Advertisement

Sweden telecom network 'vulnerable to attack'

The Local Sweden
The Local Sweden - [email protected]
Sweden telecom network 'vulnerable to attack'
Swedish landlines could be vulnerable to hacking, according to newspaper Dagens Nyheter. Photo: Lars Pehrson/SvD/SCANPIX

Outsourcing and serious security flaws by external suppliers could leave Sweden's telecommunications network open to attack – and make it easier for foreign powers to tap into them unnoticed, an IT security expert has said.

Advertisement

p { margin-bottom: 0.25cm; line-height: 120%; }a:link { }

Telia Sonera manages the majority of the Swedish copper wire telecommunications network – used by almost 3.9 million customers, including official authorities – through its daughter company Skanova. But for a number of years maintenance of its IT system has been outsourced to a consulting firm in India.

The firm has been given unique access to Telia Sonera servers in Sweden, which in theory means that it would be able to bug as well as knock out the entire telecom network, according to Swedish daily Dagens Nyheter (DN).

And according to unnamed sources quoted by the newspaper, computer user names and passwords are often exchanged via unencrypted email.

p { margin-bottom: 0.25cm; line-height: 120%; }a:link {  IT security expert Leif Nixon sharply cricitized the practice in an interview on Thursday. He said it is particularly serious if the passwords get emailed to customers in other countries as foreign surveillance authorities – such as the NSA in the United States and the British GCHQ – are likely to be monitoring cross border traffic.

“To send passwords by email should be a 'big no-no' to a telecom operator,” he told DN.

Håkan Kvarnström, head of security at Telia Sonera, said it does not matter if the IT system is administered from Sweden or from abroad.

“We have strict agreements regulating security requirements with all our suppliers. The same rules that apply to our own workers apply to them,” he told DN.

When asked about passwords being sent in unencrypted emails, he said: “That's nothing I'm familiar with. Emailing passwords is a violation of our security rules. It is serious. Passwords must never be sent in plain text. It absolutely must not happen.”

The Swedish Post and Telecom Authority (PTS) is the watchdog that monitors the electronic communications and postal sectors in Sweden.

“It is difficult to say at present whether the conduct has been right or wrong. When it comes to the handling of passwords it is of course important that Telia acts. There are regulations stating that passwords should be handled in a secure manner and that the people involved should have been given proper training,” Staffan Lindmark at the PTS  told DN on Thursday.

More

Join the conversation in our comments section below. Share your own views and experience and if you have a question or suggestion for our journalists then email us at [email protected].
Please keep comments civil, constructive and on topic – and make sure to read our terms of use before getting involved.

Please log in to leave a comment.

See Also