The Swedish administration is leaking its secret intranet and databases to Russia, via its Transport Agency, via the IBM cloud, via IBM’s subcontractor NCR (formerly AT&T) in Serbia, which is a close Russian military ally. Giving staff in Serbia administrative access to these networks practically guarantees that Russia also has access to the network. The European Union’s secure STESTA network is also connected to the leaked intranet. But this is not about geopolitics and who’s allied with whom, but about how an administration tries to quiet down and gloss over an apocalyptically stupid and monstrously damaging data leak.
Yesterday on this site, we told the story of the Swedish Transport Agency leaking pretty much every classified database to foreign operators, and how the responsible Director-General was docked half a month’s paycheck as punishment. It is not just a monumental boneheadedness from this agency, but also from the government in charge, who still don’t get the severity of the situation.
Let’s go back a bit. In late 2016, the name “Egor Putilov” was all over Swedish media. The name belongs to a Russian-born businessman, and the fear of having somebody Russian-born even come into contact with Swedish security administration sent shivers through the Swedish media landscape (Newsweek). It was something the Swedish mainstream media kept repeating over, and over, and over again. At this time, the Swedish administration had already known for six months that a key Swedish agency was leaking Swedish and European classified networks wholesale directly to Russia, which is arguably a much worse scenario than having somebody Russian-born be employed by a Member of Parliament, and yet said nothing and did nothing. It would take another full year and a media storm to start unraveling the most damaging military and civilian leak in Sweden’s modern history.