Privacy Violated, When Your Life Is Exposed And You’re The Last To Know

Family pictures, porn, German armed forces' internal data – openly accessible on the internet. One mistake is enough and your privacy is destroyed.

Johannes Boie, Catharina Felke and Simon Hurtz

MUNICH — Mr. Maier was lucky. The money's still on his bank account, nobody used his Amazon account and no one has read his emails in his web.de inbox. Maier's login data for 47 online platforms were made accessible to the public, without his consent or knowledge. Criminals could have extracted data from his private life or ruined him financially.

Maier's real last name is indeed Maier, and he is a retired resident of the state of Baden-Württemberg in southwest Germany. He doesn't want to reveal anything else about his life for this article, though we already know what matters. His son had set up a private server for him, years ago. On his network drive, Maier stored family photos, old working papers, digitalized versions of his vinyl jazz record collection — and one Word document with the encrypted login data for all of his online accounts. Among them: his bank account, Amazon, eBay, PayPal, three email accounts and an online pharmacy.

"My son is good with computers," he says. "At least that's what I'd thought." As a matter of fact, all the content of his hard disk was online and freely accessible. Anyone could have retrieved them, without even requiring a password. It's accessible via Shodan, a search engine that finds connected machines like routers, webcams and servers. That's where we found Mr. Meier's data, contacted and warned him.

It's hard to reconstruct how Maier ended up involuntarily revealing his whole digital life. His son had moved to the United States, confirming on the phone that he had set up a password together with the server, not leaving open any unnecessary ports that could have been gateways into the home network. Those are, by the way, the two most common mistakes people make, as a result, inviting strangers into their system.

Maier's router is connected to a DS212 of Synology, an older server for private use. Such network storage devices (called NAS), can be found in hundreds of thousands of German households. Many use them as backups of the hard disks of their work station, storing photos and videos, in order to be able to access them when on the move. Those who don't want to entrust their data to one of the big cloud providers like Amazon, Dropbox, Google or Microsoft can install an NAS as private and supposedly safe alternative. But apparently it isn't always that safe.

Photo: Christian Ditaputratama

We found sensitive date from dozens of people in Germany: private photos, videos labeled Sexy Blondes Scene 3, employer references, bills, an architect's blueprints and extensive income tax declarations. One man for instance had stored the login data for 32 online services like Google, Amazon, eBay and his online banking in a Word document under the obvious title "ProviderUserPassword.docx". The concerned people use machines from big providers like Synology, Onap or Zyxel. And yet, the companies cannot be held responsible, as most likely the errors were committed by the users during the setup.

We were able to retrieve the data via the so-called File Transfer Protocol (FTP). The FTP makes it possible to access hard disks via the internet, even if you're not in the same network. Companies and universities use FTPs, but private network storage devices provide it too. In theory, the transmission is supposed to be encrypted.

That's also what a certain ship captain thought. The officer from the Ministry of Defense had set up a "My-Cloud" hard drive from Western Digital in his apartment. He stored his entire life on it, both private and professional. He used the small home server as a backup for his computer: Account statements, email passwords, data from family members and the CV of his daughter were open and accessible on the Internet.

Among the working papers were scanned identity cards from the German army and a detailed agenda with meetings in the Ministry of Defense. None of these documents should have been public.

On the phone, the officer claimed he couldn't know how the data was hacked, since access to the documents was secured by a password. When he understood that he had been mistaken, he immediately hung up.

Incomprehension, defensive reflexes, calls ending abruptly — that's how many confrontations with affected persons went for our team of reporters. The majority reacted with shock and concern, vowing to take all the necessary precautions and thankful for the warning.

Mr. Maier has set up new passwords for the 47 websites listed on his the Word document, checking each account for suspicious access. "I had more luck than wisdom," he says.

From now on, a password manager will store all of his login data. "Now I don't have to remember a single password on my own," he says. "Maybe that's better anyway, at my age."

Keep up with the world. Break out of the bubble.
Sign up to our expressly international daily newsletter!

In Argentina, A Visit To World's Highest Solar Energy Park

With loans and solar panels from China, the massive solar park has been opened a year and is already powering the surrounding areas. Now the Chinese supplier is pushing for an expansion.

960,000 solar panels have been installed at the Cauchari park

Silvia Naishtat

CAUCHARI — Driving across the border with Chile into the northwest Argentine department of Susques, you may spot what looks like a black mass in the distance. Arriving at a 4,000-meter altitude in the municipality of Cauchari, what comes into view instead is an assembly of 960,000 solar panels. It is the world's highest photovoltaic (PV) park, which is also the second biggest solar energy facility in Latin America, after Mexico's Aguascalientes plant.

Spread over 800 hectares in an arid landscape, the Cauchari park has been operating for a year, and has so far turned sunshine into 315 megawatts of electricity, enough to power the local provincial capital of Jujuy through the national grid.

It has also generated some $50 million for the province, which Governor Gerardo Morales has allocated to building 239 schools.

Abundant sunshine, low temperatures

The physicist Martín Albornoz says Cauchari, which means "link to the sun," is exposed to the best solar radiation anywhere. The area has 260 days of sunshine, with no smog and relatively low temperatures, which helps keep the panels in optimal conditions.

Its construction began with a loan of more than $331 million from China's Eximbank, which allowed the purchase of panels made in Shanghai. They arrived in Buenos Aires in 2,500 containers and were later trucked a considerable distance to the site in Cauchari . This was a titanic project that required 1,200 builders and 10-ton cranes, but will save some 780,000 tons of CO2 emissions a year.

It is now run by 60 technicians. Its panels, with a 25-year guarantee, follow the sun's path and are cleaned twice a year. The plant is expected to have a service life of 40 years. Its choice of location was based on power lines traced in the 1990s to export power to Chile, now fed by the park.

Chinese engineers working in an office at the Cauchari park


Chinese want to expand

The plant belongs to the public-sector firm Jemse (Jujuy Energía y Minería), created in 2011 by the province's then governor Eduardo Fellner. Jemse's president, Felipe Albornoz, says that once Chinese credits are repaid in 20 years, Cauchari will earn the province $600 million.

The Argentine Energy ministry must now decide on the park's proposed expansion. The Chinese would pay in $200 million, which will help install 400,000 additional panels and generate enough power for the entire province of Jujuy.

The park's CEO, Guillermo Hoerth, observes that state policies are key to turning Jujuy into a green province. "We must change the production model. The world is rapidly cutting fossil fuel emissions. This is a great opportunity," Hoerth says.

The province's energy chief, Mario Pizarro, says in turn that Susques and three other provincial districts are already self-sufficient with clean energy, and three other districts would soon follow.

Keep up with the world. Break out of the bubble.
Sign up to our expressly international daily newsletter!