Saturday, February 20, 2010

Cyberactivists obtain Latvian State Revenue Service data

A purported group of cyberactivists has obtained around 7.4 million records from a database linked to the web-based service for filing income tax returns and other information with Latvia's State Revenue Service (Valsts Ieņēmuma dienests/VID). According to Latvian Television's investigative program DeFacto, at least 1000 state and municipal agencies and companies had their data copied, including the Postal Service
The leak or defect in the Electronic Declaration System (EDS) had been present for several months, allowing the cyberactivists, who call themselves the Fourth Awakening People's Army (Ceturtās Atmodas Tautas Armija/4.ATA). The name refers to times in Latvian history when there were historic changes in Latvia's national consciousness, the first "Atmoda" being the formation of a national awareness in the 1850s, followed by more radical social and political movements in the late 1800s, the founding of the first independent Latvian state in 1918, and the movement to regain independence starting in the late 1980s. More information here.
According to 4.ATA spokesperson Neo, who has electronically chatted with some journalists and recently opened a Twitter account, the group hopes to expose government waste, unjust wage differentials and possible corruption by analyzing data filed by state agencies and public sector. It has already published, using online file storage and sharing sites, a sanitized list of salaries and other remuneration for what is said to be the Riga public transport agency Rīgas Satiksme(RS).
Public transport costs have risen recently and the transport company has announced it wants to limit the number of trips that can be made on a full-price "unlimited" monthly ticket. This has caused public outrage. The figures seem to indicated that top management of RS make four-figure salaries with some, apparently retiring or dismissed board members, getting one-off compensation payments of LVL 25 000 (USD 50 000).
Neo also announced that data from the Riga District Heating company Rīgas Siltums would soon be released.
The leaks from the Revenue Service had caused a public uproar with all parties -- the Revenue Service, the designers of the EDS system, data security auditors and others blaming each other. Apparently several audits and tests of the system, which was designed and implemented by Exigen Services failed to notice the defect that allowed copying of the EDS data base with very simple methods.
Apparently, the site did not need to be "hacked", leading to a bizarre excuse by the Revenue Service that what happened was not a "cybercrime" as defined by existing protocol, therefore it did not officially call Latvia's Computer Security Incidents Response Unit (Datoru drošības incidentu reaģēšanas vienība), but did make an anonymous phone call to the agency, only to be told to call the police.
According to this blogger's sources, VID was warned of generally poor data security practices at the agency, but top management never coped with the issue, saying it was a matter for " the IT department". The agency is also said to keep its back-up data base in the same building as its main servers, though, when asked, it said, in general terms, that its IT resources were " dispersed". According to one source, the main server room of the Revenue Service is near the entrance to its offices and more exposed to intrusion than if it were at the end of a back-hallway.
IT security circles in Latvia hope this will be the cyber-security "killer incident" that will finally raise awareness of the need to make security policy an executive level concern. At the same time, it appears that the already compromised data will be used by 4.ATA to discredit the political and economic elite in Latvia during an election year.
4.ATA say they are based in Britain and Ireland and thereby harder for Latvian authorities to pinpoint and capture, if located.

Tuesday, February 16, 2010

TeliaSonera honcho Kenneth Karlberg speaks

About a week ago, I was in Stockholm and had a chance to sit down for a video interview with Kenneth Karlberg, the head of TeliaSonera's Mobility unit and still (after all these years) the main man in talks with the Latvian government about privatizing the rest of Lattelecom and mobile operator LMT. Kenneth also talked about 4G and how things would be better for Estonia's Elion, now that it is 100 % owned by the Swedish group.

Thursday, February 04, 2010

Latvia officially launches digital terrestrial TV

After broadcasting under test conditions since late December (in Riga since last summer), digital terrestrial TV was launched as a commercial-quality service in Latvia. Free-to-air and pay channels are being packaged by fixed-network telco Lattelecom, while the new digital network has been set up and operated by the Latvian State Radio and Television Center (LVRTC). Latvia's analog broadcast network will be shut down in two steps -- in Riga and environs (a roughly 70 km radius) on April 1, and on June 1 in the rest of the country.
At a press conference, Lattelecom CEO Juris Gulbis also announced that digital terrestrial paid channels would be available as a pre-paid service that could be filled up at Narvesen or Plus Punkts kiosks, on the internet and later, at large supermarket chains (negotiations are still in progress). To watch pre-paid digital broadcast TV, customers can buy a starter kit for LVL 44.50, which includes a decoder and smart card to be activated by a code purchased by buying credit for the length of time and program packet one wants to watch. The model is similar to that for prepaid mobile services, where once the customer has a SIM card (in this case, the decoder smart card), all that is needed is to top-off the available credit.
Gulbis said that he estimates more than 50 000 households are already watching digital terrestrial TV, of which 21 000 have subscribed to paid services. Public television Latvijas televizija's two channels, and commercial broadcasters LNT and TV 5 will be part of the free-to-air offering. Swedish Modern Times Group (MTG) owned TV3 has been a hold-out, saying it intends to continue broadcasting on the analog network at least until the end of this year. The LVRTC has indicated it will simply cut off service to TV3, since it is unreasonable to expect the company to pay the full cost of the entire analog network, which is estimated around LVL 2 million.
Kaspars Ozoliņš, who heads MTG's television operations in the Baltics, says the Lattelecom-LVRTC project's costs for broadcasters are excessive compared to neighboring Estonia and Lithuania, where digitalization is further advanced. There have been hints that the stand-off could end in litigation, though Ozoliņš insists he is defending the interests of low-income viewers and trying to save money for program production, rather than paying broadcasting costs.