"Hardly possible"?
Bad translation. Correct translation for "Es ist für den Täter kaum möglich" would be:
"It is virtually impossible for the perpetrator"
A hack on a Vodafone Germany server has exposed the personal details – including banking information – of two million of its customers. Hackers accessed names, addresses, bank account numbers and dates of birth. Phone numbers, credit card details and passwords are thought to be safe, but the leaked information is still pretty …
Leider ist is nicht moeglich, alle deutsche uebersetzungen zu lesen.
Korrigieren Sie! - - Of course it's not. It's the same for all languages, exact one-for-one translations are often impossible to translate exactly. Good translation is the art of using words both effectively and sparingly so native speakers interpret meanings as is best possible. Here, the translation is completely clear enough.
--
...Back to the article, this is big and significant attack on an institution whose members (account holders) represent a broad cross section of the community. Phishing such data could reveal all sorts of significant results. Politicians, employees of state security organizations, government and corporate etc. are the types of user accounts to be found here.
In the light of NSA and GCHQ security revelations, and if telco accounts can be hacked by 'amateurs' (i.e.: non-state operatives), then this is another (and increasingly common) instance of a high profile security violation, and it doesn't bode well for internet users generally.
I'm just a bit-player with bugger-all info that's useful to anyone other than me. Nevertheless, in recent months, it's become very clear to me that those who've significant and valuable information in cyberspace should consider removing it.
If customer/user data cannot be secured on Vodafone—one of the largest telcos (and one of the really large companies in the world)—a company that ought to have all the security resources it needs to secure user data, then seemingly there's no real guarantee that it can be secured truly safely anywhere else on the net.
Perhaps, for the time being anyway, we have to assume that the internet can only be used for securing medium-to low grade data. In recent years, there have been just too many other similar examples of security violations by both cyber criminals and governments to think otherwise.
Re: "It is hardly possible to use the data to get directly access to the bank accounts of those affected"
Say the people who need you to believe that, especially if it is not true. This would not even be a discussion if they had not been wrong the last time they made a security estimate. Hmmmm.
On the Beeb news site:
A suspect has now been identified and his home searched, said Vodafone, which meant it could now talk about the incident and inform the two million victims. In total, Vodafone Germany has about 36 million mobile customers.
"This attack could only be carried out with high criminal intent and insider knowledge and was launched deep inside the IT infrastructure of the company," said the operator
Basically an employee inside the company copied the data onto a USB key and walked out with it. Calling it a hack is just Vodafails way of trying to convince people that they actually had some security on there systems.
I presume that Deutchland has an equivalent to the Data Protection Act.
That's the UK legislation whereby an organisation *cough* Glasgow Council/MoD *cough* (int. al.) gets some bad press and a bit of a fine that tax payers get to pay for losing huge wodges of data on kiddies or Top Secret thingies.
Data Loss Prevention is not impossible but generally tricky. Part of it can be automated: encryption of all systems, USB n stuff control etc but it also needs administering and also a corp/org policy.
Those bloody annoying policy things and auditors are there for a reason (if they exist) but an org that has no real financial or other implication of failing to comply with something like a DPA wont bother. It's a simple commercial decision compounded with ignorance.
This is doubly amusing from a firm that _provides_ internet access for millions of folk via their phones.
Cheers
Jon
"it is either possible or impossible there should be no grey areas."
That's what risk assessments are all about. Balancing cost against risk. Make as hard as possible up to a financial limit based on the value of the data. "Impossible" in data security in not achievable but the closer you get, the more costly it is and that's pretty much an exponential curve.
"other countries were not affected". And howTF would Voda Germany know about the status of servers in other countries anyway? Since when has Germany taken over the EU, lol?
It turns out this is not the first time that Vodaphone have been seriously deep pwned. Here: http://www.theregister.co.uk/2007/07/11/greek_mobile_wiretap_latest/
Fingers in the security budget again?