Another huge government data breach

CERT-LatestNews ThreatsActivists ThreatsCybercrime ThreatsStrategic


Just imagine, a data breach that hands over to all sorts of undesirables a list of the members of the nation’s most secret and specialized military units, the names – and home addresses – of air force pilots, the names and location of police suspects, and those who are in witness relocation programs.

This is the catastrophe with which Sweden is forced to deal after authorities discovered a massive mistake in the nation’s data files.

The IB Times reported on Monday the government in Sweden incorrectly uploaded an entire database, including all of those secret lists, when it started working with an outside contractor a few years ago to manage some aspects of the information.

The Times said it was “now considered to be one of the worst government IT disasters ever.”

“The leak, which occurred in 2015, saw the names, photos and home addresses of millions exposed. Those affected include fighter pilots of Swedish air force, police suspects, people under the witness relocation program, members of the military’s most secretive units (equivalent to the SAS or SEAL teams) and more,” the Times reported.

It developed like this: The Swedish Transportation Agency said it was outsourcing its database management to companies such as IBM and NCR. However, when the upload was launched, its entire database moved to cloud services, including “details on every single vehicle in the country.”

It was then sent to marketers.

The government eventually followed with another email, asking recipients to delete the prior message.

But the failure was like handing the “keys to the kingdom” to the wrong side, the report said.

“IBM’s Serbian branch was also allegedly contracted to operate Sweden’s secure government Intranet, which in turn is connected to the EU’s secure network STESTA. In other words, the EU’s secure network was also exposed to those who gained access to the database. What is worse, those provided access to the database are allegedly foreign nationals in countries that are increasingly pro-Russia and anti-EU,” the Times said.

“The net effect here is that the EU secure Intranet has been leaked to Russia by means of deliberate lawbreaking from high ranking Swedish government officials. Even if there are additional levels of encryption on STESTA, which there may or may not be, this should never happen written all over it,” said Rick Falkvinge of the privacy advocating organization Private Internet Access.

The dissemination happened in 2015, but wasn’t found until 2016.

At that time, Maria Agren, the STA director general, was fired and fined approximately half a month’s pay.

“It started out with a very speedy trial where a director general in Sweden was fined half a month’s pay. Given how much the establishment has got each other’s backs, this sentence was roughly equivalent to life in prison for a common person on the street, meaning they must have done something really awful to get not just a guilty verdict, but actually be fined half a month’s salary,” Falkvinge said. “Let’s be clear: if a common mortal had leaked this data through this kind of negligence, the penalty would be life in prison. But not when done by the government themselves. Half a month’s pay was the harshest conceivable sentence.”

Even now, the report explained, the STA database is being run by two foreign companies.

WND Founder Joseph Farah described two years ago the problems that followed when hackers breached U.S. government databases and got the names, addresses and Social Security numbers of 22 million current and former federal workers.

He described it as a cyber attack of Pearl Harbor proportions.

The incident, he said, exposed “to foreign enemies, terrorists and criminals a treasure trove of information that has compromised national security in ways that may not be completely understood for decades to come.”

Then, he wrote, Congress investigated the Obama administration scandal, and, “Officials from the Office of Personnel Management, the Office of Management and Budget and Department of Homeland Security all refused to testify.”

“It’s almost as shocking as the administration’s negligence in permitting the cyber-attack in the first place. It’s a cover-up, plain and simple. It’s stonewalling on a scale that puts Richard Nixon and Bill Clinton to shame,” he wrote.

The issue of computer breaches, or hacks has played huge role in American politics lately.

After the data breaches that revealed secret Democratic National Committee emails during the 2016 presidential election, Democrats have been on a virtually nonstop campaign claiming Russian intervention in the political process on behalf of President Donald Trump.

They’ve also been fighting off allegations of breaches inside the halls of Congress.

Just recently, former DNC chief Debbie Wasserman Schultz agreed to cooperate with investigators who wanted to access her laptop as part of a criminal investigation into suspected hacking.

Not only had Wasserman Schultz refused for months to give investigators permission to inspect the contents of the laptop, she publicly threatened the chief of the Capitol police, telling him during a May hearing there would be “consequences” if he did not return the item to her.

Investigators reportedly were prevented from looking at the contents of the laptop without her permission by the Constitution’s “Speech and Debate” clause, which “bars law enforcement from interfering in lawmakers’ official congressional business,” and which “was designed to keep law enforcement from targeting lawmakers for their political views or legislative work.”

WND also reported just last year that beyond the walls of government, at least 500 million user accounts were hacked at Yahoo.

The stunning admission revealed more than half-a-billion user account credentials were stolen by the breach at Yahoo, including users’ email addresses, birth dates, passwords and some security questions. Even more troubling to some experts is how long the hack played out.

“Whoever it was was lurking around in their system since 2014, which is an inordinately long period of time, usually someone is in about 201 days and there start to be indications that they’re in there. In this case, Yahoo didn’t even find out until they were notified by somebody else,” said IDT911 Founder and Chairman Adam Levin.

Multiple other companies have experience data breaches as well.

[Reuse options]Click here for reuse options!