Dutch IT journalist uncovers security flaw

3rd August 2011, Comments 0 comments

The online DigiD system used by people in the Netherlands to log in to government websites is unsafe. According to IT journalist Brenno de Winter, the system has a number of weaknesses that may make personal data available to criminals.

De Winter calls the DigiD system 'outdated' because it delivers activation codes via postal mail and allows users to log in with their own usernames and passwords. This is particularly worrying as many people use the system to file their annual tax returns digitally.

“Criminals can change your account number and your tax refund request,” Winter told public broadcaster NOS, suggesting that criminals can fish through the mail and steal activation letters, then simply log in to a user’s account and change the information. 

Indeed, fraud cases have recently come to light in the Netherlands where child care benefits and housing and healthcare allowances have been transferred into the wrong accounts.

Facing prison To boost DigiD security, De Winter says the government should send activation letters by registered mail. Additionally, special security codes should be used for government transactions, making it harder for criminals to hack them.

Winters earned a reputation for himself in the Netherlands and abroad after he discovered security flaws in the Dutch public transport payment system, the OV chip card. He is currently facing legal action from transport companies and a possible six years in prison following accusations that he deliberately tampered with the card’s credit storage system.

© Radio Netherlands Worldwide

0 Comments To This Article