News that three MITTS employees attempted to hack the central server of the Malta Information Technology & Training Services – with what success we do not know – is to say the least worrying.
Equally worrying was the government’s reaction, which as usual appeared to be motivated by a desire to minimise and even distort the nature of the occurrence.
In Parliament this week, IT minister Austin Gatt accused former Labour leader Alfred Sant of “spinning” the story through this newspaper. But his own statement was itself a masterpiece of political spin: seeking to divert attention from a devastating security failure which would, in other countries, have certainly led to high level resignations.
More significantly, however, from the IT minister’s own revelations it transpires that the situation is far, far more serious than our initial story suggested.
Dr Gatt told the House that on 4 September, the MITTS server was found to have been infiltrated by an unauthorised programme capable of extracting all the information it contained. Consequently, the usernames and passwords of 20,000 MITTS clients had been compromised; and although initial investigations ruled out any possibility of success, later that same month (26 September) the MITTS executive management revised their position, and started acting on the assumption that the hacking attempt had in fact succeeded.
As things stand, all the insecure passwords were changed on a single day: 11 September. In other words, the hackers had some seven days in which to possibly access any government email account they deemed fit.
This includes not just those of Labour MPs Alfred Sant, George Vella and Anglu Farrugia – the alleged “targets” identified by MaltaToday’s initial story – but also the remaining 69 members of parliament, all government employees, and every single member of the judiciary.
Far from setting the country’s mind at rest, Gatt succeeded in driving home the point that the situation was nothing short of a national security emergency. And once again – as in all cases which could embarrass the present administration – government mobilised its forces in an apparent attempt to limit the damage.
In a knee-jerk reaction, Gatt described the MaltaToday story as a “pack of lies” – a comment he may wish to revisit, after his own revelations this week. More worryingly, the Commissioner of Police himself intervened on cue to prevent Dr Gatt from commenting on an issue of vital national interest: claiming he would prejudice the outcome of the ongoing police inquiry.
Likewise, the Speaker of the House, Dr Louis Galea, cited the police investigation as the reason to overrule Dr Charles Mangion’s request for a motion to be heard with urgency. Ironically, however, Dr Gatt now claims that the police investigation was not into the same allegations over which the motion was originally submitted: a fact which makes a mockery of the same minister’s previous claims.
One is inclined to agree with Dr Alfred Sant when he told this newspaper that the situation is “unacceptable”. One can hardly imagine a single European member state in which the government would refuse to divulge any information whatsoever, when its own central nervous system – privy to such highly sensitive information – was being investigated on suspicions of hacking.
But instead, Malta’s government had to be pressured into releasing information; in fact, it is clear from unfolding events that had the media not probed the incident to begin with, nothing would have come out at all.
And even when information was forthcoming, it appeared to be slanted specifically to deflect any accusations levelled at either government or MITTS.
“I think it is obvious that the case I am talking about is neither hacking nor has it been directed at any person in particular,” he said; but in this, Dr Gatt may require correction.
Any attempt to break into a network server using computer software is by definition a case of “hacking”. More serious, however, was the Minister’s subsequent revelation, that “the software used was one that can be downloaded for free from the Internet and is easily installed and operated – therefore there was no particular sophistication. These conclusions obviously laid everyone’s mind at rest.”
It is interesting to note that Dr Gatt was reassured by the ease with which amateur hackers, operating a programme obtainable by any child with an Internet connection, managed to break into a system containing 20,000 government email usernames and passwords.
Quite frankly, this is far from reassuring. It reveals the ineptitude of the security systems currently in place at MITTS. It betrays a laissez-faire attitude which is little short of astonishing, given the sensitivity of the issue at stake. Above all, it shows that – far from the “Smart Island” concept the government tried to impart before the election – we remain an essentially amateur country in the one area that the same government has (correctly) identified as the future of our economic prosperity.
Exactly how Dr Austin Gatt, or indeed anyone, can find this comforting is anyone’s guess.
PRINT THIS ARTICLE
