Monday, 29th September 2008 - 18:57CET
Police still making arrests in MITTS hacking investigation
IT Minister Austin Gatt said this evening that the police were still making arrests as part of their investigations into at attack on the government e-mails system at MITTS.
He told Parliament that the investigation was still going on "at full swing, 24 hours a day" and all available resources had been deployed just on this case.
The minister was reacting to a motion moved by Opposition leader Charles Mangion who demanded an emergency debate and a detailed government explanation on hacking of government systems at MITTS.
He said the people needed to be given assurances that everything was being done following the hacking.
It was unacceptable that passwords had been leaked and the people needed an assurance of privacy and security, more so since the government systems included highly confidential information, even on matters of taxation.
He said that many people, including government MPs, were now reluctant to use the government e-mail system.
Dr Gatt in his reply said that it was far too early to hold such a debate because investigations were still in full swing and he could not, therefore, speak as openly as he would like.
He said that this attack took place three weeks ago and the necessary counter-action had been taken. The police were going through hours of logs and he did not wish to say anything which could harm their investigations.
Dr Gatt said the system that had been attacked had nothing to do with the e-government system.
He said he would be happy to have Parliament debate the issue once investigations were complete and he could speak openly.
Speaker Louis Galea refused the Opposition's request.
RSS
Comments
Thanks for the explanation because for someone like us its something simple but others may find it difficult to understand how it works.
However if you succeed in using the Maltese eid for encrypting emails then please let me know because as Stefan Engelbert said, the encryption attribute is missing and as far as I know you cannot use the current maltese e-id to encrypt emails but only for signing.
Kind Regards
Kevin
Unfortunatly I have to agree to what you said. The encryption attribute is in fact missing in the maltese e-ID so that most common applicatins will not accept that certificate for encrypion. I must have missed that since usually I use another certificate for encryption. If you register on http://pki.aloaha.com you get a signature and encryption certificate for free.
Kind Regards
Stefan Engelbert
I am not familiar with the 'Maltese e-ID', however, I do know something about public/private key encryption. It works like this:
Someone signs their own email with their private key. You receive the email and verify it against their public key. If you wish to send an email encrypted, you use their public key (the one you just used to verify their signature) to encrypt and then send. The recipient then decrypts with their private key. Additionally, you may encrypt with their public key *and* sign with your private key. This works with digital certificates and PGP/GPG technologies.
So if you have the ability to sign emails using something like PKI, you can also encrypt to obfuscate emails.
Just for information till now the maltese e-id can be used only for signing emails and not for encrypting them.
Technically there is a difference between the 2. When one signs a message, then recipient can verify that the message originated from the sender while when one encrypts a message, only the recipients with an appropriate private key can decrypt the message. So by just signing (like with the Maltese e-id), nothing will be encrypted and message still will be send in plain text.
Thanks
For once I have to agree with the minister. It's prudent not to talk while investigations are going on in this case. Also, this things DO NOT JUST HAPPEN IN MALTA. In the past year, the UK goverment has been losing all kind of records, social security numbers, details of prisoners ... just google it!
a data leak is definetly very serious. Unfortunatly such leaks happen everywhere in the world and not only in Malta (joe cachia).
If someone writes for an example an email it is like writing a postcard so every system administrator could read such a mail. The user who sends the email should just make sure to encrypt the email. Every common email client supports encryption so it is a bit careless not to encrypt a mail.
Just apply for the maltese e-ID and use the certificate to encrypt the mail and nobody can read or leak it anymore.
This security idea has to be expanded and be inclusive of the MLP because Malta does have enemies.