1177 Vårdguiden is now facing a big informationssäkerhetskris after Computer Sweden been able to reveal to a subcontractor, Voice Integrate Nordic AB, stored million calls to the service on a server that anyone can access from their web browser. According to Voice Integrates ceo Tommy Ekström to what prompted the situation to be that you accidentally have accidentally plugging in a server meant for internal use against the entire internet.
– It was connected to the internet. We don’t know when it happened, but it is likely that any during the a update simply put a internetsladd in the hard drive. Then it got an ip address, and then it was free. Ordinary people could not handle it, but those who can such as this could make some sort of special kommandorörelse and slip in through the back door, said, Tommy Ekström to DN on Monday.
from the Voice integrate as Computer Sweden published on the site Documentcloud on Tuesday, to the specific server have been used for the storage of call since 2016. A total of 55 calls, according to the company have been downloaded, all in February 2019. Who downloaded the talks is still unknown.
Despite the fact that Voice integrate mean that you are only able to access the server the ”back door”, via the to know the specific ip address, so the server agreed to reach the basis with the domain name that the specific computer had on the network, nas.applion.see. Such a so-called DNS-record must usually be added manually.
the Server’s content is 13 september 2016. Photo: screen-shot/Shodan
DN:s review shows that a server that is accessible on the nas.applion.see been available on the internet since at least February 2016, and possibly earlier, what was on it is unknown. According to data first produced by Martin Millnert, president of the company Brainmill working in the critical IT infrastructure, and also DN developed to be a folder with the name ”medicall”, the same name as the folder the talks existed, has existed on the server, as early as september 2016. It is not possible with certainty to say that the conversations existed on the server already. However it is possible to establish that a folder with the same name existed on the server so early.
” Already in 2012, you can see that they installed a so-called PTR-pointer on the server where they selected an ip address and given it a name. Then they have probably poured into this data later, ” says Martin Millnert to DN.
On Voice Integrates web page was claimed earlier on Wednesday that the Authority for civil contingencies agency (MSB) should have double checked that the company’s ”network of high security”, something the agency later had to go out in public and deny. The fake, the wording is now removed from the web page.
the DN looking for Tommy Ekström.