Dutch IT journalist uncovers security fault

3rd August 2011, Comments 0 comments

The online DigiD system used by people in the Netherlands to log-in to government websites is unsafe. According to IT journalist Brenno Winter, the system has a number of weaknesses that may make personal data available to criminals.

Winter calls the DigiD system outdated because it delivers activation codes via postal mail and allows users to log-in with their own usernames and passwords. This is particularly worrying as many use the system to digitally file tax returns.

“Criminals can change your account number and your tax refund request,” Winter told NOS News, suggesting criminals can fish through the mail and steal activation letters then simply log-in to a user’s account and change their information. 

Indeed, fraud cases have recently come to light in the Netherlands where child care benefits and housing and healthcare allowances have been transferred into wrong accounts.

To boost DigiD security, Winter says the government should send activation letters by registered mail. Additionally, special security codes should be used for government transactions, making it harder for criminals to hack.

Winters earned a reputation for himself in the Netherlands and abroad after he discovered security flaws with the Dutch public transport payment system OV Cards. He is currently facing legal action and a possible six years in prison from transport companies who say he willingly manipulated the card’s value storage system.

© Radio Netherlands Worldwide

0 Comments To This Article