POST Online Media Lite Edition



 

IT workers in other countries had access to secret Swedish records

Staff Writer |
Two secret police databases were made available to Czech IT workers without security clearance during a cyber security slip-up at the Swedish Transport Agency (Transportstyrelsen), reports the DN daily.

Article continues below






It emerged this week that Sweden's security police Säpo investigated Transportstyrelsen after key information was made available to IT workers in other countries who had not gone through the usual security clearance checks when the agency outsourced its IT maintenance to IBM in 2015.

Swedish newspaper DN now reports that three IT workers in the Czech Republic were able to access all stored information during this period – including two confidential police databases which Transportstyrelsen's staff use when they look at driving licence applications.

These included criminal records and a database where the police keep information about people suspected of crimes – where in some cases even the suspects do not know they are being investigated.

“In that case you have opened up the possibility of accessing secret information that can be used against individuals, but also by organized crime which can make money from selling the data. You can also manipulate it by deleting or adding information,” security expert Johan Wiktorin told DN.

IT workers from a company in Serbia were also able to monitor traffic between Transportstyrelsen and 34 Swedish government agency via the Swedish Government Secure Intranet (SGSI).

The system is connected to a protected EU network, TESTA, and only Swedish citizens who have undergone special training are allowed to access it. The Serbian staff were therefore not given the cryptokeys, but were able to monitor communication via the network, writes DN.


What to read next

Laptop with national security information stolen from Secret Service in New York
9 hospitalized in Sweden after paper mill accident
Swedish government increases defense spending