Swedish Mega-leak

#1
Almost impossible to believe, but it seems the Swedish government's Transport Agency moved a load of data to The Cloud, not realising that this was, er, a tad insecure.

The data included personal details of special forces and police witnesses, plus detailed descriptions and specs of military vehicles, and an indication of roads earmarked as suitable for landing aircraft.

More here: https://www.linkedin.com/pulse/sweden-trouble-jean-labrique

Favourite bit - the same agency sold Sweden's entire register of vehicles and owners, and then realised that the list included people in the witness protection program, so sent out an email listing their new identities and asking everyone who bought the original list to kindly delete the sensitive names!

Whodunnit? The boss of the Transport Agency, Maria Agren, was prosecuted and convicted of disclosing classified material. She was sentenced to the loss of half a months' pay.....
 

AlienFTM

MIA
Book Reviewer
#2
The Cloud, not realising that this was, er, a tad insecure.
Pay peanuts.

Had she followed the old adage, "Nobody ever got sacked for buying IBM," and bought the right kind of cloud space, she'd have been fine.

Probably bought cloud space in a shed.
 

Cold_Collation

LE
Book Reviewer
#3
Whodunnit? The boss of the Transport Agency, Maria Agren, was prosecuted and convicted of disclosing classified material. She was sentenced to the loss of half a months' pay.....
And there's the big problem: had she worked for a commercial company, she'd never find employment again.
 
#6
Pay peanuts.

Had she followed the old adage, "Nobody ever got sacked for buying IBM," and bought the right kind of cloud space, she'd have been fine.

Probably bought cloud space in a shed.
Er...

On digging, it turns out the Swedish Transport Agency moved all its data to “the cloud”, as managed by IBM, two years ago.
Or have I just been wah'd?
 

AlienFTM

MIA
Book Reviewer
#7
Er...



Or have I just been wah'd?
Well I missed that!

I told them it was all sh¡t and they were throwing out what separates them from the field before I left.

And my former colleagues wonder why they're running at a loss?

Last one out, shut the door.
 
#8
The company I work for has decided the cloud is a really, really good idea and is going to move all our sensitive data there. Brought in a wiz guy to manage it who 'knows all about it'. He'll be here for a year or two then skip off with his fat cheque to the next job. Like he did with the last one "How long were you at your last job?" - "A whole two years, making sure it was right". They think they are going to save a lot of money, together with the headcout saving of course.

I'm guess a clusterfeck in the waiting.
 
#9
The company I work for has decided the cloud is a really, really good idea and is going to move all our sensitive data there. Brought in a wiz guy to manage it who 'knows all about it'. He'll be here for a year or two then skip off with his fat cheque to the next job. Like he did with the last one "How long were you at your last job?" - "A whole two years, making sure it was right". They think they are going to save a lot of money, together with the headcout saving of course.

I'm guess a clusterfeck in the waiting.
As an exercise, search and replace within the proposal document and replace every reference to "the cloud" to "the Internet". See if higher management will approve this proposal.

Now do the same, but this time replace references to "the cloud" to "publicly accessible servers controlled by a third party supplier". See if that one gets approved.

You can use cloud computing securely and safely, but the first step is realising it's not some magic facility, it's just computers and software that someone else is running.
 
#10
The company I work for has decided the cloud is a really, really good idea and is going to move all our sensitive data there. Brought in a wiz guy to manage it who 'knows all about it'. He'll be here for a year or two then skip off with his fat cheque to the next job. Like he did with the last one "How long were you at your last job?" - "A whole two years, making sure it was right". They think they are going to save a lot of money, together with the headcout saving of course.

I'm guess a clusterfeck in the waiting.
You too huh?
We've had that twattery so often the expectation of us being shafted goes with the job.
 
#11
Since its conception I have been dubious of off site storage of data and cloud storage, you have data someone else can profit from, then that data it will be stolen.

I realise its cheaper but immensely fool hardy in my opinion, keep all data in house on secure servers maintained by on site staff.
 
#12
As an exercise, search and replace within the proposal document and replace every reference to "the cloud" to "the Internet". See if higher management will approve this proposal.

Now do the same, but this time replace references to "the cloud" to "publicly accessible servers controlled by a third party supplier". See if that one gets approved.

You can use cloud computing securely and safely, but the first step is realising it's not some magic facility, it's just computers and software that someone else is running.
You'll be surprised how many peeps in very senior positions don't know what you've just written. Magic beans is what they believe in and they'll pay good money for it and fek you off for daring to raise an eyebrow.
 
#13
Since its conception I have been dubious of off site storage of data and cloud storage, you have data someone else can profit from, then that data it will be stolen.

I realise its cheaper but immensely fool hardy in my opinion, keep all data in house on secure servers maintained by on site staff.
There is no reason why it can't be safe and secure, if done properly. However "done properly" costs money. We provide a dedicated, private, cloud for a customer. It's not cheap, but it provides a fixed cost facility, that is not shared with anyone else, and is cheaper than doing the equivalent with suppliers such as Amazon etc. We also take security and process seriously and work directly with our customers IT department to the point we are treated very much as a partner rather than a supplier.
 
#14
Since its conception I have been dubious of off site storage of data and cloud storage, you have data someone else can profit from, then that data it will be stolen.

I realise its cheaper but immensely fool hardy in my opinion, keep all data in house on secure servers maintained by on site staff.
It can be both secure and resilient IF proper safeguards and security procedures are in place. However, that costs money, so along comes bean counters with the possibility Vs likelyhood chestnut and we all know where that leads.
Fekkit. Beaten by @Drazyl
 
#15
Tedsson's First Law Of Computing - Don't store any personal data in the cloud. None whatsoever and certainly nothing that can identify you, your address, financial and other personal details.

I use various Cloud storage services like Degoo (100Gb free) Google (15Gb free) etc but only for stuff that is not important (music, pictures, maps, books etc). Stuff I don't really care about and don't really care if anyone else has access to.

I back up everything across two laptops and three encrypted external drives. There are risks in that but it is a trade off.
 
#17
Pay peanuts.

Had she followed the old adage, "Nobody ever got sacked for buying IBM," and bought the right kind of cloud space, she'd have been fine.

Probably bought cloud space in a shed.
Sounds like she bought the cloud space between her ears.
 
#18
Swedish PM admits that huge data leak is ‘a disaster’

Another link on the subject.

It does appear to be a fornicate up of truly epic proportions.

Wordsmith
From the article.

"To make matters worse, it seems that the transport agency’s director-general, Maria Ågren, had “decided to abstain” from the National Security Act, the Personal Data Act and the Publicity and Privacy Act when overseeing the outsourcing project, according to a statement from the agency"

Thats like being in charge of government secrets and not signing the official secrets act, what kind of mickey mouse set up is that.
 
#19
From the article.

"To make matters worse, it seems that the transport agency’s director-general, Maria Ågren, had “decided to abstain” from the National Security Act, the Personal Data Act and the Publicity and Privacy Act when overseeing the outsourcing project, according to a statement from the agency"

Thats like being in charge of government secrets and not signing the official secrets act, what kind of mickey mouse set up is that.
Er, a Swedish one. Specifically the Dept of Transport :)
 

Similar threads

Latest Threads

Top