At least we dared to tackle bribery and corruption!
I felt disgusted and shocked to see that Austria uses a closed source and a spyware infested OS like Windows 10, even in hospitals, where patient’s privacy and security should be at the maximum level.
I guess Windows’ EULA where they explain they collect pretty much every information typed or seen on that computer doesn’t mean anything when it’s not your information.
How bad it could be if a private, for-profit, out of EU company knows that you have pacemaker, insulin pump or other kind of device that keeps you alive?
Or that your vision, hearing is not so good, they will never take advantage of that, right?
So much for Austria’s caring for citizens privacy and security!
I remember visiting its capital once and knowing that it’s number 1 worldwide in quality of living rankings, I thought that for sure it would take privacy an security seriously and have at least on app on F-droid for transportation, a map with water sources, toilets, something.
There was nothing at the time.
Quick explanation to what happened, as read from Austrian news.
tl;dr – Database from public broadcasting fee collector was made publicly available by a subcontractor by accident and was discovered by a Dutch hacker.
This data leak was not caused by any vulnerability in an operating system or an application, but by human error. The company that collects the public broadcasting fees (GIS) keeps a record of most Austrians in their database, this data was provided by the central civil register. They also keep a record of buildings, to track people who don’t pay fees. GIS hired a “renowned” subcontractor to restructure their database, which led to the database being copied onto the contractors server. So far so good, this is normal procedure according to cyber police.
An employee of the subcontractor was conducting testing with the GIS database and made it publicly available on the internet for an entire week. This was discovered by the Dutch hacker via an internet search engine, who then proceeded to download all the data. He then offered it for a small sum on a forum, it is said that this was a 4 digit sum. Read more on [orf.at](https://orf.at/stories/3302702/)
4 comments
oh cool..
it’s nice to see that the austrian government takes the privacy of its citizen seriously /s
That’s what happens when you use a closed source operating system full of vulnerabilities like Windows!
But if Microsoft, its maker, says about their product that it’s secure, it must be secure…
And they prefer to listen to that or do the wishful thinking as you cannot properly audit and verify closed source software anyway.
Or their preference is a bit incentivized, like in Romania, they country they hate so much:
https://en.wikipedia.org/wiki/Microsoft_licensing_corruption_scandal
At least we dared to tackle bribery and corruption!
I felt disgusted and shocked to see that Austria uses a closed source and a spyware infested OS like Windows 10, even in hospitals, where patient’s privacy and security should be at the maximum level.
I guess Windows’ EULA where they explain they collect pretty much every information typed or seen on that computer doesn’t mean anything when it’s not your information.
How bad it could be if a private, for-profit, out of EU company knows that you have pacemaker, insulin pump or other kind of device that keeps you alive?
Or that your vision, hearing is not so good, they will never take advantage of that, right?
So much for Austria’s caring for citizens privacy and security!
I remember visiting its capital once and knowing that it’s number 1 worldwide in quality of living rankings, I thought that for sure it would take privacy an security seriously and have at least on app on F-droid for transportation, a map with water sources, toilets, something.
There was nothing at the time.
Quick explanation to what happened, as read from Austrian news.
tl;dr – Database from public broadcasting fee collector was made publicly available by a subcontractor by accident and was discovered by a Dutch hacker.
This data leak was not caused by any vulnerability in an operating system or an application, but by human error. The company that collects the public broadcasting fees (GIS) keeps a record of most Austrians in their database, this data was provided by the central civil register. They also keep a record of buildings, to track people who don’t pay fees. GIS hired a “renowned” subcontractor to restructure their database, which led to the database being copied onto the contractors server. So far so good, this is normal procedure according to cyber police.
An employee of the subcontractor was conducting testing with the GIS database and made it publicly available on the internet for an entire week. This was discovered by the Dutch hacker via an internet search engine, who then proceeded to download all the data. He then offered it for a small sum on a forum, it is said that this was a 4 digit sum. Read more on [orf.at](https://orf.at/stories/3302702/)