Gordon Campbell | Parliament TV | Parliament Today | Video | Questions Of the Day | Search

 


Labour alerts Justice Ministry to gaping security hole

Clare
CURRAN
Communications and IT Spokesperson

9 April 2013 MEDIA STATEMENT

Labour alerts Justice Ministry to gaping security hole in its website
Labour’s Information Technology spokesperson, Clare Curran, has today alerted the Ministry of Justice of a serious security flaw in its website.

The vulnerability leaves the personal and financial details of tens of thousands of New Zealanders potentially exposed, and might allow a malicious person to redirect payments to and from members of the public.

“This is a very serious matter. This is yet another gaping hole in the security of a major government site, with privacy and financial implications for a huge number of people,” says Clare Curran.

The security flaw allows access to Ministry of Justice passwords and databases, via a publicly accessible search engine on its website.

“The Ministry of Justice holds incredibly sensitive data – including information about the victims of crime. The Government has a fundamental duty to protect that information. This flaw, if exploited, could have a devastating effect on thousands of people.

“Earlier today I wrote to the Ministry of Justice, the Minister Judith Collins and the Privacy Commissioner alerting them to the issue, which must be addressed urgently.

“This matter was brought to my attention by a whistle-blower. That person has agreed to help the Ministry of Justice in any way they can to ensure the security flaw is fixed.

“This is the latest in a disturbingly long line of information technology security flaws and privacy breaches. There is clearly a major systemic problem with IT security.

“In the past two years more than 100,000 Kiwis have had their privacy breached by government agencies, including the ACC, MSD, IRD and EQC. This is an issue of public trust and confidence in government systems.

“The National Government needs to treat this matter with the seriousness it deserves, and stop hiding behind human error as an excuse for not protecting people’s private information,” says Clare Curran



Ministry of Justice security flaw Q and A

What is the nature of the security flaw?
The flaw allows access to what appears to be Ministry of Justice databases covering licences and fines. Those databases would likely include the personal details of many victims of crimes.

Access to the page containing passwords for the databases was found via a publicly accessible part of the Ministry of Justice website.

How serious is this vulnerability?
This is a serious flaw. The passwords were contained in a plain text file, and those passwords could be used to access incredibly sensitive information, and could potentially allow someone to alter fines payments and financial records.

The MoJ website is very vulnerable to anyone who is serious about trying to break into it. The MoJ website’s security is nowhere near an acceptable standard.

Potentially how many people’s information is at risk because of this problem?
That is not clear. But the databases in question could include information about people that the Courts have imposed a fine upon, and any victim of crime that is receiving reparations. At the very least the databases also hold the details of those with licences issued by the Ministry of Justice.

How did Clare Curran become aware of the issue?
Clare Curran was contacted by a concerned member of the public, who identified the vulnerability. That person contacted her in the hope that she could help expose the problem and get it fixed.

The whistle-blower did NOT access the Ministry databases, but did view the plain text file that contained the passwords. This confirmed the seriousness and extent of the security issue. This file has been passed on to the Ministry of Justice.

Clare Curran will not be publicly identifying her source, but they have agreed to help the Ministry of Justice to address this problem.


© Scoop Media

 
 
 
 
 
Parliament Headlines | Politics Headlines | Regional Headlines

More Evidence - Scoop Press Conference Recordings:
PM's Post-Cab Presser 8/8/11
"at that point [Tucker] told me he'd release it ..."

Hager Revelations: Inquiry Into NZSIS Release Of Goff Docs

The Inspector-General of Intelligence and Security (IGIS), Cheryl Gwyn, announced she would be instituting an inquiry concerning allegations that the New Zealand Security Intelligence Service (NZSIS) might have released official information to Mr Cameron Slater, regarding briefings provided to the then Leader of the Opposition, for political purposes...

“I am satisfied there is a sufficient public interest justifying the commencement of an own-motion inquiry into the substance of the issues raised with my Office,” said Ms Gwyn. More>>

Goff: Director’s Letter Contradicts Key’s Claims

At yesterday’s media standup, when asked on the topic John Key said ‘I wasn’t told’...
“In a letter dated November 2011 former SIS director Warren Tucker states three times that ‘in accordance with the usual practice of keeping the minister informed’ the Prime Minister had been told. More>>


 

Parliament Today:

Schools, PPTA Sign Up: Primary Teachers And Principals Vote Down Govt Plan

Teachers and principals have voted overwhelmingly against the Government’s controversial “Investing in Educational Success” policy, including proposed highly-paid principal and teacher roles. More>>

ALSO:

Gordon Campbell: On The Usual Round Of Mud Slinging And Name-Calling

This week gave an interesting example of how hard it is to untangle the reality from the slanging matches. The issue that emerged early this week could hardly be more important. Does the government intend to cut spending in health, education and on the environment if re-elected, or not? More>>

Earlier:

Electionresults.co.nz: National and NZ First Rise in Roy Morgan Poll

National has bounced back in the latest Roy Morgan Poll but the big winner has been New Zealand First who rise to their highest level of support since September 2013. More>>

ALSO:

Fish Pun Warning: By Hoki! It’s Labour’s Fisheries Policy

A Labour Government will protect the iconic Kiwi tradition of fishing by improving access to the coast, protecting the rights of recreational fishers and reviewing snapper restrictions, Labour’s Fisheries spokesperson Damien O’Connor says. More>>

ALSO:

It's Official: Governor General Gives Direction To Conduct Election

The Governor General has signed the writ directing the Electoral Commission to conduct the General Election on 20 September 2014. This is the formal authority to run the 2014 election, and enables candidate nominations to open tomorrow Thursday 21 August 2014. More>>

Gordon Campbell: No More Mr Nice Guy

When future historians seek to identify the exact moment when the prime ministerial career of John Key hit the downward slope, they may well point to Key’s interview yesterday with Guyon Espiner on RNZ’s Morning Report. More>>

ALSO:

Dirty (Politics) Weekend: Collins’ Admission Reason For Key To Act

"Despite claiming that the evidence about her in Nicky Hager's book was ‘false’ Judith Collins has now been forced to admit that she did send information about a Ministerial Services staff member to Cameron Slater for him to use in a baseless smear campaign. More>>

ALSO:

Potential Disasters: Underground Coal Fire On Denniston Plateau

Forest & Bird says one or more coal fires have broken out beneath the Denniston Plateau, and that the Department of Conservation (DOC) must stop Bathurst Resources’ preparatory mining work going on there until the fire or fires are extinguished. More>>

ALSO:

Get More From Scoop

 

LATEST HEADLINES

 
 
 
 
 
 
 
 
Parliament
Search Scoop  
 
 
Powered by Vodafone
NZ independent news