Google
 

Aardvark Daily

New Zealand's longest-running online daily news and commentary publication, now in its 25th year. The opinion pieces presented here are not purported to be fact but reasonable effort is made to ensure accuracy.

Content copyright © 1995 - 2019 to Bruce Simpson (aka Aardvark), the logo was kindly created for Aardvark Daily by the folks at aardvark.co.uk



Please visit the sponsor!
Please visit the sponsor!

When the government is hacked

29 May 2019

We have some pretty stiff laws in place to protect us against hackers.

Well no, that's wrong, let me put the situation honestly...

We have some pretty stiff laws and penalties in place to punish those who get caught hacking. And that's a whole lot different to my first statement.

The reality is that a lot of malevolent hacking goes on every day and in the vast majority of cases, those responsible for such evil deeds go unpunished because they are never caught. And hackers know this.

Therefore, the threat of dire penalties probably has little effect and does not "protect" us as much as our politicians would like us to believe.

But if we accept that hackers will hack and that all data stored on computers with an internet connection is vulnerable to unauthorised access -- what should happen when government computers get rooted?

If a private company is found to have been negligent in the configuration of their hardware or software and this results in the disclosure of personal or sensitive information, chances are that they will face censure and penalty for their slackness.

But what happens when it's a government agency or department whose security is found wanting?

What if, for instance, someone was to hack the NZ Treasury?

Nah... it would never happen... right?

Well apparently it did.

From the limited information available it seems that this was one of those breaches that really don't qualify as a true hack -- since someone may well have posted the documents concerned to a publicly accessible site, from where they were downloaded using nothing more than a browser and the click of a mouse.

Who is at fault in such cases?

Was it the "hacker" who stumbled upon a publicly accessible page carrying links to the documents in question?

Or was it whoever was stupid enough to rely on "security by obscurity" and thought that it was okay to leave the files accessible because "nobody will find them"?

In law, it was probably the person that downloaded them but in reality I think we all know that this may well have been a case of gross negligence.

Sadly for the "hacker", if they're caught they'll probably get a penalty for using their mouse in such a way -- but given that the negligent party is paid out of taxpayers' pockets, they will enjoy the indemnity that comes from being in the employ of the state.

Fair?

To delve into the world of analogies for a moment...

This situation is somewhat akin to leaving a document on a public park bench and trusting nobody will read it because they don't know it's there. It's also somewhat akin to blaming someone who happened to stroll past and browse said document -- all while it was sitting on that park bench in a public place.

Who's at fault there?

This also raises a far more important issue - that of the simply massive amount of data that governments now hold on each and every one of us, and the apparent ease with which that data could be hacked by unknown third parties. Who will be held to account when that happens?

Answer: nobody who is truly responsible, that's for sure.

While our data is safely cosseted away on government computers everything is fine. However, if some smart-arsed Eastern European hacker group decide to grab a copy for themselves and flog it on the open market, where will you, I and every other NZ resident be then?

There's a huge amount of power available to the holder of this information and while that holder is working *for* us, all well and good. But when that holder is working against us, that data becomes a powerful weapon.

I trust that the woodenheads in Wellington have thought of that and applied a whole lot more attention to the security of our personal data than they've applied to protecting the latest budget.

Why do I feel more than a little uneasy right now?

Please visit the sponsor!
Please visit the sponsor!

Have your say in the Aardvark Forums.

PERMALINK to this column


Rank This Aardvark Page

 

Change Font

Sci-Tech headlines

 


Features:

The EZ Battery Reconditioning scam

Beware The Alternative Energy Scammers

The Great "Run Your Car On Water" Scam

 

Recent Columns

Where NZ leads the world
A reader dropped me an email last week in respect to the activities of the Extinction Revolution (ER) group and in respect to the actions police were taking against them...

Solved: the mystery of static electricity
I remember being fascinated by static electricity as a young lad...

Government uses the word "compulsory"
We're told that we live in a free society...

The streaming market is getting messy
In the beginning, there was Netflix...

The proceeds of crime (hypocrisy alert)
New Zealand has an oft-used law that allows police to seize the property and assets of anyone who they "think" may have obtained those assets/property as the results of criminal activities...

Microsoft is hijacking my computer
Like most people, I have a computer that runs the Windows operating system...

Is no news good news?
As is so often the case these days, I've been up and sitting at my desk since a little before 4am...

Tourism, an asset or a liability?
Tourism is a big earner for New Zealand...

Finally, I was right
Over five years ago, I wrote a column in which I suggested that it would be a smart idea to use mesh-networks to sidestep mobile networks...

How your smartphone could narc on you
There are now probably more smartphones on the planet than people...

The weaponisation of space
Ever since the first ping was received from Russia's Sputnik satellite back in the 1950s, space has been seen as a critical element of every superpower's military activities...