that I am right."
Leak happened in 2015!
Turning one sheet of paper every day, it takes some time for any information of the leaks to be published under the freedom of information act ("Offentlighetsprincipen"). If you're in a hurry. Otherwise, they'll only do it on Friday afternoons. If there's any spare time...
I always wondered what the GNAA trolls would do when they grew older. So this is what you've sunk to.
Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
Not really, no. The water levels are low for reasons other than global warming. The aquifer is nearly depleted due to overuse and drought. None of those is directly related to climate change. The depletion is definitely due to humans, however. The river should also be fed be aquifer. It isn't. We used the water to grow food and lawns.
"So long and thanks for all the fish."
The title says it was an "accident" which is incorrect. This was done with open eyes all the while security responsible protested and a lot of other IT people.
The director ordered this outsourcing project to continue and give access to the IBM contractors before they had been given security clearance. IBM's personnel are located in different countries such as Serbia, Poland, etc. The access is (still) administrative access to databases and data shares.
It's of course not just one big database but many. What's also not in the summary is that an encrypted inter-agency network was also exposed. Oops.
The motive of the (now ex) director's order was to speed up the project, because the transport agency otherwise would have issues with their daily work (issue driver licenses, etc.). The government has also been breathing down their necks to save money, hence this outsourcing (short-sighted madness).
It's a trainwreck from beginning to end, really. Heads will roll.
IAAS (I Am A Swede) as well..
Fight for your digital freedom, join the EFF *now*: http://www.eff.org/support/
In most free countries there is an independent judiciary. Pretty basic stuff.
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
As bad as creimer is with his bizarre unrelated stories and fucking amazon links, you twats following him around are about an order of magnitude more pathetic.
Did all your 4chan bros kill themselves or something? Why are you here? ;)
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
You have a very low bar for a "good job".
For today's Slashdot, 30+ per day is normal. Ten years ago, 300+ per day was normal. In 1999, 3,000+ was normal and I would worry about the server crashing.
Well, let me introduce you to a concept; failing gracefully. This means your server should be stress tested and fine tuned to insure it never crashes, just stop accepting requests when the load is too high or whatever, there is multiple way to achieve the goal. A server that crashes under load is misconfigured.
Everything I write is lies, read between the lines.
Well, let me introduce you to a concept; failing gracefully.
Back in 1999, servers just crash and most were misconfigured anyway.
Sound like BS to me.
Where I work, emails are limited to 10MB in size. We have a n email application that allows for large file transfer, up to 150MB. I'm sure most governments and corporations have similar restrictions, or at least *some*.
I'm not sure what size the Transportation database would be for an entire country, but I am thinking it would be large enough that no email system anywhere of any type is going to be very successful at moving it.
What is more likely is that the data was on the cloud, and that the location was sent out beyond what they were supposed to. However one would think that said cloud would have the appropriate security setup for it, which is more concerning if it was not. Indeed that would be just as much the contractor's fault (unless specifically told not to, also unlikely) as the government if it was simply left open for anyone to access.
Bottom line is I work with a lot of large databases, and none of them would likely rival the size of an entire transportation DB, and I don't think I could even come close to "emailing" them to anyone no mater what I tried to do...
Tell that to Tim Pool, because he experienced them first hand. Don't know who he is? He's an independent journalist that flies all over the place to where the stories are. The most recent case where a german journalist decided to dox him, and then handed all of his info to a german antifa group who then tried to attack him and another group of independent journalists.
There were "friends" who told him not to report on those no-go zones because they didn't want him to for ideological reasons. They want to maintain the "happy migrant picture" while burying their head in the sand over the violence, sexual assaults and rape. Others(everything from leftwing groups that support unrestricted migration to antifascist groups) that threatened him to not report on it. You can dig through his twitter feed if you want the names of the people who threatened him to not report on those areas. Yes they do exist, and yes the media is lying to you about them "not really existing."
Om, nomnomnom...
Don't blame Sweden, they thought the cloud was wearing a condom.
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
i'm down 13 pounds over 5 weeks, but that appears to be mostly water weight.
cut out wheat and milk altogether, and i think i'm on a 700-800 calorie deficit, other than that, haven't changed much.
The first article linked says that the Swedish Transportation Agency allowed IBM to proceed without background checks and security clearances. Some of the IBM personnel were located in other countries. It does not say that anyone outside of IBM had any inappropriate access. The second article linked, from which the summary paragraph above is drawn, seems a bit sensational in extrapolating this as having been a huge data leak -- "...emailed the entire database...".
Yeah because no journalist ever have any form of agenda right? The problem here is that I'm a white native Swede and I have been to this areas while also having several police officers in the family. Of course I'm just a anonymous person on the Internet but I can assure you that there exists no such thing as a no-go zone in Sweden, the very second some one would kill a police officer here they would find themselves fucked royally, the police outguns the criminals to almost infinity, this is not the US where everyone and their uncle have a gun.
Are you talking about a win98 server or, NT4 maybe?
Because, the failing gracefully principle has been around since 1970 in Unix. My servers have been configured this way since 1996.
If only serving webpages, all you have to do is configure apache accordingly with rate limiting. So, instead of your server crashing, users get an error saying that the server is currently too busy to handle their requests.
Everything I write is lies, read between the lines.
Sure explains why there's two commonalities between Sweden and the Philippines doesn't it? Both have grenade attacks against churches.
Om, nomnomnom...
Which grenade attacks against churches in Sweden?
"A government big enough to give you everything you want, is a government big enough to take away everything that you have."
- Thomas Jefferson
This is a cute turn of phrase, but a government gets to the "can take everything you have" size long before it reaches the "give you everything you want" level.* Most (all?) of the planet's population lives under governments that have reached one mark but not the other.
* For sane definitions of "everything you want" and "everything you have." Clearly, if one of the things I want is a government that can't take anything from me, the premise itself is flawed.
Wow. That was some verbal gymnastics you went to for essentially "durr gummint bad!"
you can sue yourself, the taxpayer
Unless you happen to be the ruler of a monarchy, the government, the people who pay for the government (ie: citizens) and the people who work for the government are all separate entities. Sure, your own taxes would in part pay for the settlement if you win the lawsuit, but that's not much different than suing McDonald's and having the Big Mac you ate 3 years ago pay for some tiny fraction of the settlement.
At the end of the day, only people can generate wealth, regardless of whether they're generating it for a company, or for their government (via taxes) or for themselves directly. If you don't believe me, go register a company and do nothing with it. You will see exactly $0 profit (actually somewhat negative since registration isn't free!)
Government seems to think that punishing 'human error' is a great way to prevent it
What? Whoever said that? Just because its impossible to pick out one accidental speeder from the 100s or 1000s of fully-aware ones, doesn't mean anyone -- even the government -- thinks its "great" to punish honest mistakes.
Businesses can and do punish human error by firing people
Well the government can't really "fire" a citizen, so I'm not sure what you're suggesting here.
If the government, e.g., 'accidentally' violates law concerning privacy of its citizens, no one is going to prison.
Just like all of the people who go to prison for the hundreds of corporate data breaches we see every year right? Of course not. In this case, the government fired and fined the employee in question -- exactly what you'd expect a businesses to do in that situation (hell, they wouldn't even get to levy a fine like that.. or at least would have no authority to enforce it if they did unless they successfully sue you for it.)
in only one case is there a significant incentive to avoid them.
I'm not sure which case you're talking about here. You've listed fines and jail if the government catches you and firings if your company catches you. Most people have a strong incentive to avoid all of that. The only "one case" where you claim nothing happens is if you're a government employee, and that's just bullshit since TFA itself straight up laid out the punishment for the employee who made the mistake.