Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
ACS_Solver 4 hours ago

I saw it on SVT a few hours ago. DN and Expressen have also reported. The details about what exactly it is that got leaked are unclear (some report it's basically the code and certs responsible for BankID SSO) but this is certainly being reported domestically.

worldsayshi 4 hours ago | parent | next [-]

In Aftonbladet comments from CGI they seem to think that no production related data has been leaked:

https://www.aftonbladet.se/nyheter/a/ArvG0E/cgi-sverige-uppg...

zyberzero 3 hours ago | parent | next [-]

But a copy of production data in the test environment isn't production data... It's test data! :)

yaris 3 hours ago | parent | prev | next [-]

As if it ever happened that a breached company admitted immediately that they've just been fucked.

3 hours ago | parent | prev [-]
[deleted]
einr 2 hours ago | parent | prev [-]

some report it's basically the code and certs responsible for BankID SSO

No. CGI has nothing to do with BankID.

IMO the most credible reports suggest that the source code and data involved are related to these four services:

https://www.cgi.com/se/sv/business-process-services/e-tjanst... "Mina engagemang offers a user-friendly and flexible solution that allows your customers to manage their cases directly through a personal portal. Here, users can view, track, and interact with their ongoing cases, which enhances both transparency and efficiency in the communication process." -- some kind of ticket/case management system for gov't agencies

https://www.cgi.com/se/sv/business-process-services/elektron... "With our secure end-to-end e-ID and eSign services, we can help you streamline document and contract management, gain access to all desired e-ID issuers, and improve cost efficiency." -- this sounds like a bad thing to compromise, but is to the best of my understanding a system for digital signatures on documents, and has no relation to BankID

https://www.cgi.com/se/sv/business-process-services/e-tjanst... "Gain better control over your organization’s representatives with our easy-to-use representative registry. By automating the identification and verification of representatives, you’ll gain a clear overview and enhance the security of your processes." -- sounds like some bullshit CRUD app for managing who can "represent" a gov't agency

https://www.cgi.com/se/sv/business-process-services/e-tjanst... "SHS is Sweden’s common standard for information exchange, enabling secure and efficient communication between government agencies, businesses, and organizations." -- this might be bad if real data was leaked

These are services used by various Swedish government agencies and it's pretty bad to have even a test instance of them hacked, but let's calm down. The entire Swedish state has not been compromised here.

jonashus 2 hours ago | parent [-]

> CGI has nothing to do with BankID

That's incorrect. Skatteverket used CGI for BankID-login, I don't know if they still do. I have personal experience working on a BankID-login using CGI for another company and it is still active.

Edit: I just confirmed Skatteverket still uses CGI for BankID-auth. "funktionstjanster" is CGI.

einr 2 hours ago | parent [-]

OK, let me rephrase that: CGI, while they may "have something to do" with BankID in the sense that they have developed systems that integrate with it, does not itself develop BankID and does not hold any private keys for BankID.