
'Keys to kingdom' leaked by Sweden exposing military secrets, EU secure intranet - freeflight
http://www.ibtimes.co.uk/keys-kingdom-leaked-by-sweden-exposing-millions-data-military-secrets-eu-secure-intranet-1631565
======
dang
[https://news.ycombinator.com/item?id=14825766](https://news.ycombinator.com/item?id=14825766)

~~~
freeflight
I feel like something in my brain broke and I'm suddenly way stupider than
usual, I can't access any article there, it's only a link to the domain, am I
doing something wrong?

~~~
dang
It's a link to the previous HN discussion of the same story. We often post
these to explain to readers why a later submission has been tagged [dupe]
above. If that still doesn't make sense, feel free to email hn@ycombinator.com
and we'll explain further.

~~~
freeflight
Figured it out, my ad blocker removed the URL from the discussion you linked
to, so it ended up looking really odd on my end.

------
dijit
I'm surprised this hasn't come up on HN earlier as it's been in the news in
Sweden for a couple of days already.

Lots of mud being thrown around especially towards Russia (Swedes are scared
of Russia because they did not join NATO in an effort to remain neutral)

But from my perspective it's a weird cognitive dissonance involved in this
story. The real issue is not that this content (which is sensitive) was
outsourced, it was that it was outsourced to "people who may be pro-russia".
No matter that they're outsourcing this information to a US company. That is
not the scandal.

I know the USA is supposedly an ally but, with their history of spying on
foreign (EU) ministers and political leaders it's unnerving that nobody
challenges the notion of giving US companies (and by proxy; the US government)
even more access to data.

~~~
qb45
So what exactly has happened there? They say that some "transport agency" has
uploaded their database to a 3rd party and this somehow implies compromise of
military databases too? How is "EU secure intranet" relevant?

~~~
dijit
EU secure intranet has no business being there. I've never heard of it and
it's "not a thing" in regards to this. Even if it is a thing in real life.

What happened was; the Swedish equivalent of the DMV was outsourcing
everything to IBM, IBM were using their sites in the post-soviet bloc to
handle this.

Part of the outsourcing were people playing a bit fast and loose with data
security standards. Their primary database was unencrypted and they would
routinely pass around excel spreadsheets with confidential information in them
via email (even to external folks)

Then the Swedish government gave the "DMV" a list of people under witness
protection. That list was sent (with a bunch of others) for "removal" from the
system, IBM in the post-soviet country could not understand the difference
between military personnel who had to be delisted for being undercover and
witness protection people who would be given new identities.

So they sent a list with the new and old identities in an unencrypted excel
spreadsheet. Those two sheets are what leaked.

The rest of the information was uncovered while they were looking at the
source of the sheets.

~~~
freeflight
> EU secure intranet has no business being there. I've never heard of it and
> it's "not a thing" in regards to this. Even if it is a thing in real life.

It's called s-TESTA, its precursor was TESTA [0]. The thing is: The same
company responsible for the leak was allegedly also contracted to connect the
Swedish government intranet to s-TESTA. So if the company is really a bad
actor, and not merely incompetent, then there's a very real possibility of
s-TESTA having been compromised.

I mean even if they are really just that incompetent, then that also doesn't
bode well for whatever they did to connect the Swedish intranet to s-TESTA.

[0]
[http://ec.europa.eu/idabc/en/document/2097/5644.html](http://ec.europa.eu/idabc/en/document/2097/5644.html)

------
banashark
the article on privateinternetaccess adds some nice details:
[https://www.privateinternetaccess.com/blog/2017/07/swedish-t...](https://www.privateinternetaccess.com/blog/2017/07/swedish-
transport-agency-worst-known-governmental-leak-ever-is-slowly-coming-to-
light/)

~~~
mercer
You forgot something there...

EDIT: uBlock did this, my apologies.

------
leke
Should these kind of things be on computers?

