Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
einr 2 hours ago

some report it's basically the code and certs responsible for BankID SSO

No. CGI has nothing to do with BankID.

IMO the most credible reports suggest that the source code and data involved are related to these four services:

https://www.cgi.com/se/sv/business-process-services/e-tjanst... "Mina engagemang offers a user-friendly and flexible solution that allows your customers to manage their cases directly through a personal portal. Here, users can view, track, and interact with their ongoing cases, which enhances both transparency and efficiency in the communication process." -- some kind of ticket/case management system for gov't agencies

https://www.cgi.com/se/sv/business-process-services/elektron... "With our secure end-to-end e-ID and eSign services, we can help you streamline document and contract management, gain access to all desired e-ID issuers, and improve cost efficiency." -- this sounds like a bad thing to compromise, but is to the best of my understanding a system for digital signatures on documents, and has no relation to BankID

https://www.cgi.com/se/sv/business-process-services/e-tjanst... "Gain better control over your organization’s representatives with our easy-to-use representative registry. By automating the identification and verification of representatives, you’ll gain a clear overview and enhance the security of your processes." -- sounds like some bullshit CRUD app for managing who can "represent" a gov't agency

https://www.cgi.com/se/sv/business-process-services/e-tjanst... "SHS is Sweden’s common standard for information exchange, enabling secure and efficient communication between government agencies, businesses, and organizations." -- this might be bad if real data was leaked

These are services used by various Swedish government agencies and it's pretty bad to have even a test instance of them hacked, but let's calm down. The entire Swedish state has not been compromised here.

jonashus 2 hours ago | parent [-]

> CGI has nothing to do with BankID

That's incorrect. Skatteverket used CGI for BankID-login, I don't know if they still do. I have personal experience working on a BankID-login using CGI for another company and it is still active.

Edit: I just confirmed Skatteverket still uses CGI for BankID-auth. "funktionstjanster" is CGI.

einr 2 hours ago | parent [-]

OK, let me rephrase that: CGI, while they may "have something to do" with BankID in the sense that they have developed systems that integrate with it, does not itself develop BankID and does not hold any private keys for BankID.