IT workers in other countries had access to secret Swedish records
It emerged this week that Sweden's security police Säpo investigated Transportstyrelsen after key information was made available to IT workers in other countries who had not gone through the usual security clearance checks when the agency outsourced its IT maintenance to IBM in 2015.
Swedish newspaper DN now reports that three IT workers in the Czech Republic were able to access all stored information during this period – including two confidential police databases which Transportstyrelsen's staff use when they look at driving licence applications.
These included criminal records and a database where the police keep information about people suspected of crimes – where in some cases even the suspects do not know they are being investigated.
“In that case you have opened up the possibility of accessing secret information that can be used against individuals, but also by organized crime which can make money from selling the data. You can also manipulate it by deleting or adding information,” security expert Johan Wiktorin told DN.
IT workers from a company in Serbia were also able to monitor traffic between Transportstyrelsen and 34 Swedish government agency via the Swedish Government Secure Intranet (SGSI).
The system is connected to a protected EU network, TESTA, and only Swedish citizens who have undergone special training are allowed to access it. The Serbian staff were therefore not given the cryptokeys, but were able to monitor communication via the network, writes DN. ■