nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Sweden leaked every car owners' details last year, then tried to hush it up

Silver badge

don't over egg it

> e-mailed the entire database in clear text messages

It's not as sky falling as being made out. The data was protected by the BorkBork cipher whilst in transit.

10
3

> e-mailed the entire database

If am attachment that size doesn't crash your mail client, it ought to get blocked by both outbound and inbound SMTP servers on the way.

2
0
Silver badge

"I blanda'd up"

Hoorrorific if true.

But why is all that information even IN a single database?

And what happens now? Free credit monitoring??

10
0

Re: "I blanda'd up"

Free credit monitoring? For the people in the witness protection program?

I'm sure they'll love that. They'd probably prefer free life insurance with a obscene payout.

5
0
Anonymous Coward

Re: "I blanda'd up"

They could probably buy a pension really cheap.

Anon: I don't want my ID leaked.,

1
0
Silver badge

Read the title, knew it was IBM

All I had to do was read the title and I knew it was IBM.

9
0
Mushroom

Re: Read the title, knew it was IBM

I know IBM is the industry whipping boy for stupid mistakes at the moment, but in all honesty, this was setting them up to fail.

Why the hell does a government keep sensitive military and police data in the same bit bucket with normal registration information!? In *ANY* IT system, someone somewhere has the ability to wander in and out of the system at will. By putting all this in one place, you have to accept that at least one person in the chain has the ability to grant access to any or all of the data to an unlimited number of people. The worst part is, you can have a data spill like this not from malicious intent, but (as the article says) from common, garden variety ineptitude.

Pretty much all big business contractors will only work to the contract. If you want something extra that you failed to negotiate for in the original contract, it'll cost you extra. If the Swedish government kept everything in one place like this, and then outsourced the lot without putting some obscene contract terms in to specifically limit where the data gets manipulated, and who has the ability to grant access to it, then this fail is all on them. IBM's involvement was little more than the equivalent of trying to use a bucket of kerosene to put out a bonfire.

30
1
Bronze badge

Re: Read the title, knew it was IBM

Clearly you have difficulty understanding that the whole world will be heading this way.

IBM are just way ahead of the curve.

12
0
Silver badge

Re: Read the title, knew it was IBM

Low bid, of course.

You get what you pay for, in this case a lack of training in the Govt staff at all levels.

4
0
Silver badge
WTF?

Re: Read the title, knew it was IBM

@ecofeco wrote: All I had to do was read the title and I knew it was IBM.

It's not IBM's fault:

"[Sweden's] transport agency e-mailed the entire database in clear text messages to marketers that subscribe to it..."

Sweden's transport agency screwed this up! And why is Sweden selling this information to marketeers?

5
0
Silver badge

Re: Read the title, knew it was IBM

"Low bid, of course."

It is IBM... I very much doubt that the final price will be low, even if the initial bid was low.

2
0
Silver badge
Big Brother

Stories like this sure make me glad that the government is surveilling every aspect of everyone's existence possible and storing it all in huge databases. Of course there's no way that all could leak out as we know that government spy agencies are leak-proof.

I'd love to see another Snowden/Shadow Brokers, but instead of releasing evidence of mass criminal activity or stealing and releasing malware this new person/group would dox congress. I'm talking every filthy little detail down to the lung capacity to the pet budgie owned by the transvestite prostitute that insert-ultra-right-wing-senator-here sees every Friday. That might do something to wake up our garbage legislators and maybe even the private sector to how dangerous this stuff can be.

On the other hand, it probably would just encourage them to surveil more and move on to more important things.

24
0
Silver badge

but instead of releasing evidence of mass criminal activity or stealing and releasing malware this new person/group would dox congress.

That will never happen in our lifetimes. I'd assume that's kept in a very deep and dark place, possibly not on computer. After all, the agency has to assure itself of maximum funding in every year's budget and keeping the ones who vote on the budget in line is part of their self-imposed duty.

7
0
Silver badge

On the other hand, it probably would just encourage them to surveil more and move on to more important things.

Oh, that old news. I thought you were talking about this.

2
0
Anonymous Coward

Cloud

Why are we still using this sad marketing term from 2015?

"Servers", including the owner (and renter where applicable) is the correct term.

14
0
Bronze badge
WTF?

"as much value as a truckload of dead rats in a tampon factory"

I'm guessing that phrase probably makes more sense in Swedish?

If somebody says "as useful as tits on a bull" you get the idea, but dead rats and tampons? What's the connection?

12
0
Holmes

Re: "as much value as a truckload of dead rats in a tampon factory"

There isn't any. That's the point.

17
1
Bronze badge

Re: "as much value as a truckload of dead rats in a tampon factory"

Yes, men should be wary of women having access to data like this because there brains are not hormone wired so well for technical security thinking! Also WTF were the database access controls to forbid access to restricted and higher security data, even in a stupidly monolithic database!

1
12
Bronze badge
FAIL

Re: "as much value as a truckload of dead rats in a tampon factory"

@DryBones:"There isn't any. That's the point."

The guy made an unnecessarily long-winded statement about the value of dead rats in a tampon factory, possibly in an attempt at being ironic.

Looks like you don't know how to make an ironic comparison either.

Conflating two random things just makes you look stupid, or high. But maybe something was lost in translation...Can any native Swedish speakers comment?

4
1
Happy

Re: "as much value as a truckload of dead rats in a tampon factory"

Tampons - furry things with a tail.

Dead rats - furry things with a tail.

That's how I saw it. Made me laugh, but I'm sick.

Rik had fun with a 'mousey' found in a girl's handbag, The Young Ones party episode - a very good one.

19
0
Silver badge

Re: "as much value as a truckload of dead rats in a tampon factory"

@Drybones, I'm with @Snorlax on this one. Round these parts, the construction is more subtle than "as much value as X on a Y", where X and Y bear no relation. Here at least there needs to be almost a relation. So tits on a cow; great, A++, would buy again. They can either get me milk for my coffee or feed my future dinner. Both excellent endeavours. Tits on a bull... not so much.

Maybe something gets lost in translation, and I'm the first to admit that my knowledge about the manufacturing process for tampons is somewhat lacking, but truckloads of dead rats don't seem to have an equivalent that is used in the production. Maybe the word sounds like something, or maybe other parts of the world you can just say whatever you feel like with such a sentence construct. Curious.

4
0

Re: "as much value as a truckload of dead rats in a tampon factory"

No, it doesn't make any sense in swedish either. Just like the multiple violations of laws regarding classified information that the gubbmint itself wantonly have commited for decades now. (this is just the tip of a very large iceberg with regards to how the department in question operaters)

I'd wager Falkvinge was going for something along the lines of rats in a tampon factoryu are utterly useless, misplaced and a sanitary risk. Much like privacy handled by the government.

5
0
Facepalm

Re: "as much value as a truckload of dead rats in a tampon factory"

As no-one else seems to have noticed, I'll point out that it's actually a quote from the very aptly named film, "Top Secret"

11
0
Anonymous Coward

Re: "as much value as a truckload of dead rats in a tampon factory"

I guessed at rats-tails vs. string... but I was probably over-thinking...

0
0

Re: "as much value as a truckload of dead rats in a tampon factory"

As no-one else seems to have noticed, I'll point out that it's actually a quote from the very aptly named film, "Top Secret"

Nick: Listen to me, Hillary. I'm not the first guy who fell in love with a woman that he met at a restaurant who turned out to be the daughter of a kidnapped scientist, only to lose her to her childhood lover who she last saw on a deserted island, who then turned out fifteen years later to be the leader of the French underground.

Hillary: I know. It all sounds like some bad movie.

[Long pause. Both look at camera]

2
0

This post has been deleted by its author

Silver badge

they only way for us to be truly safe from these data breaches is to have a global data base of people who have had there details leaked. This data base needs to contain things like SS/NI #. home address. Maiden name, drive license detail, bank account details, children and spouse name. Needs to be secured with SHA-0 and hosted by a country with a track record of tight privacy laws. I suggest the United States. To make easy for international police to access this data base I suggest that this data base be accessible by web site. Capita shall be given the contract.

15
0
Silver badge

You do realize that some journalist reading the above will assume you are being serious and at least 10 persons (all experts, as we all know non-experts have no access to comment here!) agreed with you. That's the idea, right?

So, to enhance your original idea I propose to also store details of those who have not been leaked yet, in the same database. With a bool field to tell whether or not details have been leaked yet. By default set to true, and with validity constraint that the only allowed value is true.

5
0
Silver badge

Sorry I just assume any one that could find their way to el reg comment section would be able to detect sarcasm and would now about the general snarkyness on this site.

0
0
Bronze badge

marketers?

the transport agency e-mailed the entire database in clear text messages to marketers that subscribe to it

Why are marketers, private organisations, receiving a feed of the entire government vehicle database, irrespective of whether it's encrypted or not?

I understand that the government probably uses private marketing agencies to do it's own mass-mailouts, but in that case only the necessary information for that particular mass mailout should be being sent to the specific marketers.

I guess any PI's or re-possession agents or similar, or foreign intelligence gathering, need to cultivate contacts in marketing firms to get registration details. They don't need to bother with trying to subvert someone in the police or the Swedish DMV-equivalent.

9
1
Anonymous Coward

Re: marketers?

Why are marketers, private organisations, receiving a feed of the entire government vehicle database, irrespective of whether it's encrypted or not?

It's semi-public data. Anyone can go to the transportstyrelsen website, punch in a reg number, and not only get details of the vehicle but have the name and address of the previous three owners sent to them by email or SMS.

Organisations that are interested can get the dataset and scan it for particular types of vehicles, ownership changes, etc. So buy a used car, and in a few days you get letters from insurance companies giving you offers, local dealerships offering you servicing, etc etc.

8
0
Silver badge

Re: marketers?

" irrespective of whether it's encrypted or not?"

Exactly. Who cares how secure it is if you can ask for a copy of it?

4
0
Silver badge

Re: marketers?

The DVLA does it too. Why? It's a nice source of money.

What could possibly go wrong? Naaah, nothing could possibly go wrong.

4
0
Bronze badge

Re: marketers?

Wow, ok, that's pretty fucked up.

Here, you cannot get details, besides current registration status, from the DMV, it is restricted, private information.

There would be an uproar if that sort of information was handed out.

2
1
Silver badge

Re: marketers?

"The DVLA does it too. Why? It's a nice source of money."

The DVLA doesn't do quite the same thing. It will supply vehicle details with no keeper details and it will supply rough vehicle description with registered keeper geographic location anonymised to one of 1,000 vehicles and 300 households.

They also do one-off keeper details for those intending to pursue legal action (in theory, but it doesn't check very hard) and a multiple request process for parking enforcement cowboys.

And they bulk feed law enforcement.

What they won't do is supply keeper details in bulk to the general public.

1
0

Re: marketers?

In US, VA in particular each car dealer has a "tag" book. In theory helps speed taking trade-ins only from registered owner. Of not available to individual owners. Reasons: Money and Convenience.

0
0
Silver badge

Too Many Idiots in the Kitchen

A classic screw up, an inept government agency (an oxymoron I know) and I've Been Moved (aka Itty Bitty Morons) to make a complete hash of this. Combined with outsourcing to other countries, not verifying if the people with access should have access, what else could go wrong?

2
1
Silver badge
Headmaster

Re: Too Many Idiots in the Kitchen

I'm not quite sure you understand what an Oxymoron is. An Oxymoron is two words which when put together dont make sense - a light darkness, a cloudy sun, or a small giant. In this case a "competent government agency", would be an Oxymoron. An inept government agency is the norm - at least when it comes to IT and data...

11
0
Silver badge
Headmaster

Re: Too Many Idiots in the Kitchen

Sorry - Not quite.

An oxymoron is actually a name, or maybe title, that seems to contradict the thing it is naming.

The most overused example is probably "Military Intelligence". But there are many others to choose from - e.g. Great Yarmouth.

6
1
Silver badge

Re: Too Many Idiots in the Kitchen

That's just one application of the word, but in general an oxymoron is a description that is self-contradictory. Such as "a regular abnormality" (since something abnormal, by definition, can't be regular) or a "squared circle" (since a circle, by definition, has no corners).

4
0

Re: Too Many Idiots in the Kitchen

I think he meant 'tautology'.

'Oxymoron' btw IS an oxymoron. The word is from classical Greek and means 'sharp-dull'.

5
0
Anonymous Coward

Abba-ismal

Ring ring

SOS

Mamma Mia

Hasta manyana

0
0
Silver badge
Headmaster

Just me?

"Type, model, weight, and any defects of any and all government and military vehicles, including their operator”.

I wonder what type, model and weight the average operator is and what their defects are.

8
0
Silver badge
Facepalm

The Young Ones fan?

I thought tampons were made of mice !!

4
0
Silver badge

Re: The Young Ones fan?

"A truckload of dead rats in a tampon factory"

Please could somebody explain this simile for me ?

Thanks.

0
1
Silver badge
Coat

Re: The Young Ones fan?

"A truckload of dead rats in a tampon factory". Unless a Google translate "feature" one has to assume it's a comparison between rats in a sausage factory and rats in a tampon factory claiming they are more easily detected among tampons. Or perhaps it's just a silly thing to say.

0
0
Bronze badge

Re: The Young Ones fan?

"A truckload of dead rats in a tampon factory"

A line from "Top Secret", Val Kilmer's first movie.

2
0

Re: The Young Ones fan?

I thought Real Genius was his first movie.. Oh, well.

1
0

Oh those Swedes!

Meanwhile:

Trump preparing new better-jobs-for-the-economy-plan to simplify storing of radioactive waste under playgrounds.

More about Sweden after the break.

1
3
Silver badge
Flame

Re: America... no, the world, stranger than fiction!

They already DID that: https://en.wikipedia.org/wiki/Love_Canal

(Ok, it was not a playground... it was an entire school! There is a limit to intelligence, but not to...)

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing