They are going to end up killing the very people they wanted to help. Online Atrocity Database Exposed Thousands of Vulnerable People in Congo
If you don't understand security, then don't use the words "data" and "internet" in the same sentence.
Kivu Security Tracker (KST) was a database of atrocities in the Congo, and the victims involved. Someone - with NO understanding of security - thought it would be great to put the database on the internet.
This isn't a list of favorite songs, this is a list of people working against criminals in one of the worst places in the world. In short this list is likely to put people's lives at risk. And it was on the internet with exactly no security.
But the KST’s lax security protocols appear to have accidentally doxxed up to 8,000 people, including activists, sexual assault survivors, United Nations staff, Congolese government officials, local journalists, and victims of attacks, an Intercept analysis found. Hundreds of documents — including 165 spreadsheets — that were on a public server contained the names, locations, phone numbers, and organizational affiliations of those sources, as well as sensitive information about some 17,000 “security incidents,” such as mass killings, torture, and attacks on peaceful protesters.
The data was available via KST’s main website, and anyone with an internet connection could access it. The information appears to have been publicly available on the internet for more than four years.
The person who did this should be charged with crime. The person who did this should be made an example of so that no one else with boneheaded ideas of security and delusions of granduer would ever do something similar again. Is criminally stupid a thing? There is no excuse for something like this in 2023.
While a lot of the article is about finger pointing "We hired XYZ, Inc. to build the system!" to running for the exits, and running from responsibility.
This isn't the first time charitable organizations, with no appreciation of security, have screwed up.
Experts have been sounding the alarm about the dangers of humanitarian data leaks for years. “Critical incidents – such as breaches of platforms and networks, weaponisation of humanitarian data to aid attacks on vulnerable populations, and exploitation of humanitarian systems against responders and beneficiaries – may already be occurring and causing grievous harm without public accountability,” wrote a trio of researchers from the Signal Program on Human Security and Technology at the Harvard Humanitarian Initiative in 2017, the same year the KST was launched.
There were 157 “cyber incidents” impacting this sector of the not-for-profit sector between July 2020 and June 2022. And in a lot of cases the NGOs working in conflict zones are basically lying to people to get them to hand over their information. Which is not a good look.
The hat tip goes to Pixy Misa at Ambient Irony - Daily News Stuff 18 November 2023: Stage Left Pursued By A Boar Edition
An online atrocity database got hacked and leaked the personal details of the victims of said atrocities. (The Intercept)
Who thought this was a good idea?
So if you think you're doing more good in the world than bad, are you sure? I'm sure the people who put this database on the internet thought they were helping.
No comments:
Post a Comment
Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.
Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.