It’s been described as “the biggest leak in Swedish history”, and it’s easy to see why.
Looking to cut costs, in 2015, the Swedish Transport Agency (STA) outsourced the management of its database and IT infrastructure to two companies — IBM in the Czech Republic, and NCR in Serbia.
Given the sensitivity of the data, it should have only really been accessed by authorized personnel. But the STA was eager to deploy the system, ostensibly to save money on labor costs, and it bypassed vital security checks that would have otherwise prevented Czech and Serbian techies from working on the system.
Per Infosecurity Magazine, the database contained:
vehicle registration data from every Swedish citizen, data on all government/military vehicles, the weight capacity of all roads and bridges, names, photos and home addresses of Air Force pilots, police suspects, elite SAS-style operatives and anyone in a witness protection scheme.
There are also concerns that the European Union’s secure STESTA network, which was connected to the Swedish government intranet, was also compromised.
Serbia has pivoted closer to Russia in recent years, and there is a concern that information from this database will be obtained by Russian intelligence. According to Swedish Pirate Party founder Rick Falkvinge:
While it can’t be proven in this specific case that high-value military information in Serbia’s hands also comes into Russia’s hands, it’s one of those things that should…