Gordon Campbell | Parliament TV | Parliament Today | Video | Questions Of the Day | Search


Labour alerts Justice Ministry to gaping security hole

Communications and IT Spokesperson


Labour alerts Justice Ministry to gaping security hole in its website
Labour’s Information Technology spokesperson, Clare Curran, has today alerted the Ministry of Justice of a serious security flaw in its website.

The vulnerability leaves the personal and financial details of tens of thousands of New Zealanders potentially exposed, and might allow a malicious person to redirect payments to and from members of the public.

“This is a very serious matter. This is yet another gaping hole in the security of a major government site, with privacy and financial implications for a huge number of people,” says Clare Curran.

The security flaw allows access to Ministry of Justice passwords and databases, via a publicly accessible search engine on its website.

“The Ministry of Justice holds incredibly sensitive data – including information about the victims of crime. The Government has a fundamental duty to protect that information. This flaw, if exploited, could have a devastating effect on thousands of people.

“Earlier today I wrote to the Ministry of Justice, the Minister Judith Collins and the Privacy Commissioner alerting them to the issue, which must be addressed urgently.

“This matter was brought to my attention by a whistle-blower. That person has agreed to help the Ministry of Justice in any way they can to ensure the security flaw is fixed.

“This is the latest in a disturbingly long line of information technology security flaws and privacy breaches. There is clearly a major systemic problem with IT security.

“In the past two years more than 100,000 Kiwis have had their privacy breached by government agencies, including the ACC, MSD, IRD and EQC. This is an issue of public trust and confidence in government systems.

“The National Government needs to treat this matter with the seriousness it deserves, and stop hiding behind human error as an excuse for not protecting people’s private information,” says Clare Curran

Ministry of Justice security flaw Q and A

What is the nature of the security flaw?
The flaw allows access to what appears to be Ministry of Justice databases covering licences and fines. Those databases would likely include the personal details of many victims of crimes.

Access to the page containing passwords for the databases was found via a publicly accessible part of the Ministry of Justice website.

How serious is this vulnerability?
This is a serious flaw. The passwords were contained in a plain text file, and those passwords could be used to access incredibly sensitive information, and could potentially allow someone to alter fines payments and financial records.

The MoJ website is very vulnerable to anyone who is serious about trying to break into it. The MoJ website’s security is nowhere near an acceptable standard.

Potentially how many people’s information is at risk because of this problem?
That is not clear. But the databases in question could include information about people that the Courts have imposed a fine upon, and any victim of crime that is receiving reparations. At the very least the databases also hold the details of those with licences issued by the Ministry of Justice.

How did Clare Curran become aware of the issue?
Clare Curran was contacted by a concerned member of the public, who identified the vulnerability. That person contacted her in the hope that she could help expose the problem and get it fixed.

The whistle-blower did NOT access the Ministry databases, but did view the plain text file that contained the passwords. This confirmed the seriousness and extent of the security issue. This file has been passed on to the Ministry of Justice.

Clare Curran will not be publicly identifying her source, but they have agreed to help the Ministry of Justice to address this problem.

© Scoop Media

Parliament Headlines | Politics Headlines | Regional Headlines



Relevant Consents Gained: Government Unveils RMA Reform Package

The government has formally hauled down the flag on its attempts to alter the balance of environmental and economic priorities in the Resource Management Act, unveiling a 180-page Resource Legislation Amendment Bill containing reforms that have been largely endorsed by most political parties. More>>


Closing Schools And Such: Interim Redcliffs Decision Announced

“While the school’s board has argued that circumstances that could give rise to potential disruption are extremely unlikely, advice from technical experts has shown these concerns cannot be ruled out." More>>


Jane Kelsey: High Court Can’t Make Groser Provide TPPA Information Faster

‘This week we went back to court to challenge Trade Minister Groser’s stalling tactics over the release of information on the Trans-Pacific Partnership Agreement negotiations, following a High Court order that he reconsider the Official Information Act request I made last January’, said University of Auckland law professor Jane Kelsey, first applicant in the case. More>>

Werewolf 58: No Climate For Change

The last time the global community tried to take collective action on climate change the world’s leaders finally came to agree that every not-too-onerous effort should be made to hold global warming to 2°C above the pre-industrial average. At Paris, all 150 participant countries nations will have put forward their pledges... On the information available, New Zealand's is the second weakest contribution of any nation in the developed world. More>>


Lambton Quay Shutdown: Object Was Made To Look Like Bomb

Police cordoned off part of Lambton Quay Wednesday afternoon, saying that a suspicious package had been found. Buildings were evacuated and buses were detoured. The army’s explosive ordnance disposal unit was brought to the Quay. More>>


Public Sector Still Shrinking: Record Low Number Of 'Backroom Bureaucrats'

Ongoing restraint in the public sector and a focus on better frontline services has seen a further reduction in the number of core Government employees, State Services Minister Paula Bennett says. More>>


Disobeying The Law: Police Censorship Of Crime Research “An Outrage”

The Green Party is calling on Police Minister Michael Woodhouse to ensure Police scrap controversial contracts that place onerous restrictions on academic researchers’ access to Police data, the Green Party says. More>>


Get More From Scoop



Search Scoop  
Powered by Vodafone
NZ independent news