I am a Swedish citizen. Lived here for almost 40 years. It is a bit unclear to be what the "the Swedish e-government platform" is. Would have been great if they at least could have published which domain name the service has.
– Neither our data nor our users' data has been leaked. It is a service we use for e-signatures that has been affected, but there is no data from us or our users there, says
The information that source code was leaked from a joint government e-platform is not true, according to Peder Sjölander.
– There is no such platform. I think the perpetrators in this want people to feel insecure. We feel confident that our data is safe and we have the situation under control before the tax return period opens next week.
It's not going to be a specific service or agency with a domain name, it's going to be services that are either internal and used by employees only, or that are integrated into other systems that you may be interacting with without knowing it.
Nothing in particular, based on my understanding CGI a Swedish IT consultant company was hacked, they have contracts for and are the maintainers and developers of a bunch of various government departments IT services.
Many global companies have subsidiaries in the countries they operate in. Aside from many other reasons, it helps make people in those countries think they're local!
Some other comments mention BankID private keys . That would be the biggest disaster as that’s what everyone uses to identify themselves “securely” on all government services.
Well doesn’t Relying Parties using the BankID API for signatures and authentication have private keys to start the flows for users scanning QR codes etc?
Could you, having the right private keys, impersonate some company soliciting a BankID signature?
I’m not sure what you can do with that though. You cannot steal some other ongoing signature I guess.
You can start a signing process saying you are who ever owned that certificate. E.g. if you call someone. You can not use those signatures to gain access, and it is rather in phishing.
Yes, nothing and the facts that these are government services, they use BankID and they updated their websites with "maintenance work" announcements for tomorrow, Saturday. For kronofogden.se there was no maintenance planned just half an hour ago. Knowing swedish tendency to plan things months ahead I would _guess_ that this maintenance work has been rushed due to some circumstances.
It's quite possible that the maintenance is related, but I can nearly 100% assure you this has absolutely nothing to do with BankID. I don't know who suggested that but they are either poorly informed or actively trying to sow FUD.
