Google
 

Aardvark Daily

New Zealand's longest-running online daily news and commentary publication, now in its 25th year. The opinion pieces presented here are not purported to be fact but reasonable effort is made to ensure accuracy.

Content copyright © 1995 - 2019 to Bruce Simpson (aka Aardvark), the logo was kindly created for Aardvark Daily by the folks at aardvark.co.uk



Please visit the sponsor!
Please visit the sponsor!

When the government is hacked

29 May 2019

We have some pretty stiff laws in place to protect us against hackers.

Well no, that's wrong, let me put the situation honestly...

We have some pretty stiff laws and penalties in place to punish those who get caught hacking. And that's a whole lot different to my first statement.

The reality is that a lot of malevolent hacking goes on every day and in the vast majority of cases, those responsible for such evil deeds go unpunished because they are never caught. And hackers know this.

Therefore, the threat of dire penalties probably has little effect and does not "protect" us as much as our politicians would like us to believe.

But if we accept that hackers will hack and that all data stored on computers with an internet connection is vulnerable to unauthorised access -- what should happen when government computers get rooted?

If a private company is found to have been negligent in the configuration of their hardware or software and this results in the disclosure of personal or sensitive information, chances are that they will face censure and penalty for their slackness.

But what happens when it's a government agency or department whose security is found wanting?

What if, for instance, someone was to hack the NZ Treasury?

Nah... it would never happen... right?

Well apparently it did.

From the limited information available it seems that this was one of those breaches that really don't qualify as a true hack -- since someone may well have posted the documents concerned to a publicly accessible site, from where they were downloaded using nothing more than a browser and the click of a mouse.

Who is at fault in such cases?

Was it the "hacker" who stumbled upon a publicly accessible page carrying links to the documents in question?

Or was it whoever was stupid enough to rely on "security by obscurity" and thought that it was okay to leave the files accessible because "nobody will find them"?

In law, it was probably the person that downloaded them but in reality I think we all know that this may well have been a case of gross negligence.

Sadly for the "hacker", if they're caught they'll probably get a penalty for using their mouse in such a way -- but given that the negligent party is paid out of taxpayers' pockets, they will enjoy the indemnity that comes from being in the employ of the state.

Fair?

To delve into the world of analogies for a moment...

This situation is somewhat akin to leaving a document on a public park bench and trusting nobody will read it because they don't know it's there. It's also somewhat akin to blaming someone who happened to stroll past and browse said document -- all while it was sitting on that park bench in a public place.

Who's at fault there?

This also raises a far more important issue - that of the simply massive amount of data that governments now hold on each and every one of us, and the apparent ease with which that data could be hacked by unknown third parties. Who will be held to account when that happens?

Answer: nobody who is truly responsible, that's for sure.

While our data is safely cosseted away on government computers everything is fine. However, if some smart-arsed Eastern European hacker group decide to grab a copy for themselves and flog it on the open market, where will you, I and every other NZ resident be then?

There's a huge amount of power available to the holder of this information and while that holder is working *for* us, all well and good. But when that holder is working against us, that data becomes a powerful weapon.

I trust that the woodenheads in Wellington have thought of that and applied a whole lot more attention to the security of our personal data than they've applied to protecting the latest budget.

Why do I feel more than a little uneasy right now?

Please visit the sponsor!
Please visit the sponsor!

Have your say in the Aardvark Forums.

PERMALINK to this column


Rank This Aardvark Page

 

Change Font

Sci-Tech headlines

 


Features:

The EZ Battery Reconditioning scam

Beware The Alternative Energy Scammers

The Great "Run Your Car On Water" Scam

 

Recent Columns

Social media kills
Before I get on to the main topic of today's column, a word about silly press releases...

RP4 and security
Everyone loves the Raspberry Pi, especially hackers...

Cyberspace, the new battle-front
There is a war being fought between the USA and its enemies; a silent war...

Is this the new YouTube?
As I've mentioned in the past, many YouTube content creators are getting pretty hacked off with the company's attitudes, restrictions and seemingly inconsistent application of its policies regarding monetization and even the total deletion of some channels...

Government IT, it's a joke, right?
Regular readers will recall th at I wrote a column a month or two ago in which I commented on the seemingly outrageous cost for the proposed UK drone registration database...

Is this big or what?
There was a time when only the government of a country could mint money that was legal tender...

Is the internet now shill-city?
There was a time when the Net was just about the best place to go if you were looking to see whether a product or service was worth spending money on...

It is not about safety
In a tragic accident, two people have died on the weekend after a mid-air collision between two aircraft near Hood aerodrome in New Zealand...

One dollar, one vote
Being somewhat of a masochist at heart (or at least so it appears), I subjected myself to almost two and a half hours of political discussion and debate yesterday...

Robomaster has arrived
I'm a great fan of STEM, STEAM and other programs to get kids interested and involved in technology and so I was thrilled to see the latest product from DJI (the drone people)...

Assange, another vendetta?
The US government has filed an extradition request for Julian Assange...