Identity Theft Risk Prompts Estonia to Block the Certificates of 760,000 ID Cards



Identity Theft Risk Prompts Estonia to Block the Certificates of 760,000 ID Cards

Screenshot from a promotional video about Estonian ID cards from government’s website

On November 4, 2017 the Estonian authorities disabled the certificates of more than 760,000 national electronic ID cards due to a security vulnerability that could have compromised cards issued between October 16, 2014 and October 26, 2017, and possibly even earlier.

More so than most other countries, Estonia relies on digital technology for many basic services including getting prescription medication, voting, bank transfers, and digital signatures. In fact 98% of Estonians have an ID card that they are able to use as a valid travel ID within Europe, access health insurance, and pay taxes. Digital ID cards were introduced in 2002 and have become the cornerstone of the country’s e-services. Estonia has one of the world’s fastest broadband services and has established strong digital literacy, widespread internet connectivity and e-governance.

The certificate software within the blocked ID cards will be replaced with new, more secure one, in a national-wide effort to deal with the risk of privacy breach. These certificates were deactivated after a group of researchers from the Czech Republic identified a security flaw in the cards’ microchips that could have led to major breaches of citizen’s personal data. The researchers found that the chips installed in ID cards issued between October 16, 2014 and October 26, 2017 (though possibly as early as 2012) were vulnerable to infiltration of both private and public keys and possible identity theft.

The chips were manufactured by Infineon, a microelectronics company with headquarters in the US and Germany, that provides services including government identification, mobile security and embedded security and trusted computing.

The Estonian government says that no infiltration has yet taken place, and that authorities disabled the affected ID cards as a precautionary measure to ensure no harm to citizen data. To guarantee that e-government continued to function, an estimated 35,000 people who use their ID card for their work, such as government officials and doctors, were updated to a safer version first.

On November 2, 2017 Prime Minister Jüri Ratas said in a statement:

The functioning of an e-state is based on trust and the state cannot afford identity theft happening to the owner of an Estonian ID card. As far as we currently know, there has been no instances of e-identity theft, but the threat assessment of the Police and Border Guard Board and the Information System Authority indicates that this threat has become real.

The security threat uncovered by Czech researchers is not limited to Estonian ID cards alone. Presumably, all chipsets produced by Infineon during that time carry the same flaw. Therefore computer systems around the world that use Infineon chipsets are also at risk of infiltration. The vulnerability illuminated the grave security challenges that can come with the digitization of national ID cards and systems.

Social media discussions about this issue included Twitter comments by Toomas Hendrik Ilves, the former President of the Republic of Estonia (2006-2016) who suggested that the “real story” is about Gemalto, the manufacturer of the cards, which appears to have learned about the vulnerability in February, but had not shared this information with customers. Since 2001 Estonian electronic ID cards have been manufactured by Trub AG and its successor Gemalto AG, Swiss companies that use Infineon technologies.

Former President Ilves claimed the Dutch firm “informed commercial users but not the public sector (paying) clients,” urging journalists to look more in depth into the issue.

I leave that to the journalists who so far have focused on the customers, not the ones at fault, as if we were Pinto owners, not Ford. 

Estonian ID is not the only one made by Gemalto. However, no other govt made any noise. Probably because the cards are issued but never used.

The real story is how the chip maker, Gemalto, found out about the vulnerability in Feb but never notify customers 

Or perhaps the story is a tech-empathetic gov’t that responded quickly and measuredly to a crypto security vulnerability. That is news!

Estonia’s move to replace the cards’ certificates also attracted attention from information society enthusiasts across the region of Eastern and Central Europe. In a Facebook discussion, a Serbian IT expert living in Estonia explained the end user perspective through comments:

We were notified several months ago (while the risk was only theoretic), and a few weeks ago they released updates of the certificates through an official app (so one doesn’t have to change the ID). At the moment the authorization process sometimes has some hiccups, but there’s a backup authorisation method via a mobile phone app, so we are not blocked at all.

Putin orders cut of 755 personnel at U.S. missions



Putin orders cut of 755 personnel at U.S. missions

Why Russia is demanding the U.S. cut diplomatic staff
The Post’s Andrew Roth explains a statement the Russian Foreign Ministry issued July 28, seizing U.S. diplomatic properties and demanding the State Department reduce its staff in Russia. (Andrew Roth, Sarah Parnass/The Washington Post)
 July 30 at 4:41 PM
 Russian President Vladimir Putin said Sunday that the U.S. diplomatic missions in Moscow and elsewhere in the country will have to reduce their staffs by 755 people, signaling a significant escalation in the Russian response to American sanctions over the Kremlin’s intervention in the 2016 presidential election.The United States and Russia have expelled dozens of each other’s diplomats before – but Sunday’s statement, made by Putin in an interview with the Rossiya-1 television channel, indicated the single largest forced reduction in embassy staff, comparable only to the closing of the American diplomatic presence in the months following the Communist revolution in 1917.

In the interview, Putin said that the number of American diplomatic and technical personnel will be capped at 455 — equivalent to the number of their Russian counterparts working in the United States. Currently, close to 1,200 employees work at the United States’ embassy and consulates in Russia, according to U.S. and Russian data.

“More than a thousand employees — diplomats and technical employees — have worked and are still working in Russia these days,” Putin told journalist Vladimir Solovyov on a nationally televised news show Sunday evening. “Some 755 of them will have to terminate their activity.”

Putin’s remarks came during a three-and-half-day trip by Vice President Pence to Eastern Europe to show U.S. support for countries that have chafed at interference from Moscow – Estonia, Georgia, and Montenegro.

Russian President Vladimir Putin watched a parade on the Neva River, followed by a short air show and gun salute to celebrate Navy Day on July 30. (Reuters)

“The president has made it very clear that Russia’s destabilizing activities, its support for rogue regimes, its activities in Ukraine, are unacceptable,” Pence said, when asked by reporters in Tallinn, Estonia, whether he expects Trump to sign the sanctions. “The president made very clear that very soon he will sign the sanctions from the Congress of the United States to reinforce that.”

“As we make our intentions clear, we expect Russian behavior to change,” Pence continued.

The Kremlin had said Friday, as the Senate voted to strengthen sanctions on Russia, that some American diplomats would be expelled, but the size of the reduction is dramatic. It covers the main embassy in Moscow, as well as missions in St. Petersburg, Yekaterinburg and Vladivostok.

The U.S. Embassy in Russia has been unable to provide exact numbers on the number of staff it employs in Russia. But a 2013 review by the Department of State said that the American mission in Russia “employs 1,279 staff, including 301 U.S. direct-hire positions and 934 locally employed staff positions from 35 U.S. government agencies.” (A good breakdown of the numbers was posted on the blog Diplopundit).

“This is a landmark moment,” Andrei Kolesnikov, a journalist for the newspaper Kommersant who regularly travels with Putin and has interviewed him extensively over the past 17 years, told the Post in an interview on Friday. “His patience has seriously run out, and everything that he’s been putting off in this conflict, he’s now going to do.”

The Russian government is also seizing two diplomatic properties — a dacha, or country house, in a leafy neighborhood in Moscow, and a warehouse — following the decision by the Obama administration in December to take possession of two Russian mansions in the United States.

The move comes as it has become apparent that Russia has abandoned its hopes for better relations with the United States under a Trump administration.

“I think retaliation is long, long overdue,” deputy foreign minister Sergei Ryabkov said Sunday on ABC’s “This Week with George Stephanopoulos.”

“We have a very rich toolbox at our disposal,” Ryabkov said. “After the Senate . . . voted so overwhelmingly on a completely weird and unacceptable piece of legislation, it was the last drop.”

Hours later, Putin said during his evening interview that he expected relations between the United States and Russia to worsen, and that Russia would likely come up with other measures to counter American financial sanctions, which were passed by the House and Senate last week and which President Trump has said he will sign.

The reduction in U.S. diplomatic and technical staff is a response to President Obama’s expulsion of 35 Russian diplomats in December in response to the alleged Russian hacking of the mail servers of the Democratic National Committee. The United States also revoked access to two Russian diplomatic compounds on Maryland’s Eastern Shore and on Long Island. American officials said they were used for intelligence collection.

It is not yet clear how the State Department will reduce its staff in Russia. Some of the local staff were hired to help with a significant expansion of the U.S. embassy compound in Moscow.

The move increases the likelihood of new, perhaps asymmetrical reprisals by the United States in coming days.

Michael McFaul, former ambassador to Russia, tweeted Sunday: “If these cuts are real, Russians should expect to wait weeks if not months to get visas to come to US.”

Ashley Parker , in Tallinn, Estonia, and Madhumita Murgia, in Washington, contributed.

Russia’s President Putin’s Aggression In Europe Should Worry Every Russian Citizen


Putin’s aggression in Europe should worry the US

Russia: The biggest issue for the next US president?

Russia: The biggest issue for the next US president? 00:40

Story highlights

  • Richard Shirreff: European security is a matter of American security
  • Putin’s aim is clear: to re-establish Russia as one of the world’s great powers, he says

Gen. Sir Richard Shirreff is a senior British army officer and former deputy supreme allied commander Europe. The opinions expressed in this commentary are solely those of the author.

(CNN)Since the formation of NATO in 1949 the defense of Europe and the free world has depended on the absolute certainty that whatever president is occupying the White House, the United States will come to the aid of a NATO member if attacked. Any doubt about the American commitment, and the credibility of NATO’s doctrine of collective defense, is holed below the waterline.

At a time when the West faces a greater threat from a resurgent Russia since the most dangerous crises of the Cold War, NATO, more than ever, needs to stand strong, united and credible.
Russia’s invasion of Crimea and Ukraine in 2014 may have already lit the fuse that could lead to the unthinkable: nuclear war with Russia in Europe.
Consider the words and actions of President Vladimir Putin, who has described the breakup of the Soviet Union as the “greatest geo-strategic tragedy of the 20th century.” In his speech on March 18, 2014, the day Crimea was admitted into the Russian Federation, Putin majored on the threat the West posed to Russia by its continued encirclement and warned about the possibility of push back: “If you compress the spring to its limit, it will snap back hard: something you should remember,” while claiming the right to protect the interests of Russian speakers everywhere, “even if it will worsen our relations with some states.”

Who are Putin's allies?

Who are Putin’s allies?01:40
Overnight, Putin became NATO’s strategic adversary, starting a dynamic that could lead to a clash with NATO over the Baltic states of Latvia, Lithuania and Estonia (which have significant Russian-speaking minorities).
Two years on and the threat is even greater. Indeed, the ratchet of tension clicks tighter on an almost weekly basis: Even this week we wake up to news of Russia sailing warships near the British coast in “a show of force and a show of capabilities,” according to Peter Felstead, editor of Jane’s Defence Weekly.
Unprecedented levels of military activity on the borders and in the airspace of the Baltic states, Finland and Sweden have been matched by the rapid buildup of military forces in Russia’s Western Military District on the borders of NATO.
For example, in January, Russia announced the formation and deployment of three motor rifle divisions, about 60,000 troops, along the Russian frontier with the Baltic states. And the Russians have kept themselves busy with regular so-called snap exercises to test the readiness of their military, at least one of which was based on a scenario of invasion and occupation of the Baltic states.
Putin’s strategic aim is clear: to re-establish Russia’s status as one of the world’s great powers and to dominate the former republics of the Soviet Union — imperialist intentions that might have been acceptable to great powers in the 19th century but which are an affront in 2016. If the opportunity presents itself, he may well activate long-held plans to march into the Baltic states.

Russian relations with the West at new low

Russian relations with the West at new low 02:29
To paraphrase British Prime Minister Neville Chamberlain’s 1938 comment on Czechoslovakia, why are events in these faraway countries of which we may know little important to Americans?
First, because if Russia puts one soldier across the borders of the Baltic states it means war with NATO.
Latvia, Estonia and Lithuania have been members of NATO since 2004 and are therefore protected underArticle 5 of the Washington Treaty, the founding document of NATO, which states that an attack on one is an attack on all. A Russian attack on the Baltic states puts America at war with Russia — meaning nuclear war, because Russia integrates nuclear weapons into every aspect of its military doctrine.
And don’t think Russia would limit itself to the use of tactical nuclear weapons in Europe. Any form of nuclear release by the Russians would almost certainly precipitate nuclear retaliation by the United States, and the dreadful reality of mutually assured destruction and the end of life as we know it would follow.
Indeed, Russia is at war with America already. Russian hacking of Democratic Party email servers and, if confirmed, WikiLeaks publicizing of Clinton campaign emails to discredit the Democrats and propel Donald Trump — arguably what Putin would classify as a “useful idiot” into the White House — is classic Maskirovka — deception, aimed at undermining the intelligence and integrity of the enemy in a way that remains below the threshold of conventional warfare. In the words of Dmitri Trenin of the Carnegie Moscow Center, and a man with close connections to the Putin regime, the Kremlin has been at war since 2014.

The Iceland Summit that helped end the Cold War

The Iceland Summit that helped end the Cold War 00:59
But although the clock may be ticking close to midnight, it is not too late. Maintenance of the peace we have enjoyed in Western Europe for nearly 70 years depends on effective deterrence. The bar of risk must be raised too high for Russia to consider any opportunistic move into the Baltic states. This requires forward basing of a credible military capability in the Baltic states and eastern Poland (rather than the token presence agreed at the NATO Warsaw Summit in July).
NATO reserves able to move quickly and effectively to bolster defenses in the Baltics will send a powerful message. It also requires Canada and European members of NATO to recognize that military capabilities lost from cumulative disarmament over the past two decades must be regenerated. This means increasing defense spending, almost certainly above the 2% of gross domestic product agreed — but often not acted upon — by NATO members (less the United States, UK, Estonia and Greece).
2017 is 100th anniversary of the first occasion the United States intervened in one of Europe’s wars. The region’s security is a matter of American security, and it means continued and close engagement in Europe and a continuation of the strong leadership that America has given NATO from the start.
Invest In YourSelf First!!

Only We Can Change our Life, No one Else Do it For Us

cracked rear viewer

Fresh takes on retro pop culture

The New Pork Grimes

Satirical, Weird, Funny News and Opinion.

Marta Felipe

Semeando Amor...

My Fantasy World

-- Jalpa Makwana

%d bloggers like this: