The Association of Dutch Municipalities, municipalities won’t require their sites to certain security requirements to meet. Last weekend proved a vulnerability fifty gemeentesites unsafe.
According to the VNG care to dozens of companies, the hosting of the Dutch municipalities. With the electronic service runs that number to ‘a few hundreds’. The organization take on short-term measures to the websites technical to check.
“Our priority is to inform the municipalities. Thursday is this matter discussed in the Second Room,” says spokesman Gjalt Rameijer opposite Tweakers.net. He does not exclude, however, the VNG later with guidelines. Previously published Govcert is a checklist for the security of web applications, but a verification is not enforced.
The sites of about fifty municipalities, proved last weekend, so poorly protected, that they suffer from the VNG offline had to be removed. Private data of both citizens and civil servants in the case. So could allegedly session information of DigiD be viewed, allowing attackers are as any other citizen could occur. Furthermore, it was a backup of the entire environment to be downloaded. Public services Logius and the Govcert have taken the precaution of a number of leaky sites for the time being the access to Digital services is denied.
A part of the websites turned out to be found at Gemeenteweb. This organization was responsible for the e-services for a number of affected municipalities, including Drimmelen and Nederlek. The municipality of Nederlek reports on her website that she “recently moved to a new supplier and the hosting provider’.
A spokesman let opposite Tweakers.net know that the church has moved to SIMgroep. This company took 37 gemeentewebsites of Gemeenteweb the beginning of this year. The organization is responsible for installing and managing e-overheidsproducten. A part of the municipalities was still busy with the migration, when the leak was discovered. The remainder would now also SIMgroep are to be found. The former Gemeenteweb is currently known under the name GW Crossmedia, among other things, software for municipalities develops and delivers.
A source in SIMgroep to let you know that the back-ups of the leaky gemeentewebsites not SIMgroep were, but at another party. The source would not tell to which party it may go. Were possible the servers are still the property of GW Crossmedia, but that organization refuses to substantively respond. It is certain that the insecure servers on Windows twisted; SIMgroep says only to work with open-source software.