- Date published:
2:37 pm, June 5th, 2019 - 121 comments
Categories: Carmel Sepuloni, Dr Deborah Russell, jacinda ardern, phil twyford, Simon Bridges, uncategorized - Tags: Budget 2019, wellbeing budget
It seems to me there must be a training course where National puts all of its politicians. They then develop their sense of utter entitlement and complete indifference to behaviour which could open them up to criticisms of hypocrisy not to mention irrelevancy.
Take as an example how Simon Bridges went ballistic at the news that someone had leaked a couple of days early budget information about his spend on limousines. Compare this with his glee at the exploiting of a system failure to publicise a couple of days early commercially sensitive budget information.
Or this morning’s effort where he accused the Government of engaging dirty politics. As if.
From Radio New Zealand:
National Party leader Simon Bridges told Morning Report today there were two possible scenarios, and the situation was likely a bit of both.
“You’ve either got bungling incompetence, and I think we can all believe that could well be the situation, or you have some broad form of deceit and … dirty politics.
“And we need to see what’s going on here.”
He said the GCSB told Treasury and the Minister of Finance that there had been no systematic hack, but Treasury came out after this and said there had been.
“The reality of this situation is it’s pretty black and white isn’t it.
“[Mr Makhlouf ] was told certain things by [the] GCSB, they made changes to their website to deal with what had happened, and yet they sat on a lie that there had been criminal hacking – and there hadn’t.”
He said said it was a question of when, not if, Mr Makhlouf resigned.
National’s behaviour is hypocritical given that it breached CERT protocols that the last National government oversaw the introduction of. The protocols contained this part:
Wherever possible, CERT NZ encourages any individual or organisation that has identified a potential vulnerability (‘Finder’) in a product or online service to make direct disclosure to the individual or organisation that developed the product or service or is responsible for maintaining it (‘Vendor’). The Vendor may have its own vulnerability disclosure policy or provide guidance on how it will receive disclosures.
Where the Finder does not want to contact the Vendor directly, or has not had any success in contacting the Vendor directly, CERT NZ is available to receive a vulnerability disclosure.
Such optimistic statements are not for the National party obviously.
And although I agree that National’s behaviour did not involve criminal hacking it was hardly the behaviour of a responsible opposition. Bridges could have declared that National had discovered a security problem and then not disclosed the information. He would have received kudos for being responsible and for not being an idiot willing to compromise the country’s interests for political gain. Instead of this he overreached.
Alexander Stronach has this accurate description of what happened:
Whether or not it’s a “hack” doesn’t really matter: it’s an intentional attempt to gain access to private data. It utilised an exploit to pull content that wasn’t meant to be public. It’s a breach. More than that, there are established protocols for what happens if somebody finds an exploit in government software. These rules were written by the National Party in 2014, and National failed to follow them. Their failure to follow protocol merits investigation: they let the particular use of an exploit go undetected for their own political gain. Even if the content was delivered to them anonymously by a no-good samaritan, they bear at least partial responsibility for this because they went public instead of reporting it.
Where did the Treasury fuck up?
- They should’ve considered their SOLR configuration when they cloned their data to the staging server.
- They probably shouldn’t have cloned their web server to begin with—making a staging server from scratch with the same dependencies might have been a pain in the ass (I’m honestly not sure: I don’t know what their dependencies look like) but it would’ve been a lot safer.
- They could’ve been jazzier about this year’s subtitles.
Where did the National Party fuck up?
- They identified an exploit but—instead of following CERT protocol—they used it for their own personal gain.
I’m not gonna lie, it’s bad. Somebody dropped the ball, and somebody else put a knife into it.
National was really upset that Robertson said they may be have been in possession of hacked information. I am not sure why.
Obviously to allege that they may be in trouble with the authorities is an awful thing. After all it is not as if an MP has been accused of sending inappropriate text messages or party officials and members have been partitioning donations for MPs positions to hide the donation from the Electoral Commission.
And what is it with how long it has taken to finalise these inquiries. Police regularly take decisions on matters involving domestic relations within a matter of days. I actually don’t think that a conviction is warranted. But everyone should be treated equally under the law, even National Party MPs. and the public deserves to know what is happening,
The other investigation involving National, the Serious Fraud Office investigation into the $100,000 donation that was neatly partitioned into smaller non declarable donations, is also outstanding. This one is important and I look forward to the investigation being concluded.
And today I attended a Budget Wellbeing meeting hosted in Waitakere featuring Jacinda and local MPs Carmel Sepuloni, Deborah Russell, Peeni Henare and Phil Twyford. There was a lot of interest in what the budget will mean for the wellbeing of the local community. And not one question concerning Treasury’s web server security.
This is the typical beltway issue. Bridges taking it to the maximum may help preserve his leadership, at least for a while. But it will not win National any support.