The lost government gateway USB stick contained the complete source code for the website.
Jacques Erasmus, director of malware research at Prevx, claimed that the 4GB stick was almost full and the data was not encrypted. Studying it at the offices of the Mail on Sunday, whom the stick was handed into after being found in a car park, Erasmus claimed that the government were not taking the contents and loss seriously.
Erasmus said: “Luckily this time someone handed it in, but what would have happened if someone had got hold of it and tried to get into it?
“The most shocking thing was that the source code for the gateway was on there, this included code for the website, service commands and modules. So any hacker could get the source code as it was not secured and exploit the service.”
He claimed that nothing on the stick was encrypted, and that the 4GB USB had only 51MB of free space, with more than 15,000 files on it including 60MB of C-sharp Java code.
Erasmus continued: “These are not the kind of documents that you want people to see as it showed how the payment systems integrated and how the code blended with the payment gateway – any attacker would find this to be very useful.
“The thing that I am struggling to comprehend is that the Mail had such a hard time working with the government because their view was ‘it is not significant so we'll speak to you when we have time', which from my point of view is crazy as it is really not the right way when you are trying to deal with the situation.
“It is strange that the government keep trying to deny that it is a big deal when it is, what would have happened if a Russian Mafioso had got hold of it, would it still not be a big deal?”