Slashdot Mirror
Sweden Accidentally Leaks Personal Details of Nearly All Citizens (thehackernews.com)
An anonymous reader quotes a report from The Hacker News: Swedish media is reporting of a massive data breach in the Swedish Transport Agency (Transportstyrelsen) after the agency mishandled an outsourcing deal with IBM, which led to the leak of the private data about every vehicle in the country, including those used by both police and military. The data breach exposed the names, photos and home addresses of millions of Swedish citizen, including fighter pilots of Swedish air force, members of the military's most secretive units, police suspects, people under the witness relocation program, the weight capacity of all roads and bridges, and much more. The incident is believed to be one of the worst government information security disasters ever.
In 2015, the Swedish Transport Agency hand over IBM an IT maintenance contract to manage its databases and networks. However, the Swedish Transport Agency uploaded IBM's entire database onto cloud servers, which covered details on every vehicle in the country, including police and military registrations, and individuals on witness protection programs. The transport agency then emailed the entire database in messages to marketers that subscribe to it. And what's terrible is that the messages were sent in clear text. When the error was discovered, the transport agency merely thought of sending a new list in another email, asking the subscribers to delete the old list themselves.
In 2015, the Swedish Transport Agency hand over IBM an IT maintenance contract to manage its databases and networks. However, the Swedish Transport Agency uploaded IBM's entire database onto cloud servers, which covered details on every vehicle in the country, including police and military registrations, and individuals on witness protection programs. The transport agency then emailed the entire database in messages to marketers that subscribe to it. And what's terrible is that the messages were sent in clear text. When the error was discovered, the transport agency merely thought of sending a new list in another email, asking the subscribers to delete the old list themselves.
This story is more fun if, in your head, you read the summary using a Swedish accent.
#DeleteChrome
Swedish Transport Agency uploaded IBM's entire database onto cloud servers
The transport agency then emailed the entire database in messages to marketers that subscribe to it.
were sent in clear text
error was discovered, the transport agency merely thought of sending a new list in another email, asking the subscribers to delete the old list
every conceivable top secret database: fighter pilots, SEAL team operators, police suspects, people under witness relocation.
One of the multiple questions coming to my mind after reading all this is: why are so different types of top-level secret information of a country being stored in the same database?!
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
switch cars with your neighbors.
> ..the transport agency then emailed the entire database in messages to marketers that subscribe to it.
This sentence makes no sense. What did the marketers subscribe to? The top secret database??!! This must have been quite a large database, I doubt that you can attach and mail it. Who mailed what to whom?
The whole article reads like something Google translate did on a day when the server was drunk or half asleep.
The dangers of excessive individualism are nothing compared to the oppressiveness of excessive collectivism
You joke, but when a corporation screws up, you can sue it, you can quit buying their products, you can convince your friends to stop supporting it.
When the government screws up, you're stuck with it (short of revolution). In fact the way a lot of government union employment contracts are structured, you can't even fire the people responsible for the screwup.
I've never bought into the claim that all government is good and all corporations bad. Nor have I bought into the claim that all corporations are good and all government is bad. Both can do good things, both can do bad things. The trick is figuring out which things one tends to do better than the other, and giving the job to the more capable entity.
You are right in that Sweden and Norway are culturally very similar. But I think you are wrong about this leak.
If the rest of the world can see details about every single driving licence ever issued in Sweden, I see no real harm. But this leak has (at least potentially) exposed things like which vehicles the secret army units have (and how many of them), who the Swedish combat pilots are and where they live, which roads and bridges can support which vehicle types (good to know when invading a country, so the road you drive on doesn't suddenly collapse under the load).
Apart from a lot more discussion than is normal about a political issue in Sweden, the only real thing that has happened is that the director responsible for this has been fired and fined some three weeks worth of wages. My personal opinion is that she should have been tossed in prison and left to rot there, this leak may have damaged Sweden much more than all spies that have ever operated in Sweden in the past.
My sources: a lot of reports in Swedish media.
Full disclosure: I live in Sweden and am a Swedish native.
The crime she committed ("Recklessness with secret documents") carries a maximum penalty of one year in prison (BrB 19 kap. Â9). And altough I wouldn't mind seeing her spending some time behind bars, after having read (the redacted, non-juicy, parts of) the Secret service investigastion, I wouldn't really put the blame on her.
The whole mess started before she was appointed director of the agency, she seems to basically have been brought in and told: "Sign these documents, otherwise the outsourcing is gonna be delayed even further".
I would like to see a lot more heads roll before this story gets filed away.
You can sue the government in many democracies. Not sure if Sweden is one of those places, but its certainly not something you can arbitrarily claim without looking into it. (Whether its useful to sue the government is another question of course..)
and giving the job to the more capable entity
Unfortunately neither organization has mastered preventing human error, so while you're not incorrect.. your statement is rather irrelevant to "someone f'd up," no matter how big an f they upped.
When the government screws up, you're stuck with it (short of revolution).
I don't know where you live but around here we have these things called elections which let us change governments without all the shooting, rioting and deaths of a typical revolution. You should try them, they aren't fantastic but they are a lot better than the alternative.
Seriously, Russia had been trying to do this for a year, and then Sweden goes and does it for them.
All those wasted hacker hours.
Sigh.
-- Tigger warning: This post may contain tiggers! --
Thanks! That sure was one sloppy /. post! Fortunately, the Swedish Wikipedia article does present a clear picture: the Swedish department of transportation outsourced its I.T. operation, which resulted in foreign technicians with (obviously) no Swedish security clearance to have complete access to a large amount of sensitive information.
Sure, those in charge of security had opposed the outsourcing, but the leadership could not resist the lure of all that taxpayers’ money that would be saved out of the deal... Yes, at the cost of massive risks: leaks of secret information, and dependence on foreign control and foreign labour for fairly critical government services.
This illustrates rather well the pitfalls of the cloud and outsourcing in general. I hope that the leaders of other countries (and of large corporations) are watching with interest and taking notes.
$#@! 'em. And good on you for finding something that tilts the tide and sticking to it. Any idiot can get fast, satisfying results for a little while - it takes determination and vision to accept that what took years to put on will take years to take off. Best of luck in maintaining your vision and embracing your needed lifestyle changes.
An old friend of mine had a sailing metaphor philosophy on life - as long as you can keep trending in the right direction you'll get where you want to go. The important thing is to keep your hand on the wheel and not let yourself get discouraged when you occasionally get blown off course.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
You can sue the government in many democracies.
I.e., you can sue yourself, the taxpayer. How would anyone in Sweden receive remedy given that every Swede was affected? You would have to tax each citizen the exact cost of the judgement they receive or else reallocate money from their public services.
Unfortunately neither organization has mastered preventing human error,
Government seems to think that punishing 'human error' is a great way to prevent it -- provided we are talking about citizens acting privately. If I make the human error of not noticing a change in speed limit the government is happy to fine me and possibly jail me and take away my driving privileges.
Businesses can and do punish human error by firing people, or the business itself may be snuffed out by consumer boycott, loss of contracts, or revenue-gobbling lawsuits. Governments, however, tend not apply such drastic consequences to themselves. If the government, e.g., 'accidentally' violates law concerning privacy of its citizens, no one is going to prison.
So while it's true that mistakes happen regardless, in only one case is there a significant incentive to avoid them.
When things get complex, multiply by the complex conjugate.
Even worse - the responsible people were told that the transfer was even an illegal move by the internal revision people of that department but they moved ahead anyway. Responsible ministers kept silent and didn't even inform the prime minister of this.
Nothing less than a public flogging would be suitable.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
So this story is essentially much ado about nothing
So while some 90% of the database is official, it DOES contain secret military information without any marking of that, or at least that wasn't removed prior to publishing the database.
From a military perspective, this is the largest leak since the 1980's, when Russian spy Stig Bergling stole huge amounts of even more dangerous information, which basically forced a complete(!) re-organization of the whole military.
I always wondered what the GNAA trolls would do when they grew older. So this is what you've sunk to.
Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
Not really, no. The water levels are low for reasons other than global warming. The aquifer is nearly depleted due to overuse and drought. None of those is directly related to climate change. The depletion is definitely due to humans, however. The river should also be fed be aquifer. It isn't. We used the water to grow food and lawns.
"So long and thanks for all the fish."
Tell that to Tim Pool, because he experienced them first hand. Don't know who he is? He's an independent journalist that flies all over the place to where the stories are. The most recent case where a german journalist decided to dox him, and then handed all of his info to a german antifa group who then tried to attack him and another group of independent journalists.
There were "friends" who told him not to report on those no-go zones because they didn't want him to for ideological reasons. They want to maintain the "happy migrant picture" while burying their head in the sand over the violence, sexual assaults and rape. Others(everything from leftwing groups that support unrestricted migration to antifascist groups) that threatened him to not report on it. You can dig through his twitter feed if you want the names of the people who threatened him to not report on those areas. Yes they do exist, and yes the media is lying to you about them "not really existing."
Om, nomnomnom...
Don't blame Sweden, they thought the cloud was wearing a condom.
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling