Analytics exec nicked as Ecuador tries to rush through privacy laws after massive data leak The head of Novaestrat, the data analytics company at the centre of the huge leak revealed on Monday involving personal information about more than 20 million Ecuadorian citizens, has been taken into custody. Once the leak was made known, the country's federal authorities announced a formal investigation. Within hours, local …
... to a consultant working from a home office
Obviously, they've been reading these forums. Every time the UK gov announces some overpriced, badly organised IT cockup, there seems always to be someone who posts, not entirely implausibly saying "Even I could do better than that, ...".
So, after acknowledging the high standard of skills in the Registerial Commenteriat, they found the commentard nearest Ecuador, and offered him the job. :-)
"It also remains unclear why Ecuador's government would entrust personal data for its entire population to a consultant working from a home office"
If I had to guess, I'd say it's because owning an office building/complex doesn't make you qualified to perform any tasks. That's some serious Boomer logic.
Didn't realize security was a function of the type of office space, and that it was not possible to secure a computer, network, or location in a home office with one occupant rather than in an "regular" office with, presumably, others around. Especially others around with keys and "permission" to be in the building.
Oh, wait, it's totally possible to secure data, networks, and locations (as much as some operating systems might allow, anyway) in any office, assuming the person in question wants to and knows how, or knows someone who knows how. It's also possible to completely cock up the security, as we've seen from multiple leaks from multiple sources over the years. Very few of which we from a home office. For that matter, even someone in a home office can use cloud containers and remote storage solutions should they decide to do so, which has its own set of security challenges of course.
I'm pretty sure if foreign intelligence agencies or some criminal organisation were interested in this data then they would head for the home address. I'm also pretty sure that if there's inside corruption involved then it's probably easier to keep tabs on it at the office (CCTV, checking for employees e.g. bringing memory sticks in, lockers to hold mobile phones).
It also remains unclear why Ecuador's government would entrust personal data for its entire population to a consultant working from a home office. It's the gig economy gone mad.
And why not? How many times does someone visit another's office these days? Back in the early 1990s, the CEO of the OEM where I worked went to Nevada to visit the "office" of a consulting company. Turns out, it was the guy's home, and at 9am the fellow was still in his bath robe and had just gotten out of the shower.
So I can see that the fellow in question had been visiting the government offices while wearing a suit, and had probably been handed the initial data set on a USB stick. Then he set up services, etc., and by the time anyone realized that there's no normal office, they just shrugged and went with it.
And really, does the lease of a "normal" office preclude spaffing unprotected data to world + dog?
Is that really any different from the NSA consultant working with a cracked version of Office and transporting countless secret documents on the same computer ? That idiot couldn't even be arsed to pay for Office, no wonder he got pwned. Yes, Office is not cheap, but if you're your own business, it's tax deductible.
If you want security and professionalism, you have to be ready to pay for it. A proper, professional server structure costs money, so stop taking the cheapest offers you find.
You get what you pay for.
'It also remains unclear why Ecuador's government would entrust personal data for its entire population to a consultant working from a home office. It's the gig economy gone mad. ®'
Home office in the country or servers in the US?
I'm just guessing here but I expect that the one in the US has had more eyes on it than the one in his closet / basement / spare room / server room.
If you follow proper data handling procedures, you have much less risk with a home than a rented office building. A home is going to have a very small number of people coming and going and even fewer people with access to the systems.
Including myself, only three people have access to my home, and I know them extremely well. I do my work in a dedicated home office that has its door closed at all times (mostly for keeping the temperature consistent), and to get to it, you have to pass through my bedroom. While, with the office my employer issued me, there are literally hundreds of other people that have access to it in addition the dozens of cleaning and maintenance staff.
On the networking level, my office has its own Internet connection, which goes through a firewall that allows nothing in and does a lot of filtering on stuff going out. I can verify my network hasn't been tampered with since its a very basic layout with each of the 4 computers in that room being connected right to the backside of the firewall / router. Since its all my own traffic, there is very little that needs to be allowed, and I can heavily filter the stuff that is allowed. While my workplace network has to deal with everyone's traffic, devices being added and removed on a daily basis, not to mention how permissive the network needs to be to handle the wide variety of needs for the other projects operating. And I don't have to worry about some PHB downloading a bit of malware and infecting the whole network.
> I do my work in a dedicated home office that has its door closed at all times (mostly for keeping the temperature consistent), and to get to it, you have to pass through my bedroom.
Sounds like potentially reasonable remote access security (firewalling, etc), but completely shit physical security.
Hope you're not working with national gov level sensitive data.
Fortunately, this won't really affect Ecuadorians as it would in other countries. You can get your neighbors cedula (government id ) number, birthdate etc from pretty much anywhere like the electric or water company website by putting in their address to see their electric bill. You can't get a credit card, loan, etc in Ecuador online. You have to go in person, with your cedula, most of the time you have to go to a notary public, and your signature exactly as it is on your cedula. I don't really see this being a huge deal and neither do any of my Ecuadorian friends or relatives.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
