The Swedish Transportstyrelsen (Transport Agency) botched its outsourcing to IBM, uploading its records to IBM's cloud and then emailing cleartext copies to marketing managers, unvetted IBM employees in the Czech Republic and others.
The database contains the names, photos and home addresses of all drivers/car owners in Sweden, and exposes the home addresses of the country's spies, people in witness relocation programs, people on police registries, and "type, model, weight, and any defects in all government and military vehicles, including their operator."
One agency employee, former director general Maria Ågren, was fired and fined, seemingly in connection with the breach.
The breach occurred in 2015, was detected in 2016, and has only just come to the public sphere.
The database is still hosted in IBM's cloud, and the earliest it could be locked down is this autumn.
According to Falkvinge, the leak exposed:
The weight capacity of all roads as well as bridges (which is crucial for warfare, and gives a lot idea about what roads are intended to be used as wartime airfields).
Names, photos, and home addresses of fighter pilots in the Air Force.
Names, photos, and home addresses of everybody in a police register, which are believed to be classified.
Names, photos, and residential addresses of all operators in the military's most secret units that are equivalent to the SAS or SEAL teams.
Names, photos, and addresses of everybody in a witness relocation program, who has been given protected identity for some reasons.
Type, model, weight, and any defects in all government and military vehicles, including their operator, which reveals a much about the structure of military support units.
Swedish authority handed over 'keys to the Kingdom' in IT security slip-up
Sweden Accidentally Leaks Personal Details of Nearly All Citizens [Swati Khandelwal/The Hacker News]
Sen. John Cornyn [R-TX, @JohnCornyn, +1 202-224-2934] introduced the Building America’s Trust Act as a “long-term border security and interior enforcement strategy” but refused to release the bill’s text, which has now leaked.
A group of researchers from Oxford and TU Berlin will present their paper, White-Stingray: Evaluating IMSI Catchers Detection Applications at the Usenix Workshop on Offensive Technologies, demonstrating countermeasures that Stingray vendors could use to beat Stingrays and other “cell-site simulators” (AKA IMSI catchers).
This summer, two of the west coast’s largest metropolitan areas—Seattle and California—took major steps to curtail secret, unilateral surveillance by local police. These victories for transparency and community control lend momentum toward sweeping reforms pending across California, as well as congressional efforts to curtail unchecked surveillance by federal authorities.
The Pry.Me Bottle Opener holds tens of thousands of times its own weight, and you can pick one up now from the Boing Boing Store.This remarkable keychain is considerably smaller than any of your keys, but don’t let that fool you: it can easily open any bottle, and could even tow a trailer full of […]
Guaranteeing your privacy online goes way beyond checking the “Do Not Track” option in your browser’s settings. To ensure that your internet activity is totally hidden from Internet Service Providers, advertisers, and other prying eyes, take a look at Windscribe’s VPN protection. It usually costs $7.50 per month, but you can get a 3-year subscription […]
This project management bundle will help you get organized and learn how to lead a team to success. You can pay what you want for these five courses when you pick them up from the Boing Boing Store.To help you become an invaluable asset for your company, this bundle includes a curated collection of professional […]