Police still making arrests in MITTS hacking investigation
IT Minister Austin Gatt said this evening that the police were still making arrests as part of their investigations into at attack on the government e-mails system at MITTS.
He told Parliament that the investigation was still going on "at full swing, 24 hours a day" and all available resources had been deployed just on this case.
The minister was reacting to a motion moved by Opposition leader Charles Mangion who demanded an emergency debate and a detailed government explanation on hacking of government systems at MITTS.
He said the people needed to be given assurances that everything was being done following the hacking.
It was unacceptable that passwords had been leaked and the people needed an assurance of privacy and security, more so since the government systems included highly confidential information, even on matters of taxation.
He said that many people, including government MPs, were now reluctant to use the government e-mail system.
Dr Gatt in his reply said that it was far too early to hold such a debate because investigations were still in full swing and he could not, therefore, speak as openly as he would like.
He said that this attack took place three weeks ago and the necessary counter-action had been taken. The police were going through hours of logs and he did not wish to say anything which could harm their investigations.
Dr Gatt said the system that had been attacked had nothing to do with the e-government system.
He said he would be happy to have Parliament debate the issue once investigations were complete and he could speak openly.
Speaker Louis Galea refused the Opposition's request.
9 Comments
Post comment
Please sign in or create your Account to post comments.
Kevin Borg
Oct 2nd 2008, 10:47
@ Iain Sims
Thanks for the explanation because for someone like us its something simple but others may find it difficult to understand how it works.
However if you succeed in using the Maltese eid for encrypting emails then please let me know because as Stefan Engelbert said, the encryption attribute is missing and as far as I know you cannot use the current maltese e-id to encrypt emails but only for signing.
Kind Regards
Kevin
Stefan Engelbert
Oct 1st 2008, 19:38
@Kevin Borg
Unfortunatly I have to agree to what you said. The encryption attribute is in fact missing in the maltese e-ID so that most common applicatins will not accept that certificate for encrypion. I must have missed that since usually I use another certificate for encryption. If you register on http://pki.aloaha.com you get a signature and encryption certificate for free.
Kind Regards
Stefan Engelbert
Iain Sims
Oct 1st 2008, 15:13
@Kevin Borg
I am not familiar with the 'Maltese e-ID', however, I do know something about public/private key encryption. It works like this:
Someone signs their own email with their private key. You receive the email and verify it against their public key. If you wish to send an email encrypted, you use their public key (the one you just used to verify their signature) to encrypt and then send. The recipient then decrypts with their private key. Additionally, you may encrypt with their public key *and* sign with your private key. This works with digital certificates and PGP/GPG technologies.
So if you have the ability to sign emails using something like PKI, you can also encrypt to obfuscate emails.
Klaus Pedersen
Oct 1st 2008, 10:03
Read the first two paragraphs of this article again. What is wrong with this picture? Since when does an IT minister answer to parliament on the progress of an ongoing police investigation? Since the alleged wrongdoing has been going on under that minister, one would think that the same minister would be the last person to comment on the investigation. One would expect the minister in charge of police (Justice and Home Affairs?) to comment on the investigation, and the IT Ministry to cooperate, but otherwise sit back and wait for the result of the investigation.
Kevin Borg
Oct 1st 2008, 10:00
Sorry Mr. Engelbert but I feel I have to comment on the last line you wrote.
Just for information till now the maltese e-id can be used only for signing emails and not for encrypting them.
Technically there is a difference between the 2. When one signs a message, then recipient can verify that the message originated from the sender while when one encrypts a message, only the recipients with an appropriate private key can decrypt the message. So by just signing (like with the Maltese e-id), nothing will be encrypted and message still will be send in plain text.
Thanks
Michael Attard
Oct 1st 2008, 09:24
@Joe Cachia
For once I have to agree with the minister. It's prudent not to talk while investigations are going on in this case. Also, this things DO NOT JUST HAPPEN IN MALTA. In the past year, the UK goverment has been losing all kind of records, social security numbers, details of prisoners ... just google it!
Stefan Engelbert
Oct 1st 2008, 09:08
Hi,
a data leak is definetly very serious. Unfortunatly such leaks happen everywhere in the world and not only in Malta (joe cachia).
If someone writes for an example an email it is like writing a postcard so every system administrator could read such a mail. The user who sends the email should just make sure to encrypt the email. Every common email client supports encryption so it is a bit careless not to encrypt a mail.
Just apply for the maltese e-ID and use the certificate to encrypt the mail and nobody can read or leak it anymore.
joe cachia
Sep 30th 2008, 17:07
what a shame only in malta
Stephen Farrugia
Sep 29th 2008, 19:32
Dr Austin Gatt is 100% right about this and he must keep in mind the national security of the country, very well done. The spies must be found.
This security idea has to be expanded and be inclusive of the MLP because Malta does have enemies.