UPDATED: Yet another embarassing data leakage

03/06/2009 Written by Boris Mutina (minor)

Sen­si­tive data leak­age is noth­ing new, it’s some­times pretty embarass­ing, when you real­ize the lack of what we call secu­rity aware­ness. Slo­va­kia is not an excep­tion at all when dis­cussing the secu­rity inci­dents, just to men­tion inter­est­ing inci­dent related to Slo­vak National Secu­rity Author­ity, or the dis­clo­sure of the whole cell­phone num­ber data­base of one oper­a­tor, nat­u­rally also with the secret num­bers of the politi­cians and other impor­tant persons.

One of the last really stu­pid inci­dents hap­pened again online: secret ser­vice employee was fired after he posted his photo on pop­u­lar dat­ing web­site. The photo was found by his co-​workers…

This time anony­mous man brought to the offices of Slo­vak news­pa­per SME just one USB pen­drive. As he told, he found it on the main square in small town on the west of the Slo­va­kia where it was lost by a crew of a black BMW (usu­ally used by the politi­cians or some higher offi­cers…). Con­tent of the drive should be highly con­fi­den­tial: it con­tains exten­sive doc­u­ments and per­sonal data about police­mens from Slo­vak Mil­i­tary Police. Just to men­tion that some Slo­vak mil­i­tary cops are on the mis­sion in Afghanistan…

Sev­eral sce­nar­ios could arise when this drive wouldn’t be deliv­ered to the news­pa­per, but to some crim­i­nals or even the ter­ror­ists. Bet­ter not to men­tion. But any­way: isn’t there really any secu­rity aware­ness in Slo­vak insti­tu­tions??? Do they need the worst sce­nar­ios caused by data leak­age to be true? This could be yet another wake-​up call and we hope it will be. Another inci­dent like this could lead to cru­cial con­se­quences.

As the inves­ti­ga­tion started, Defense Depart­ment refused to answer any ques­tions about this inci­dent. But we would like also to ask few ques­tions: why such sen­si­tive data was located on the pen­drive? why with­out any kind of encryp­tion? why yet another embarass­ing incident?

UPDATE: Embarass­ing inci­dents con­tinue: web­site of the Slo­vak Prime Min­is­ter, that was launched yes­ter­day was imme­di­atelly a vic­tim of Cross Site script­ing attacks. Attacker inserted mali­cious script which caused inject­ing funny con­tent look­ing as reg­u­lar web­site (“Slap your prime min­is­ter” flash game or Youtube video) and spread­ing the link around using online media. At this time web­site admin­is­tra­tors resolved the prob­lem… But was it really nec­es­sary to pub­lish vul­ner­a­ble website?


Share this content: