MercoPress. South Atlantic News Agency

Hacker posts on blog info on six million Chileans

A hacker posted the personal information of six million Chileans on a popular tech blog last weekend revealing the names, addresses, national identity cards numbers, email addresses and social and academic background of nearly 40% of the country.

At 1:30 a.m. on Saturday, links were posted in a forum on the FayerWayer website by an anonymous user in a way that allowed all files and information to be downloaded. Within half an hour, FayerWayer's administrators realized that the links included sensitive information and removed them from the site. The administrators immediately contacted the cyber-crime brigade of the Investigations police. The files were later posted on another site, ElAntro.cl, a file-storing site, where they remained for another two hours before they were taken down. The files described the sources of the information – mostly from Chile's Education Ministry, the Electoral Service databases, and from the telephone registry, and how many people were included from each source. Personal data of 3,865,700 Chileans was logged into the voting registry and 1,288,878 files were taken from the Education Ministry, among others. The police are looking into the specifics of what law may have been broken, which is not as clear-cut as it might seem. "We're trying to get in contact with those in charge of the databases," said Jaime Jara of the cyber-crime unit. We can't venture a guess as to whether we are dealing with a crime, if no one responsibly tells us, 'Yes, they broke into our database'. If it is established that the information was stolen, it might be one of the biggest thefts in our history." According to Renato Jijena, a lawyer who specializes in database protection, the act of posting the information itself in this case is not a crime. "Legally-speaking, this data isn't sensitive, it isn't secret or private; so it's not a crime," said Jijena. "This doesn't excuse the hacker from punishment. The mere act of accessing a server without authorization is a crime." Still, Jijena said that the main responsibility lies with the law and public services. "If Chilean law could count on an entity dedicated to preventing and resolving such practices, if it decided that this "non-sensitive" data is relevant and not suitable for public access, if it made the unlawful access of personal information a crime, we would be much better prepared." The Electoral Service, for example, has been legally selling its databases of registered Chileans for two years. A message written by the author of the links that appeared upon opening the files said: "(The idea is) to show how badly protected Chile's data is…. Since no one bothers to protect this information, let's make it public for the whole world." The incapacity of the law and the slowness of government agencies in reacting to changes in data storage and protection are not limited to Chile. In an example of loose hands handling important information, a British government agency lost two discs in the mail containing the entire national database of the child benefit claimants in October, 2007. The discs had vital personal and financial details of 25 million Britons, exposing them all to possible fraud should the information fall into the wrong hands. The story kicked off a massive scandal in the country as those effected were infuriated and worried by how severely vulnerable they had been left by the government's bungling. The Santiago Times