Census takers use an app with vulnerabilities. (Photo: Fernando de la Orden)
The 2022 Census had some problems. Not only because the citizen’s part is not registered, but also because of serious computer security problems Digital version, sponsored by Marco Lavagna, head of Indec. Some of the errors in this design, which revealed a lack of testing or poor auditing, had an impact on Personal information of people who choose this method to register. And that, according to official data, is more than 50% of the total.
The first serious problem was seen two months ago, in March of this year. Previously, Cristian Borghello, an IT security expert, warned Clarion to email those registered online, the system allows to know the domicile of the census.
“For citizens, this indicates a serious problem because it means that anyone can access the data and, with it, a criminal can direct and perfect any form of theft, fraud, scam or identity theft. This data is supposed to be protected but the State has already shown that it cannot do so and, assuming they do, why should providers and those who access (with permission) the data be trusted?
This problem flooded social networks this past weekend, when systems administrator and computer expert Javier Smaldone slammed it on Twitter: “What it allows is that anyone, knows the email of someone who has completed online census, knows home. Imagine someone hiding with a stalker, for example. He fills out the census, the stalker puts the mail in and can find out where he lives, “he hypothesized.
The scenario proposed by Smaldone shows a consistent treatment of citizens ’personal data: it is worth remembering that in 2020 the National Directorate of Migration suffered a hack and data leak, and in 2021 the Renaper had unauthorized access to published personal data, including photos of citizen documents (one of the most sensitive points to data theft) to be sold on the sites of darkweb.
By placing an email from a census on the page, the site presented personal information. Kunan: Javier Smaldone
“This is a major weakness of the design error. It shows that the audits -if they’re done- they didn’t do well, but there wasn’t, throughout the process of developing this tool, a security team looking into the issue. Now it is not enough to develop software and audit it: IT security requirements need to be there from the very beginning, ”Smaldone added.
Clarion confirmed to INDEC that one of the companies that audited the system was Ernst and Youngrepresented by Pistrelli, Henry Martin and Assoc.
This problem was “corrected” on Monday, two days before the census. Surprisingly, at a press conference, Marco Lavagna assured that this is “not a weakness”but the information is deliberately displayed on the website.
In response to a question from Clarín (Irene Hartmann), the head of Indec explained that due to reports that emails did not reach users, the entity decided to display users ’personal data on the page.
The app takes the census, weak
“);}} var currDuration = $ (‘#’ + currId + ‘.jw-text-countdown’)[0].textContent; $ (‘#’ + currId + ‘.jw-title-secondary p’). text (currDuration); }} if ($ (“#embeb_9rlKYmPk”). children (). length> 0) {setTitle (“embeb_9rlKYmPk”); } else {jwplayer (“embeb_9rlKYmPk”). on (‘ready’, function (event) {setTitle (“embeb_9rlKYmPk”); ns_.StreamingAnalytics.JWPlayer (jwplayer (“embeb_9rlKYmPk”) “, {6Id:}” );} jwplayer (“embeb_9rlKYmPk”). on (‘pause’, function (event) {var passId = “embeb_9rlKYmPk”; var site = “clarin”; if (site == ‘clarin’) {if ($ (‘ #customTitleFor ‘ + passId) .length == 0) {var title = jwplayer (“embeb_9rlKYmPk”). getPlaylist ()[0].title; // $ ($ (“#” + passId + “.genoaPlayerV3 .vjs-overlay.vjs-overlay-top.vjs-overlay-background”)). addClass (‘disabled’); $ (“#” + passId) .append (“
” + title +”
“); $ (“#customTitleFor ” + passId) .attr (‘style’, ‘display: block’); $ (“#” + passId +” .jw-media “). addClass (‘degraded’);} else {var curTitle = $ (“#customTitleFor” + passId)[0].textContent; var newTitle = jwplayer (“embeb_9rlKYmPk”). getPlaylist ()[0].title; if (newTitle! = curTitle) {$ (“#customTitleFor” + passId) .text (newTitle); } $ (“#customTitleFor” + passId) .attr (‘style’, ‘display: block’); $ (“#” + passId + “.jw-media”). addClass (‘degraded’); } // $ (“#” + passId + “.jw-controlbar”). addClass (‘disabled’); $ (“#” + passId + “.jw-svg-icon-play”). css (“display”, “block”); $ (“#” + passId + “.jw-svg-icon-pause”). css (“display”, “none”); } else {$ (“#” + passId + “.jw-media”). addClass (‘degraded’); $ (“#” + passId + “.jw-title”). css (‘display’, ‘block’); $ (“#” + passId + “.jw-controlbar”). css (‘display’, ‘none’); $ (“#” + passId + “.jw-display”). css (‘display’, ‘flex’); $ (“#” + passId + “.jw-display-icon-rewind”). css (‘display’, ‘none’); $ (“#” + passId + “.jw-display-icon-next”). css (‘display’, ‘none’); } sendData (jwplayer (“embeb_9rlKYmPk”). getPlaylist (), ‘pause’); }); jwplayer (“embeb_9rlKYmPk”). on (‘play’, function (event) {var passId = “embeb_9rlKYmPk”; var site = “clarin”; if (site == ‘clarin’) {if ($ (‘#customTitleFor’ + passId) .length! = 0) {$ (“#customTitleFor” + passId) .attr (‘style’, ‘display: none’); $ (“#” + passId + “.jw-media”). removeClass (‘degraded’);} // $ (“#” + passId + “.jw-controlbar”). removeClass (‘disabled’); $ (“#” + passId + “.jw-svg-icon-play” ) .css (“display”, “none”); $ (“#” + passId + “.jw-svg-icon-pause”). css (“display”, “block”);} else {$ (” #” + passId +” .jw-media “). removeClass (‘degraded’); $ (“#” + passId +” .jw-title “). css (‘display’, ‘none’); $ (” #” + passId +” .jw-controlbar “). css (‘display’, ‘block’); $ (“#” + passId +” .jw-display “). css (‘display’, ‘flex’) ; $ (“#” + passId + “.jw-display-icon-rewind”). css (‘display’, ‘none’); $ (“#” + passId + “.jw-display-icon-next” ) .css (‘display’, ‘none’);} sendData (jwplayer (“embeb_9rlKYmPk”). getPlaylist (), ‘resume’);}); jwplayer (“embeb_9rlKYmPk”). on (‘firstFrame’, function (event) {sendData (jwplayer (“embeb_9rlKYmPk”). getPlaylist (), ‘start’);}); jwplayer (“embeb_9rlKYmPk”). on (‘complete’, function (event) {sendData (jwplayer (“embeb_9rlKYmPk”). getPlaylist (), ‘complete’);}); jwplayer (“embeb_9rlKYmPk”). on (‘adStarted’, function (event) {sendData (jwplayer (“embeb_9rlKYmPk”). getPlaylist (), ‘adstart’);}); jwplayer (“embeb_9rlKYmPk”). on (‘adPlay’, function (event) {sendData (jwplayer (“embeb_9rlKYmPk”). getPlaylist (), ‘adplay’);}); jwplayer (“embeb_9rlKYmPk”). on (‘adPause’, function (event) {sendData (jwplayer (“embeb_9rlKYmPk”). getPlaylist (), ‘adpause’);}); jwplayer (“embeb_9rlKYmPk”). on (‘adComplete’, function (event) {sendData (jwplayer (“embeb_9rlKYmPk”). getPlaylist (), ‘adcomplete’);});
Source: Clarin
