I feel like something in my brain broke and I'm suddenly way stupider than usual, I can't access any article there, it's only a link to the domain, am I doing something wrong?
It's a link to the previous HN discussion of the same story. We often post these to explain to readers why a later submission has been tagged [dupe] above. If that still doesn't make sense, feel free to email hn@ycombinator.com and we'll explain further.
I'm surprised this hasn't come up on HN earlier as it's been in the news in Sweden for a couple of days already.
Lots of mud being thrown around especially towards Russia (Swedes are scared of Russia because they did not join NATO in an effort to remain neutral)
But from my perspective it's a weird cognitive dissonance involved in this story. The real issue is not that this content (which is sensitive) was outsourced, it was that it was outsourced to "people who may be pro-russia". No matter that they're outsourcing this information to a US company. That is not the scandal.
I know the USA is supposedly an ally but, with their history of spying on foreign (EU) ministers and political leaders it's unnerving that nobody challenges the notion of giving US companies (and by proxy; the US government) even more access to data.
So what exactly has happened there? They say that some "transport agency" has uploaded their database to a 3rd party and this somehow implies compromise of military databases too? How is "EU secure intranet" relevant?
EU secure intranet has no business being there. I've never heard of it and it's "not a thing" in regards to this. Even if it is a thing in real life.
What happened was; the Swedish equivalent of the DMV was outsourcing everything to IBM, IBM were using their sites in the post-soviet bloc to handle this.
Part of the outsourcing were people playing a bit fast and loose with data security standards. Their primary database was unencrypted and they would routinely pass around excel spreadsheets with confidential information in them via email (even to external folks)
Then the Swedish government gave the "DMV" a list of people under witness protection. That list was sent (with a bunch of others) for "removal" from the system, IBM in the post-soviet country could not understand the difference between military personnel who had to be delisted for being undercover and witness protection people who would be given new identities.
So they sent a list with the new and old identities in an unencrypted excel spreadsheet. Those two sheets are what leaked.
The rest of the information was uncovered while they were looking at the source of the sheets.
> EU secure intranet has no business being there. I've never heard of it and it's "not a thing" in regards to this. Even if it is a thing in real life.
It's called s-TESTA, its precursor was TESTA [0].
The thing is: The same company responsible for the leak was allegedly also contracted to connect the Swedish government intranet to s-TESTA. So if the company is really a bad actor, and not merely incompetent, then there's a very real possibility of s-TESTA having been compromised.
I mean even if they are really just that incompetent, then that also doesn't bode well for whatever they did to connect the Swedish intranet to s-TESTA.
> If Sweden isn't part of NATO, would it be correct to call Sweden and the US allies? I don't see it.
Sweden and Finland signed a "Host Nation Support Agreement"[1] with NATO a few years ago. And there's also been previous joint military exercises with the US/NATO in Sweden, and the upcoming exercise "Aurora 17"[2].
