Curiouser and curiouser

Written By: - Date published: 7:38 am, June 13th, 2011 - 209 comments
Categories: same old national - Tags:

The Herald has a story about the database debacle in which Labour’s president states:

one of the first downloads of the information appeared to be from a National Party head office internet address

If this is the case it raises some serious issues about how the data ended up in Cameron’s hands and whether the National party will take responsibility for any breach of privacy he engages in.

We’ve known for some time that the Nat’s launder some of their dirty tricks campaigns through their bloggers. Now it looks like they’ve been caught red-handed.

209 comments on “Curiouser and curiouser ”

  1. Brett 1

    I find that hard to believe.

    • IrishBill 1.1

      Do you really? Even though the minutes that were emailed to Aaron Gilmore by accident also ended up in Cameron’s hands?

      • Brett 1.1.1

        If you were going to rob a bank, would you turn up in you’re own car?
        Who ever hacked the Labour party website obviously has pretty good skills on the computer and would know that his/her ip could be tracked
        So to do it from a National Party head office internet address would have to be the height of stupidity.

        • Eddie 1.1.1.1

          so, your conspiracy theory is that Whale masked his ip to be …. the same as National Party HQ’s?

          That’s fucked up even by your standards.

        • Colonial Viper 1.1.1.2

          If you were going to rob a bank, would you turn up in you’re own car?

          I wouldn’t, but then again…

          http://www.theage.com.au/world/stupid-bank-robber-leaves-pay-slip-behind-20081230-76xb.html

          The robber left behind his demand note, written on a torn half of the pay slip.

          Investigators found the other half of the note – with Infante’s name and home address – outside the bank’s front doors. The pay stub showed Infante was paid $US165.99 by Jewel Food Stores on October 23, according to the FBI.

          “It’s fairly unusual that we see something that specifically stupid,” said FBI spokesman Ross Rice.

        • Lanthanide 1.1.1.3

          “Who ever hacked the Labour party website obviously has pretty good skills on the computer and would know that his/her ip could be tracked
          So to do it from a National Party head office internet address would have to be the height of stupidity.”
           
          Evidently you don’t actually know very much about how the internet and IP addresses work. The only way that a full communication can take part with a specific IP is:
          1. The communication was legitimately from that IP address.
          2. The legitimate owner of the IP address had a backdoor connection into their network, either deliberately (eg, proxy server) or a hacked connection.
           
          At best, National Party head office has very poor security. That is unlikely, in the wake of the Brash email leak.

          • ghostwhowalksnz 1.1.1.3.1

            They didnt have much choice. Most ‘home users’ would have the hacker tools blocked by the major ISPs, so you need a ‘business’ internet connection.

    • lprent 1.2

      Brett: A Labour webadmin is stupid enough to leave files readable in directories accessible by a web server. A National party hack is stupid enough to use a machine at national party headquarters to find and download data from that directory.

      Both sound like the usual SNAFU’s. What is hard to believe about that? Securing servers and running through TOR or a proxy server both require effort and screwing up on either is not unusual. I’ve done both and far worse things in the past (like confidently and accidently wiping a server directories because of using rm -rdf * when I had some NFS mounts in my local directory).

      Shit happens

      • Brett 1.2.1

        Fair enough,you’re knowledge on these things are a million times greater than mine.
        Just seems crazy that if you were going to do something dodgy, you would do it from National HQ.

        If this is the case then the people who did it ,obviously did it without head office approval.

        • lprent 1.2.1.1

          Doesn’t matter if there is approval or not. It is the act of doing it that counts.

        • Lanthanide 1.2.1.2

          “If this is the case then the people who did it ,obviously did it without head office approval.”
           
          That’s not obvious at all.
           
          Unless you’re trying to say that if head office had approved it, they would have been much more careful to cover their tracks? What other skulduggery is head-office approving that we don’t know about?

    • Jum 1.3

      Brett,

      Or a government flush on its sense of its own power would not care about its lax behaviour about stealing information.

  2. One aspect I have not seen commented on yet is that it appears that an offence may have occurred.

    Section 252 of the Crimes Act 1961 says:

    Every one is liable to imprisonment for a term not exceeding 2 years who intentionally accesses, directly or indirectly, any computer system without authorisation, knowing that he or she is not authorised to access that computer system, or being reckless as to whether or not he or she is authorised to access that computer system.

    Under the definitions section (s 248) a computer system includes stored data.

    Open and shut?  Cameron and someone at National HQ may have got themselves into trouble.

    And I agree this is something of a National Party blitzkreig.  I wonder if it is related to the recent Roy Morgan poll that showed Labour’s support surging?

    • queenstfarmer 2.1

      It’s never quite “open and shut”, but the anti-hacking law is broader than many think and people need to be very careful about it. If any form of unauthorised access has taken place, the police must investigate.

    • ianupnorth 2.2

      Does that mean I can ask for him to be arrested like that bloke did with Trevor Mallard?

  3. higherstandard 3

    I would be amazed if one of the first downloads wasn’t from the National party head office.

    If someone phoned Labour HQ and said ” have a look at the Labour website, those fuckwits have left their data in the open” do you seriously think Labour wouldn’t be downloading the data ?

    Fucking dicks the lot of them.

    • lprent 3.1

      From what I’m hearing, they are the first download. If that is confirmed it is a bit of a smoking gun.

      • jbc 3.1.1

        Based upon similar cases that I’ve looked at; the word of the sysadmin is often as worthless as the security they have configured.

        I’ve had people tell me they’ve been “hacked” by some IP address recently – and then I’ve found evidence that the hole was exploited several months earlier. Not to mention the “hacking” was anything but.

        In another case where legal action was contemplated and electronic evidence requested I discovered that log files were pretty much useless. Circumstantial at best. Problem being that the whole machine should have been ‘sealed’ or something similar before anyone looked at it. Logs, emails, etc can all be manufactured. No case was prosecuted in spite of strong electronic evidence.

        I’m not disputing what happened – just saying what I’ve seen before. IANAL, etc.

        • lprent 3.1.1.1

          Yep – it is circumstantial. If you look at almost all evidence it always is and not just in computers. That is why almost every case is built out of corroborating evidence from several sources.

          Computers are definitely a case where damn near everything can be ‘adjusted’ if you’re sufficiently skilled, have access, and have time. Every ‘secure’ transaction is defined by how much effort and resource is required to break it rather that trying say that it can’t be broken. For instance the EMV standards for credit card reader to approvers are defined that way (that was one set of standards that was a pain to figure out how to implement).

      • Draco T Bastard 3.1.2

        That would indicate that they found the breach some time ago and had been waiting for anything to be put there. I’d suggest going through the logs to see if anything else has likely ended up being accessed.

        • Colonial Viper 3.1.2.1

          Find a security vulnerability and then exploit it over time. Yeah that will mean something in a Court of Law. Like finding an ATM which pays out an extra $20 everytime and then repeatedly going there to make withdrawals over the course of a day.

  4. sdm 4

    Do you have any actual evidence to suggest it was National?

    • bbfloyd 4.1

      thanks sdm, you’ve cheered me up on a dull monday.. you must be the tenth or twelfth desperate tory to try that weak line of attack. keep it up guys. every one of you dickheads doing this just makes it more obvious that your beloved head jackals have been caught stealing..

      now the rest of the country are going to see what you people are really made of. “snips and snails and puppydog tails” doesn’t even start to cover the filth that your lovely party is full of.

      i’m looking forward to the charges that will be brought to bear on the theives working for their masters in the national party by persons who will have their privacy illegally compromised.

    • lprent 4.2

      Yep. From what I have heard (been ringing around a bit this morning), the first IP accessing the data resolves to a national party IP. It will be from the web server logs.

      That is pretty conclusive at least for anyone who runs web servers (like myself). Depending on the date of the access it should be pretty easy to corroborate that with logs at the ISP.

      So, with that out of the way, what do you think about National running a hacking campaign against Labour, and then feeding the information out via their poodles?

      • PeteG 4.2.1

        It doesn’t mean it’s hacking – it could be, but it could also be the result of a standard search. Googling isn’t hacking.

        • Lanthanide 4.2.1.1

          Pete, unless you have any idea on how the actual data was obtained, I think you should stay out of theorising how it was obtained. A “google search” is highly unlikely to link to the exact file(s) they downloaded.

          Even if that were the case, I would suggest that much like piracy on the internet, even if you downloaded it from a link you found via google, you would still know that what you were doing was wrong/illegal.

        • lprent 4.2.1.2

          The law on pulling data out of machines is somewhat broad. There is a good probability that something about extracting it or using it is illegal. It was unlikely to be a google because that only traverses links and this sounds like files being dropped into a temp directory. Probably someone left that directory indexable. I wouldn’t mind having a look at the server logs because then I could tell you exactly how they found it.

          But in any case, politically this is very bad for the Nats. It is devastating for Whaleoil because he will forever be regarded as a puppet for the Nats to feed info from. There have been previous instances, but none with such a direct link.

          • PeteG 4.2.1.2.1

            But in any case, politically this is very bad for the Nats. It is devastating for Whaleoil because he will forever be regarded as a puppet for the Nats to feed info from. There have been previous instances, but none with such a direct link.

            You wish. Trying hard to turn it from a “stupid Labour” to “bad National”. Good luck.
            I think this looks very bad for New Zealand politics.

            It’s like a swarm of seagulls with diarrhoea, shit flying in all directions.

            • mickysavage 4.2.1.2.1.1

              Umm no

              One party has a technical bug in its computer system that made it subject to a hack.  Another party hacks the system and then passes the information to a lap dog that publicises it.

              The first party is a victim.  The second party and lap dog should be the subject to a complaint.  

              And you think both parties are in the same situation?

              Is the best attack line the RWNJs have left?

              • Draco T Bastard

                Exactly. It’s obvious from the nature of the information that National did not have authorisation to access it and yet they did and then they hadn’t it over to their pet attack dog.

        • mickysavage 4.2.1.3

          Pete G

          It doesn’t mean it’s hacking – it could be, but it could also be the result of a standard search. Googling isn’t hacking.

          The law prohibits accessing the system.  It does not matter if you use google or any other method of search.  If you access the system and you know it is someone else’s system then that as far as I can see is the end of the matter.

          “Receiving” is totally different.  The information is not necessarily stolen so I do not see how receiving can apply.  

          But Whale and a Nat staffer should be rather concerned at their predicament.

          • queenstfarmer 4.2.1.3.1

            The law prohibits accessing the system. It does not matter if you use google or any other method of search. If you access the system and you know it is someone else’s system then that as far as I can see is the end of the matter.

            You are correct in sentences 1 and 3 (without authority, etc), however I would say sentence 2 is incorrect (as stated). As hacking is a crime, there has to be the necessary criminal intention (which in the case of hacking includes recklessness). Stumbling across information is not an offence.

            • Jim Nald 4.2.1.3.1.1

              “Stumbling” ? You must be joking. The guy was sleepwalking when accessing the system! Hola! Now, that is a great defence.

              • queenstfarmer

                No joking. I wasn’t talking about any particular person. I have no idea (nor interest, really) about how Slater got the info. But what I said is correct. And as you mentioned it, sleepwalking has actually been used as a legal defence (“automatism” IIRC).

                • Jim Nald

                  Even better, if sleepwalking fails, plead hypoglycemia (low blood sugar) as defence against hacking ! All we need next is an idiot as a judge.

                • Draco T Bastard

                  Of course you don’t have any interest in “how Slater got the info” because that would call into question the morals of your heroes in National.

      • sdm 4.2.2

        If you want to present some evidence that something has been done ‘illegally’ then do it. Whale does make the point that you do seem to have different standards when it comes to Hager/Wikileaks.

        Just produce the evidence.

        • Pascal's bookie 4.2.2.1

          Wikileaks mostly works hand in hand with newspapers, (or just hands the papers the info), editing out info on private citizens. At least for the last couple of years. WO seems to be threatening to just dump it all unredacted. So they aren’t really doing the same thing at all.

          Though WO is threatening to do what righties wrongly accuse Wikileaks of doing (with mucho ‘tutt tutting’ and ‘for shaming’), so there is some hypocrisy involved.

        • lprent 4.2.2.2

          Nope. Both Hager and Wikileaks obtained their information from people who were authorized to obtain it. Their act of passing it to Hager and Wikileaks was probably illegal. But using it by the recipients almost certainly isn’t for several legal reasons. In Hagers case we never found out which person(s) associated with the national party passed the information to Hager despite a police investigation. In the wikileaks case there is a guy in the US army up on charges for it.

          I suspect that this is a little subtle for you (or Whale) to understand. But this particular one appears to be a *lot* clearer about legality. For instance Whale has no journalist protection and probably did the download himself.

          • jackal 4.2.2.2.1

            Both Whale and DF work with a dedicated group of techies. They are reasonable skilled at writing code but this doesn’t extend to any sophisticated hacks. In any event, a breach of privacy has occurred, which is answerable by all involved. I would very much like to know the truth of the matter as I may need to go dig up some more tools to even out the playing field so to speak.

          • RobertM 4.2.2.2.2

            The issue of who hacked, stole or looked up the Brash emails is still a very embarrassing issue for National. Recently Farrar suggested it was likely some low level admin staffer or parliamentary worker who just happened to walk into the Brash office, flip the emails up on the screen and run them all off while the office was unattended for ten minutes. However given the general obsession with security of Act type politicians and Brash staffers that seemed unlikely. Clearly the heat on the real source is growing.
            Slater is also clearly trying to divert attention that a very likely source of the leak was from Bill English and his brat pack friends funneling the goods through there low level friends and associates in the Brat pack associate Nat Party. Obviously Cameron is not a friend of English and the brat pack but the deposing of the Deputy Leader and Finance Minister, five months out from the election would probably be terminal at this point, a year before the scheduled Brash Collins takeover in a years time.
            If the Brash emails were so easily obtainable, how come Whale Oil has not looked up or hacked the Goff emails of the last years and how come he didn’t penetrate the Helen Clark and H2 emails in 2007-8.
            Just as bad for Brash and the Nats is the possibility is that Brash emails were hacked by the GCSB and when they were deciphered in Canada, US or UK leaked thru intermediatries because the sterling Clark contribution of the SAS, Project Protector and in particular the decision to maintain and upgrade the Orions to US requirements left a much greater impression on Condi and the White House than the general Brash indifference and distaste to anything in the defence field.

  5. Where is Farrar on all of this.  He jumped up and down about the Hollow Men and the supposed illegality in the way that the data was obtained.
     
    But we have here a fairly case of unauthorised access and he is silent.  AND we have strong evidence suggesting that elements within the National Party are involved.
     
    Labour should make a complaint to the police.  The police could then seek a search warrant to allow them access to National HQ’s computer records as well as Slater’s.
     
    This may come back to bite them big time.
     
     
     

    • Anne 5.1

      Labour should make a complaint to the police.

      Of course they should.
      It matters not there was a “vulnerability” in a back-up system. Like every other hacking crime there is a vulnerability of some sort that allowed it to happen.

      If Labour doesn’t demand a full scale police inquiry then, frankly, I wonder if they deserve to win the election.

    • Tiger Mountain 5.2

      This one might actually deserve the overused “Gate” tag. Don Brash went the Police route on the ‘Hollowmen’ emails but go nowhere because it was an inside job. This has different elements.

      • felix 5.2.1

        No gate. Never gate. Not even in jest.

        • Daveosaurus 5.2.1.1

          Considering the events at the heart of Watergate, I’d think this is perhaps the only scandal so far this century that does merit the -gate suffix.

          • felix 5.2.1.1.1

            No, because it still doesn’t make sense. It’s not a question of degree or of similarity, it’s a question of the meaning of the word “gate”.

  6. Peter Bains 6

    why was Parl. Serv. processing Labours donationations via credit card?
    Sorry all, Broard is no longer chief pig. I am sure the police will investigate in good time when complaint is laid.
    We, the Nats own the pokice now, so timing should be about 7 months from now.

    • lprent 6.1

      I suspect that you are confusing two different stories. But you being confused is pretty normal.

    • bbfloyd 6.2

      peter..you sound like gerry brownlee suffering speed induced delusion. you would have to be to be proudly boasting about how corrupt your party is.

      so you’ve convinced youself that you, and your fellow pigs are untouchable now? if i thought you had the ability to read more than half a page before losing the plot, i would recommend “animal house” as an instructive manual on how your beloved fascists will crash and burn under the weight of their own hubris and corruption.

    • Michelle 6.3

      Talbot’s a contractor employed part time and separately both the Labour Leader’s Office and Labour HQ. Seems like he was processing credit card payments at HQ.

      And seems like Slater didn’t do his research.

      Might be time to stop drinking his brand of kool-aid, Bains.

  7. Mike Readman 7

    Hahahahahaha!!! Losers!

  8. NickP 8

    one of the first downloads of the information appeared to be from a National Party head office internet address
    I can think of a number of ways to hijack an IP address, but the moment it is in a semi secure environment (as National party LAN should be) it gets difficult to hide several links in the chain. A good forensic IP specialist could uncover pretty much all the details.

    So where does that leave us?:
    1. Slater claims to have the information (legally property that does not belong to him and should reside elsewhere)…in common legal terms that is “recieving”.
    2. National or a device on their network may also hold this information….once its been on disk it does not go away even if you delete (traces remain to forensics)…if they are in receipt they too are “recieving”…

    Crims go and do time for “recieving”. An honest party would if they were sent this information immediately acknowledge reciept of stolen property to the owner and the correct legal authorities.I think it time for the Police to become involved.

  9. ianmac 9

    And would a MSM site willingly publish information so acquired? Or would they also be guilty of receiving illegally acquired info?

    • McFlock 9.1

      1) irrelvant because WO ain’t a journalist
       
      2) there have been a number of court cases re: journalists protecting sources or using “leaked”/”stolen” information. My understanding is that the courts tend to come down in favour of public interest of a free press but it is balanced by the public interest of the information released. E.g. exposing endemic fraud or politicians lying about reasons for invading other nations is given wider berth than just publishing people’s personal details because the editor’s a dick.
      Currently there’s a bit of an issue in the UK re: media hacking celebrity cellphones and voicemail. It could well end badly for the papers or more likely their PI (simply on an availability of evidence issue).

      3) If the MSM publish my details using stolen data (particularly if the issue isn’t particularly newsworthy) I can complain to the Press Council or Broadcasting Standards Authority. With WO I can only complain to National Party HQ – who might have a conflict of interest, there. Even if it’s in a “blind” trust.

  10. obvious 10

    It makes me laugh all this about hacking talk.

    There was no hacking. None – zero.

    All the files were left on a publicly accessible website – all there for downloading. Nothing illegal about that in the slightest.

    Just looking at what he has published so far – the most important bit as far as I can see is labour plans to use PS for their own benefit (I guess you have to do this when you are broke-assed):

    “The minute stated the “Labour North” collective should “use Parliamentary Services for best outcome of LP (Labour Party)”.”

    Given that labour have already been caught cheating doing this before I think they should come down on them like a ton of bricks. Its theft of taxpayers money pure and simple. Worse – they are conspiring to take tax payers money.

    No – I dont believe publishing names of donors is a good thing – and actually I hope he does not. But if I was labour – I wouldn’t be thinking that is the most he has on them – as the minutes prove.

    I look forward to his complaint to the speaker about the misuse of PS – and I hope that labour have to pay it back (again).

    • sodapaper 10.1

      Pure curiosity – So the files where download from say a link like
      labour.org.nz/filesthatshdbesecure or something.

      ?

      • lprent 10.1.1

        Most like from something like http://labour.org.nz/tmp/backup/12324.sql

        The more I look at the various acts the more it seems to me that the criminal intent of the downloader becomes more and more important.

        • queenstfarmer 10.1.1.1

          It’s not just “important”, it’s necessary in order for a crime to have been committed. And one should be very careful to impute criminal intent, which is a jury’s job after hearing all available evidence (cf Darren Hughes saga).

          • lprent 10.1.1.1.1

            Ah, I didn’t impute anything – read my comment carefully. What I said was my interpretation of the legal test for charges in the various laws on hacking.

            If you think that comment is dicey, then I suggest that you never ever read any legal textbooks. They’re full of exactly the same discussion of what is a legal test for most laws.

    • Blighty 10.2

      The info was not sitting in a publicly accessible part of the site. National had to breach security to get at it. It might not be ‘hacking’ but it sure looks like a breach of the Crimes Act to me.

  11. DavidW 11

    You can bleat on as much as you like about the “how”, in the end it is irrelevant.

    What is of greater interest is the “what” And before anyone gets all huffy about privacy, I suspect few care much about any personal details that might be inherent in the files that Slater has obtained – in fact I very much doubt that they will be published. No, what is interesting is the story that is told around the detail.

    The use of PS funded staff to process credit card details,

    the level of success (or lack of) in the fundraising campaign,

    Other misuse/abuse of PS dosh by political parties,

    Property rorts,

    Expense account malfeasance,

    GST and PAYE issues,

    FBT abuses,

    Undeclared political support by third parties.

    Oh what fun times ahead.

    • Dave Talbot works part time for PS and part time for the party.

      Good try but you will need something better than that. And you forgot to add breaches of the Crimes Act.

      Fun times indeed.

  12. randal 12

    would you buy a second hand car from john keys?

  13. Tom Gould 13

    Curious, indeed, that just when the polls start to move, and the rubber budget is beginning to get some media coverage, the next ‘pseudo-scandal’ on Labour is unveiled by the Tories.

    • Blighty 13.1

      And Slater himself says he has been looking at this info for months. No such thing as a coincidence.

  14. Ten Miles Over 14

    (munches popcorn)

  15. William Joyce 15

    Well, it’s past 9 am and I am wondering, “Is that all he’s got?”
    – a minute from a regional meeting that suggested using PS. It doesn’t mean that anyone followed up on that.
    The minutes could equally have recorded that a suggestion was made that a death squad of freelance Serbian priests be contracted to capture John Key’s cat and hold it for ransom until Key paid $2.50 in unmarked Indian Rupees and left it in a plastic Woolworths bag on the porch of Mrs Stoatgobbler at No. 15 Trotsky Place, Fendalton.
     
    – Records of David Talbot processing online donations which could well have been done in the hours he was NOT working for PS but for the Party HQ.
     
    It seems that WO can strut it like a gigilo but when you get him in the bedroom he fails to deliver!
     
     

    • Inventory2 15.1

      The next instalment is due for release at 2pm WJ

      • r0b 15.1.1

        I haven’t been this excited since the build up to Absolute Power.

      • mickysavage 15.1.2

        The 2 pm release is a bit of a damp squib and there is nothing there.  Slater may be running scared and is seeking legal advice.  Good idea, he might need it.

        • William Joyce 15.1.2.1

          …and here’s me thinking that the stain in his trousers was because he was being a bit “premature” in his excitement.
          Perhaps, it’s the “stain of fear” like you see in an Australian batsman facing a West Indian fastbowler?

  16. tsmithfield 16

    I don’t actually like this sort of behaviour from anyone, although I must admit the morbid curiosity of it all gets the better of me.

    Having said that, Whale oil does point to various articles on “the standard” and “red alert” that have supported the actions of Wikileaks in releasing sensitive information that is embarrassing for various authorities and governments. I am sure some of that behaviour could be argued to be breaching various laws. Yet plenty on the left have been praising wikileaks for its actions. So, how is what Whaleoil has done fundamentally any different?

    I disagree that he should be releasing innocuous information to cause unnecessary embarrassment (e.g. how much or little Labour has garnered in donations, or names of donors). But what if he provides evidence of actual wrong doing. For instance, if he finds firm evidence of Labour (or any other party) misusing parliamentary services. Should he, in the spirit of wikileaks, publish that sort of information, regardless of the legality of doing so?

    • Pascal's bookie 16.1

      Wikileaks works with media outlets and redacts info, WO is talking about dumping the names of private donors. Given there is nothing wrong with donating, hard to see it as whistle blowing. That’s what people are objecting to.

      Also, WL recieves leaks. WO went and retrieved this stuffm, it wasn’t given to him.

      Leakers can be, and are, charged where appropriate. People say wikileaks shouldn’t be charged because they aren’t actually doing anything illegal, in for instance, the diplomatic cables case.

      So the cases aren’t really similar; though it’s interesting that many of the people who think they are similar, felt Wikileaks were evil bastards, shootings too good for them, etc.

      • tsmithfield 16.2.1

        I understand the point both of you are making. And I have already said I disagree with names of donors and other sensitive information being released just for the sake of causing embarrassment.
        I disagree that Slater has necessarily sought after this information. Isn’t the point of this article that the National Party has dropped it into his hands. If this is the case, is he really that much different to wikileaks?

        However, neither of you have answered my question about what Slater should do should he find information that points to behaviour that contravenes the rules.

        It seems to me that the left can’t be too precious here. Afterall, I remember the left being all over “the hollow men” and the Brash e-mails.

        • r0b 16.2.1.1

          If he finds info about breaking the rules he’s entitled to publish it (in my opinion IANAL).

          But listing individual donors is illegal and thuggish attempt to intimidate.

          From what we’ve seen so far (mate from Oz sits in on a meeting horror!!!) my guess is he’s got nothin.

          • tsmithfield 16.2.1.1.1

            Pretty much agree with you. I haven’t seen much that deserved publishing thus far. Probably the most potentially damaging is the insinuations about parliamentary services, especially since Labour has previous form in this area. Will be interesting to see what comes out in this respect.

        • Pascal's bookie 16.2.1.2

          Isn’t the point of this article that the National Party has dropped it into his hands.

          Not quite. The NP showed him where to look, which raises the question of why they didn’t make hay with it themselves if there nothing wrong with doing so.

          Of course it’s fine to provide evidence of wrong doing, goes without saying, but there has been more hinting at than showing evidence of so far. Which again raises questions.

          If there is evidence of wrong doing, why the pivot to donor names and fund raising issues, (complete with rightie commenters darkly murmuring about cross referencing to jobs, winz payments, etc), why not keep the focus on the genuine stories? Delaying the release can help, but changing the subject is rarely good tactics, unless that subject is not a strong one…

          • tsmithfield 16.2.1.2.1

            I agree with you. I don’t see any point in releasing donor names as I have said several times above. I think Slater is way out of line in this respect.

    • lprent 16.3

      Having said that, Whale oil does point to various articles on “the standard” and “red alert” that have supported the actions of Wikileaks in releasing sensitive information that is embarrassing for various authorities and governments.

      Quite simply WhaleOil is full of crap. For instance my post on Marianne Ny had nothing to do with legality or otherwise of wikileaks actions. It was about the swedish legal system. Most of the other posts (from my quick scan) also did not look at the legality of the information source. They looked at the question of how well it was being used by the journalist based outlets.

      Perhaps you should read the posts he linked to rather than lazily re-spewing Whale’s crap here.

      I don’t think based on past performance that you are simply too thick to understand the distinction (I know that Whale is too thick).

      • tsmithfield 16.3.1

        Is the distinction that this is a blogger attacking the left this time, rather than the likes of Hager who use similar tactics to attack the right?

        • Pascal's bookie 16.3.1.1

          Hager redacted heaps of what he had, and wrote a book themed on modern political operations. WO is threatening to just dump a database of private donors. It’s not even remotely similar.

        • lprent 16.3.1.2

          Nope. The distinction is that Whale appears to be the person who extracted the information himself and is proposing to use it for personal gain.

          I repeat, surely you’re not as thick as Whale?

          • U 4 United 16.3.1.2.1

            “personal gain?” To whom? WO? I can’t see that despite the overdue sunshine cast on Labour’s negligent care of its so-called friends’ data. The NZ Labour Party couldn’t open a paper bag at the right end and you are attempting, again, to defend the utterly indefensible! If you applied some decent thought to this matter you’d be grateful to WO for exposing your uncovered flank.

            • lprent 16.3.1.2.1.1

              Advertising is at least one avenue. There is advertising on WO’s site isn’t there?

              We have it on this site to pay for the site. The dollars made are related to the number of page views on the site and number of clicks from people on the site. I’d guess that WO would be rather short of money on whatever benefit he is on. Pushing up his sites numbers will increase income.

              • The Voice of Reason

                Hmmmm. Is there any way of estimating the ad income and multiplying it by the increase in hits since the weekend? And any way of finding out if the derived income is going to Cameron Slater? I appreciate it won’t be huge amounts, but something close to a wage, perhaps?
                 
                And if it were close to a wage, that would be suggestive of an increased work capacity from Slater, even if only on an occasional basis. Nice to see all that expensive rehab finally working at last, eh. It’s been interesting following the debate about Slater’s obvious ability to run a blog and find time to go on hunting holidays while simultaneously being wholly incapable of taking a J.O.B. like the rest of us norms.
                 
                Raising children is work. Running a blog is also work. Raising kids is important and time consuming and a total commitment. Blogs, less so. The big difference? You can’t make money raising kids, but you can earn income and benefits in kind from running a blog. Slater is working full time, but not apparently generating enough declared income to warrant his removal from the benefit. The man’s clearly fit for work. Where’s Paula?
                 

        • felix 16.3.1.3

          How is releasing the details of small private donors in any way related to Hager?

          • tsmithfield 16.3.1.3.1

            For the third time, I have already said I disagree with releasing donors names. However, information that may point to illegal behaviour such as misusing parliamentary services is not, if he can put forward enough to make that stick.

            • felix 16.3.1.3.1.1

              So why do keep using phrases like “Hager who use similar tactics ” when there’s no similarity?

              I think you’re trying to paint Cameron as some kind of whistleblower without actually committing yourself to the words.

              Just say it. If you think Cameron is somehow working for the common good then say it out loud for once in your life.

          • Tigger 16.3.1.3.2

            Exactly felix, eyes on the ball here – the breach is stupid, it’s annoying, it’s embarrassing but publishing names of citizens where they intended that information to remain private is a huge breach of privacy. My ire isn’t at Labour, it’s at whomever decided to attack ordinary people personally like this. I’m hoping my name is among those released so I can take personal action against this bucket of shit.

    • Inventory2 16.4

      Weren’t Don Brash’s and Sarah Palin’s e-mails “private”? That didn’t stop leftists making political capital from them.

      And Cam Slater has also indicated that he will be complaining to the Speaker and to Parliamentary Services. If Labour has done nothing wrong, they have nothing to fear.

      • Draco T Bastard 16.4.1

        Weren’t Don Brash’s and Sarah Palin’s e-mails “private”?

        Considering that they covered how said people, as representatives of a political party, dealt with the public and the corruption of those dealings, no.

  17. Sam 17

    I’m concerned that all my info is available to anyone who cares to look. Isn’t there some kind of standard that organisations are supposed to adhere to when providing credit card payment facilities over the internet?

    Oh Yup. There is: Payment Card Industry Data Security Standard (PCI DSS)

    Why hasn’t Labour adhered to this standard?

    • Colonial Viper 17.1

      Hey Sam you should be concerned, the National Party and its proxies will stop at nothing to expose the personal details of private citizens it thinks are supporting Labour.

      • Colonial Viper 17.1.1

        Oh Yup. There is: Payment Card Industry Data Security Standard (PCI DSS)

        By the way that standard focusses on keeping cardholder credit card and debit card information secure. Labour stated that no credit card or debit card information had been stolen.

    • r0b 17.2

      Yeah it’s a stuff up.

      Maybe they were following a standard, I don’t know. If they were, and slipped up on implementing it, try not to be too angry. No credit card details were exposed.

      This is a mistake by some Labour web admin. I don’t know what security or standards they use, but I do know that they are over worked, under resourced, and trying to do too much with too little.

    • lprent 17.3

      Yes – that is about protecting credit card details numbers. As far as I can see it does not appear that Whaleoil has collected credit card details. If he had then merely being in possession of them would cause him to be visited by the boys in blue.

  18. randal 19

    no policy has let the plumbers out and I guess they found a leak.
    Now we gunna see John Keys with his finger in the dyke!

  19. Adrian 20

    This is theft, pure and simple. It is walking down a street and trying every car door until one opens and taking stuff from the vehicle. I have recieved an email to say that my info has been taken so tomorrow when I go to town I will go to the Police and lay a complaint. As I am a compleat dipstick when it comes to the techo internet stuff can someone give me a few pointers as to the correct technical jargon to describe the offence.

    • SHG 20.1

      It’s not theft. Maybe “copyright infringement”?

    • Tell the police it appears that your information may have been accessed without authority under Section 252 of the Crimes Act 1961.
       
      It is similar to theft but is more like opening someone’s diary and photocopying the pages when the Law says you should not unless you have the owner’s permission.

    • Anne 20.3

      Good on you Adrian. I’m angry too. I want Labour to go to the police on behalf of all of us. At the moment anyway, nothing less will suffice.

    • Mike Readman 20.4

      Wrong! Labour still has the info. This is like walking down the street and taking a picture of some stuff in a vehicle. But go ahead and make a complaint. I’m sure the police could do with a laugh.

      • Colonial Viper 20.4.1

        Mike Readman clearly doesn’t have any idea of “intellectual property” in the digital age where you can make copies of an original, leave that in place but it may still be theft.

        You’re so very 80’s Mike.

    • Colonial Viper 20.5

      Good on ya mate. Any other legal eagles want to give Adrian a heads up? 🙂

  20. djg 21

    Only 450 donors, not quite the 18000 labour would have us believe.

    The email lists will be interesting, the National Party IP address seems to not fly either, the data was collected long before it was used.

    There is only so much pop corn I can eat in a day, luckily this will continue on tomorrow.

  21. chris 22

    Now we know how Don Brash felt.

    • felix 22.1

      Why’s that, chris?

      Is it ‘cos all these people whose details Slater is releasing have been secretly plotting with extremist religious cults to rort the electoral system?

      Or is it just “uh durr computers or something”?

    • Colonial Viper 22.2

      Did someone take the good Don’s credit card details Chris? Or was it the fact that no one knew that he was a National Party donor?

  22. I must admit, the Nats Crosby-Textor certainly are a crafty sly lot,but very clever. The Dirty Trick B

    • Colonial Viper 23.1

      +1

      Not to be underestimated

      The Righties are desperate and the more their polls sag the more desperate they will be. Slater’s just the fall guy. The trick will be making the shit stick on who counts.

  23. Well what did anyone expect. Polls starting to change Tories getting a bit uneasy. Bring out the Dirty Tricks Brigade . Crosby -Textor too the rescue . Labour should know by now just what to expect from these “win at all costs” Right-Wing sleaze bags.
    However have obtained this illegal information just what are they going to do with it.
    Also was not this grease ball Cameron not in court a short while ago for Contempt of Court . I just hope this time there is some law he has broken and he is has to pay for it. Im not holding my breath most judges are inclined to be from the political right and this often shows in their judgements.

  24. djg 25

    It seems there was no hacking, a very handy video has been posted showing exactly where and how the information is gleaned.

    Isn’t that google a wonderful thing.

    I am surprised at the sites they have hosted on PS computers, it does not look good.

    Labour should own up to the mistakes fix the security and move on quickly before the Steisand effect takes hold.

    • It is funny but I reread this post and it is clear that some of the commentators knew about the details of the access before the rest of us.  I must admit that I did not know the details of how access was gained.  The way Whale presented it the access looked quite simple.  

      Two comments, firstly who gave the RWNJs the heads up.  It really looks like there has been a concerted effort today.

      Secondly if you come upon a disabled website does that allow you to have a peek through all of the directories?  It is like turning up to a shop where there are no shop assistants and you then choose to check out all of the private rooms as well as the shop area.  Is that right?

      Slater obviously thinks that coming upon a disabled website with the directories open lets him check out as much as possible.

      For me I would stop at the front door, so to speak, and tell the shop owner that they have a problem.

      • PeteG 25.1.1

        If it was the Whale blog site?

      • lprent 25.1.2

        That details of access is probably related to the private site that whaleoil runs. I suspect some of the faithful have access to it. I spotted it on a cached google page when I was around the net to check what was attached to my name. I was surprised to see several link scraps on a site I’d never heard of, including some comments by names I knew. The site owner turned out to be Cameron Slater. I filed some of the images.

        I haven’t checked to see if it is still active, but I am pretty sure something like that is still running from the concerted preliminary posturing that happens here when one of these flashes of Cameron exposure happen.

  25. obvious 26

    Seems whaleoil can prove that it wasnt given to him by the nats – I wont hold my breath waiting for the labour president to fess up.

    Hell – it was all publicly available on the web. All cached thanks to google and public forever.

    labour are the give that keeps on giving.

      • obvious 26.1.1

        indeed. When you lift their Kimono it seems that they weren’t wearing any panties.

        It was all hanging out there for everyone to see.

        Just shows how many people actually visit their sites.

    • lprent 26.2

      I realize that you’re a bit simple as well as being obvious. But Chris Flatt never said that the Nat’s gave WO the info. What he said was that they were one of the first (maybe the first) to download some of the information off the site.

      The question is open about whether the National Party HQ found the open data first or if Whale did. In either case what it does prove is the extraordinary closeness of links between WhaleOil and the National Party.

      The real question is how much of National’s poodle Cameron actually is. So far to me it looks like he barks on command.

  26. tsmithfield 27

    Having just watched the video on how Slater did it, I now don’t have any sympathy for Labour whatsoever, although earlier I was trying to be a bit charitable.

    I think it will be very difficult to claim that the data has been accessed criminally, since it was publicly accessible to anyone who found it. It is very common for information to be posted to websites for general download. Someone who found this information would be entitled to believe it was for public consumption simply on the basis that there was nothing to prevent it.

    Labour have stuffed up in a huge way.

    • lprent 27.1

      It was pretty much how I’d expected.

      Someone didn’t close off the index facility, and they left the files accessible by the public web server. Very stupid and happens all too frequently. That is what most ‘hacking’ consists of – exploiting some idiots mistakes.

      The question of illegality was always more on what the resulting information gets used for. It was always clear to me about how he was likely to have gotten access. But I’m rather surprised at how frigging open that system was.

      I’d make comments about using windows for webservers as well … but why bother.

    • Murray 27.2

      Exactly!!:The resulting roar of self righteous indignation, venom and hysteria on this blog also point out to why the The Standard is Nationals secret weapon against Labour being elected.
      After reading these blogs who on earth could think that the left have any credibility.
      In fact this site must be a National dirty tricks ploy. No other explanation for the stupidity that reigns here.

      • Colonial Viper 27.2.1

        Murray, the venom is going to get more toxic as National’s polls continue to drop and they lose ground. Key’s head is on the chopping block if his smile and wave charm starts wearing thin on the electorate.

        It hasn’t yet but it will.

    • Draco T Bastard 27.3

      Someone who found this information would be entitled to believe it was for public consumption simply on the basis that there was nothing to prevent it.

      Nope, it was obviously private information that they had no reasonable (Yes, the Privacy Act uses the word reasonable) right to. The reasonable course of action would have been to inform the site holder of the breach in security and delete any information that they had mistakenly obtained. Instead, it was released which gives a prima facie case of criminal intent.

      • mickysavage 27.3.1

        I agree with Draco.
        If you find $20 on the footpath and pocket it you are committing theft by finding.  If you find a diary on the footpath and read it and photocopy it you are breaching the owner’s privacy.
        Slater obviously stumbled on this disabled website and thought that it permitted him to check everything out.  How he reached this conclusion I do not know.  If it was me I would realise that the implied authority given to me by a url did not extend to checking out everything that I could .

  27. Berend de Boer 28

    Labour donations and credit cards cached by Google.

    Yep guys. No apology expected for smearing another citizen.

    • Colonial Viper 28.1

      You mean the one citizen who threatened to release the private, confidential and politically/commerciallyy sensitive details of thousands of other private citizens?

      Remind me why Whaleoil deserves an apology again?

  28. Inversesquare 29

    UN BELIEVABLE……. I reckon labour owes the peeps that made donations a HUGE apology….. You guys also owe Whale an apology. You can’t spin it any other way….. Shocker….. Face palm….. Unbelievable……

    • lprent 29.1

      Nope. I haven’t seen many people here who have said anything that require them to be apologetic. Most people seem to have assumed that the site was left open. The question is one of how that information has been spread and who is now holding exploitable information, and who is exploiting it for gain. That is the question of illegality.

      However I can see another wight wing myth in formation.

      • Murray 29.1.1

        There is no need for wight wing myths when the left creates this sort of reality> Priceless.

    • Colonial Viper 29.2

      Wow the National-linked systematic astroturfing machine is out in force.

      It’s almost like this was…orchestrated!

      • Murray 29.2.1

        Yep!! that’s what I mean. Your all National Party Lap Dogs, pulling the wool over the poor innocent working class

  29. Blue 30

    Cameron Slater did not hack anything, it is true. What he did was pretty much the equivalent of finding someone’s private diary left on the bus, and decided that since someone was so careless as to leave it out in the open, there could be no problem with publishing the contents on his website for the world to read.

    Slater is well known for having no respect or compassion for anyone he decides to target. He is a contemptible and disgusting individual with no honour, and asking for any semblance of morality from him would be futile.

    In this case, however, if he tries to publish any of that data he will be in breach of the Privacy Act. If he is in possession of any credit card details, and he says in the video that he is, then he may well find himself up on more serious charges.

    Labour were stupid to leave the door open for him, but if the National Party have any sense they will urge him to stop what he is doing now, before it blows up in their faces.

    One thing I am thankful for – knowing that if the boot were on the other foot, there is no one I know on the left who would stoop so low as to try to publish the private information of individuals in this way.

    • higherstandard 30.1

      “One thing I am thankful for – knowing that if the boot were on the other foot, there is no one I know on the left who would stoop so low as to try to publish the private information of individuals in this way.”

      ha ha ha he he ha ha ha he he snicker snort titter titter snort snicker snort…… I guess you don’t know many on the political left then from what I’ve seen of self confessed lefties on this and other sites they are just as big a pack of arses, crooks and swines as those that are self confessed righties.

    • tsmithfield 30.2

      “One thing I am thankful for – knowing that if the boot were on the other foot, there is no one I know on the left who would stoop so low as to try to publish the private information of individuals in this way.”

      ROFLMAO

    • Anne 30.3

      Thanks Blue for an excellent summary of the situation. It’s beginning to look like a Labour Party HQ staffer (or staffers) have been either lax or incompetent with their computer filing. I feel angry at them for having possibly compromised information concerning me. I am also angry that some hundreds (at least) other individuals are in the same boat. My concern relates to a previous occasion in the 1980s when false information concerning some political activities of mine were passed on to my former Public Service bosses. The resultant fallout ended up having serious consequences for me.

      I agree with your summation of Slater. He’s an unstable character and totally without empathy or compassion for anyone but himself and what belongs to him. Apart from the emailed letter to donors and supporters Labour is very quiet. I hope they are preparing a legal challange of some sort. They owe at least that much to those of us who have actively supported them in their endeavours to return to the treasury benches.

  30. Roflcopter 31

    Taking the whole Whale issue out of the scene, Labour need to be advising all their donors forthwith to cancel their credit cards.

    If it’s cached on Google, those card numbers are probably going viral right about now.

    • Colonial Viper 31.1

      If those card details are indeed on Google, then yep, those cards need to be toast, and now.

    • wtl 31.2

      While I can see many of the directory listings of the site and a few miscellaneous text files cached on google, I can find no evidence of names, e-mail addresses or credit card names cached or even indexed.

      • Berend de Boer 31.2.1

        And what other bots have indexed the site?

        Labour needs to contact EVERY single person whose details were on this server.

        And probably there were even passwords details on it, to access other servers.

        How many backdoors are currently operating on this server?

        PS: wikileaks good, whaleleaks bad?

        • ianupnorth 31.2.1.1

          Wikileaks was used to disprove/prove certain actions which had been denied or refuted (e.g. civilians being harmed) – preventing harm, identifying possible war crimes = good (in my book)

          Whaleleaks is using information to target known supporters of a political party with the intent of returning another National government. In my books, very, very bad!

        • Colonial Viper 31.2.1.2

          Trying to compare Whaleoil threatening the privacy of thousands of New Zealanders with Julian Assange exposing the nefarious activities of mega Governments and US corporates undermining small countries is laughable.

          And you know it.

          • Berend de Boer 31.2.1.2.1

            Remind me again Colonial Viper, what was the party that had outlawed political discussion for a year in three? The closest we have come to real dictatorship ever.

            If that isn’t nefarious, what is?

            • Pascal's bookie 31.2.1.2.1.1

              “what was the party that had outlawed political discussion for a year in three?”

              None that I’m aware of, (perhaps you could point me to one of these years in which political discussion was outlawed, and we’ll pick a random day from that year and take a look at some blogs) you should also have a look at what went down during the waterfront lockout for a comparison about ‘closeness to dictatorship’.

              It was illegal to give food to the children of locked out workers.

              And that’s without getting into Brownlee’s current powers.

              • Lanthanide

                That’s what I get for loading a page, reading another page, and then coming back to this one to post…

            • Lanthanide 31.2.1.2.1.2

              “what was the party that had outlawed political discussion for a year in three?”

              None, actually. In New Zealand, anyway.

              “The closest we have come to real dictatorship ever.”

              That would be Jerry Brownlee and CERRA/CERA, actually.

              • Sid Holland’s 1951 National Government did this.

                You are probably referring to Helen Klark (is that how you spell it?)

                Please provide evidence that political discussion was outlawed.  I was around at the time and I cannot remember a year where there was more political discussion, although a lot of it from one side turned out to be lies …

        • wtl 31.2.1.3

          The point is that the exact nature of the information exposed on the public webserver is not clear. Labour has said is names, e-mail addresses and donation amounts. Beyond this, there seems to be a lot of speculation that it includes credit card numbers and passwords, but I have not seen evidence of this, and I would think that Labour would have acted quickly if this information was indeed exposed. However, anyone who has gotten hold of the information will know, so others may know better than me.

          ps. As far as I know, online donations made to Labour are processed via a third party webserver, which may mean that Labour never has any record of credit card information.

  31. Berend de Boer 32

    There you go, I’m even quoting norightturn:

    Which is why allegations of criminality here are utterly ridiculous. Publication on the web is prima facie intentional. Sure, it happens by accident, but the idea that something can become retrospectively criminal because someone else has changed their mind flies in the face of our entire legal tradition. Meanwhile, if something is up and public, then you have a hell of a time proving that it was accessed with criminal intent, rather than in good faith (and knowing that other people are being stupid is not a sign of criminal intent).

    • Colonial Viper 32.1

      If access to areas of a system is used to monitor communications and documents which are clearly intended to be confidential, private or otherwise sensitive things change.

      That quote does not acknowledge that those files were never intended to be placed on a publicly accessible website, and had Labour known that they were, that information would immediately have been taken down.

      • Berend de Boer 32.1.1

        I probably won’t have to dig up any comments from you on Wikileaks Colonial Viper. Because we both know what your comments where then.

        If you put your stuff up for Google to index, you intend it to be public.

        • Draco T Bastard 32.1.1.1

          If you put your stuff up for Google to index, you intend it to be public.

          Nope, you could just be making a mistake.

          • Berend de Boer 32.1.1.1.1

            So the Labour Party is going to sue Google because it didn’t ask the Labour party for permission to index their donors?

        • Colonial Viper 32.1.1.2

          If you put your stuff up for Google to index, you intend it to be public.

          You’re a tech ignoramus right?

          Where did you get the wild idea that Labour put that personal information in order for Google to index it?

          • Berend de Boer 32.1.1.2.1

            By the fact they left the door open for Google to index. That’s how you indicate consent on the web. If you don’t want stuff to be indexes, you say so. Else it is assumed to be public.

            • Colonial Viper 32.1.1.2.1.1

              That’s how you indicate consent on the web.

              You made that up out of thin air.

              And it’s certainly not the principles that the Privacy Commissioner operates from!

            • lprent 32.1.1.2.1.2

              BdB: that has to be one of the most ridiculous bits of bullshit I have ever read bout the net. I suspect you dragged that directly out of your navel hair.

              I have been around the nets for decades and reading law off and on about it for about the same length of time. There is no such implied consent.

              Sounds like another bit of idiocy from the master of no understanding

              • FromTheSidelines

                I’m pretty much a basic web/computer sort of person, but even I know, when I set up a Word Press blog that I have to “tick the box” to get Google to index it. Which means if I don’t want Google to index it, I need to make sure the spiders don’t visit.
                It seems like who ever the webmaster was, didn’t know much about web security.

                Also, I’d be interested to know who on this thread has never downloaded music, movies or information without checking the copywright.

                • lprent

                  You do not know what you are talking about. You aren’t just basic, you are misinformed.

                  Google will index everything if it can find a link to it unless you explicitly prevent it using specialized web server rules to exclude googlebots or you try to tell google not to index it. The former is more successful than the latter. It will have happily indexed the visible site directories from any site that does site maps – like ummm IP neighborhood for instance. So will every other of the couple of hundred searchbots that float around chewing my CPU.

                  What you are talking about is informing google when updates are made. There is a basic SEO in wordpress, and plugins to get much better controlled ones. They are good at telling google and other search engines when changes are being made.

                  What happened in this case was that someone opened the default index behavior on the site whilst doing some development or upgrade and forgot to close it. That was to put it mildly pretty damn sloppy. The underlying problem was that piles of real information were accessible from the web directories that shouldn’t have been there. They should have been in directories that the public web server cannot access.

                  As an example, I could open the index behavior on this site and you still wouldn’t be able to extract anything useful apart from being able to see the long list of graphics files. Nothing is truly accessible unless you are on the server with the right permissions or you are coming for a couple of specific locations with the right keys.

              • LOLWUT

                lprent are you serious? You haven’t heard of robots.txt and the robots tag? This is how Google works. Everything that is accessible on a web server is assumed to be intended to be public and findable by a Google search, unless you say it isn’t.

                http://www.google.com/support/webmasters/bin/answer.py?hl=en&answer=156449&ctx=cb&src=cb&cbid=hgz3lnt9ew7e&cbrank=3

                “A robots.txt file restricts access to your site by search engine robots that crawl the web. These bots are automated, and before they access pages of a site, they check to see if a robots.txt file exists that prevents them from accessing certain pages. (All respectable robots will respect the directives in a robots.txt file, although some may interpret them differently. However, a robots.txt is not enforceable, and some spammers and other troublemakers may ignore it. For this reason, we recommend password protecting confidential information.)

                You need a robots.txt file only if your site includes content that you don’t want search engines to index. If you want search engines to index everything in your site, you don’t need a robots.txt file (not even an empty one).

                While Google won’t crawl or index the content of pages blocked by robots.txt, we may still index the URLs if we find them on other pages on the web. As a result, the URL of the page and, potentially, other publicly available information such as anchor text in links to the site, or the title from the Open Directory Project (www.dmoz.org), can appear in Google search results.

                In order to use a robots.txt file, you’ll need to have access to the root of your domain (if you’re not sure, check with your web hoster). If you don’t have access to the root of a domain, you can restrict access using the robots meta tag.”

    • Draco T Bastard 32.2

      In this case, Idiot/Savant is wrong.

  32. RobertM 33

    Whale Oil is trying to show how easy it is to access the inner files and emails of political parties, like the Brash emails. But the Labour minor donors and other info he’s got hardly seems of any significance anyway. Assange did obtain significantly damaging info about the marine and army ops in Afghanistan and related violence and possible breaches of military law and that is what Bradley Manning is being tried for. However the later revelations from minor state dept correspondence was insignificant as Hillary said and far less significant that what defence, CIA, the US forces or any US intelligence or defence intelligence agency would have said. Assange built his protective systems with multiple false bottoms but failed to grasp that the US would have similar as much more covert levels of penetrability. Ultimately Assange was naive in not grasping that Sweden has really been the United States most important and heavily armed defence and intelligence partner and its neutrality was nothing more than low level cover for deep alighnment

  33. I’ve watched the youtube of how it was done. My comment about ‘Town Without Pity’ applies in spadefuls.

    I realise that for some people who are technologically savvy, this might look like the kind of thing someone browsing the internet does all the time. For the vast majority of the New Zealand public (like me), however, – who don’t know about such sites as ‘My neighbours IP’ (or whatever it’s called), google indexing, let alone the arcane names (Path directories?) of the files Whaleoil was sorting through to come across his ‘goldmine for political gain’ –  it looks like an extraordinary amount of effort. That is, it looks like bad faith snooping.

    That he then says he’ll publish names of people accessed in this devious way (and I couldn’t care less about what techy-types think amounts to making something ‘public’ on the web – it’s not ‘public’ to the vast majority of us normal users of the web) is simply dishonourable in my book. It’s mud-raking and it stinks. Incompetence I can forgive. Bad faith I can’t.

    On this one, I’m more than happy to sound outraged. (That’s not my usual tendency but maybe the quakes have finally got to me.)

    • Pascal's bookie 34.1

      I agree, none of the gobbledegook explains why the only people known to have found this supposedly wide open information left lying on the front lawn/parkbench/scattered-all-over-the-street are the National party and WO who went out of their way to snoop around and take pictures of what they knew were private details.

      Remember when Key used to talk about how he hated nasty politics? What a bullshit artist.

      • Puddleglum 34.1.1

        Yeah, I imagine Key will make some predictable comment like “Well, all of this is something for the Labour Party to deal with. It’s got nothing to do with National, though I think it does raise questions about Labour’s credibility.”

        In other words, he will be singing from the same songbook as Whaleoil while trying to claim it has nothing to do with him and that it’s not his style of politics …

        • Pascal's bookie 34.1.1.1

          Close, National have admitted taking a look at the site, and say they may have ‘retained info’, won’t say they’ll delete it if they have, and claim it was just a ‘staffer’ checking to see if their own security was compromised.

          John Key claims to have been totally out of the loop, didn’t know nuffink, even though the party pres said everyone was chattering about it.

          http://www.nbr.co.nz/article/national-admits-labour-data-breach-denies-passing-names-whaleoil-ck-95242

          • Puddleglum 34.1.1.1.1

            Thanks, P’s B. An interesting article.

            From your link it’s also Peter Goodfellow (National Party President who John Key defended to ensure his re-election??) who gets to say 

            “I would be very embarrassed if that was us.”

            and raise the ‘credibility’ issue about Labour.

            But, the NBR seems to think National may now be in the same unenviable position as Slater, while Key tries to keep himself – rather than National in toto – aloof. The story might be getting a bit out of hand for National.

      • SHG 34.1.2

        You kidding? Google indexed it.

        • wtl 34.1.2.1

          Yes, you keep repeating this. Its getting a bit boring. But I can’t find any evidence that Google indexed the donor database. Unless you can get to that page directly from Google, it would mean that it is unlikely one could inadvertently access the database.

          • Colonial Viper 34.1.2.1.1

            And of course, Whaleoil did not inadvertently access anything; he conducted a systematic search for system vulnerabilities and exploited them when he came across them.

        • Pascal's bookie 34.1.2.2

          This may caome as a shock to you, but Mr Gazoogle isn’t actually a people.

    • RedLogix 34.2

      Incompetence I can forgive. Bad faith I can’t.

      Agreed totally. We can make all the analogies we like, but what it boils down to is Slater has given Labour a kick in the nuts, not because he can articulate any higher purpose for what he’s doing, not because he thinks any good might come of it… but just because he could.

      Which is where his attempt to draw an equivalence between himself and wikileaks falls totally apart.

  34. jackal 35

    Whaleoil explains his version of how the files were accessed:

    http://www.scoop.co.nz/stories/HL1106/S00062/video-released-of-how-labours-database-was-accessed.htm

    The question now is one of sabotage/hack from another computer to allow such access? Please note that links are not coloured as would be expected if you were searching through the directory. Either Whaleoil has removed his history from the computer used or he initially used a different computer or was instructed on exactly what to look for. Take your pic.

  35. lprent 36

    That I am unsure about. It depends on what he uses it for.

    For instance by his own admission, he may currently hold information about me – in particular I realized he may have my very private phone numbers. I gave authorization to the NZLP to use it. I have not given it to Cameron Slater. If he uses it for anything the purpose for which it is intended, then he will require my authorization.

    Basically if he does use or make them public then I will lay a series of complaints against him. If I find prank or threatening calls on my phones then I will lay a complaint against him as being the most probable person to have released those numbers.

    So your idea is frankly idealistic bullshit.

    • Berend de Boer 36.1

      lprent, everyone on the web has your private phone number. The door was WIDE open. Every bot, every spider, everyone could just walk straight in.

      But it’s all the National Party’s fault for not telling Labour about it.

      Well, if you want the National Party to warn you in advance, here’s the next warning: you’re not fit to run the country.

      • lprent 36.1.1

        Let me give you a basic understanding of the difference between techs and managers. The latter don’t really understand the systems that their organizations rest on. They are there to deal with people and structure rather than the continuous learning cycle of tech environments. If you are very lucky, techs will have managers around that have enough language to vaguely understand what they are talking about.

        Politicians are even more people orientated than managers. Running a country has absolutely nothing to do with tech systems, it is mostly about dealing with people. They don’t even really have to deal with managerial issues. That is what the public service does. They do network at tech levels of detail.

        I don’t expect politicians or political party people to be particularly technically inclined. It has very little to do with their ability to run a country. Only an illiterate in running organizations could think that it does. I know that describes Cameron. Looks like you as well.

        How do I know this? I’ve been a manager in my first career (hell I even have a otago MBA). I have been a tech (mostly a programmer) for the last 20 years because I found that far more enjoyable. I have been dealing with politicians for more than 20 years as a volunteer – mostly doing tech issues.

        • Berend de Boer 36.1.1.1

          lprent, is your claim that Labour’s managers are not competent enough to find competent people?

          “It was one of the flunkies who did it, not me!!!”

          Do you understand how pathetic that sounds?

          Where does the buck stop in the Labour party? It probably never rises from the floor right?

          • lprent 36.1.1.1.1

            I have seen the same kinds of holes in systems of companies here ranging from very small to quite large. Some have been tech based, some marketing, some production.

            The Labour Party is a just a small organization. Like most organisations of that type they don’t employ hard level tech’s, they contact them in.

            What does that have to do with anything that I said? Do you prefer not to deal with any real issues? Is it a lack of ability to understand them?

            Ummm looking at your comments, I would say that you’re an idiot ACToid. That makes you pointless to argue with because the breed tends towards being uninterested in listening, and more interested in preening their own ego. You are showing the characteristic signs of just such a peacock.

      • MrSmith 36.1.2

        Berend de Boer: If all the politicians where abducted by aliens tomorrow the country wouldn’t come to a grinding halt, because the Politicians don’t run the country, the public servants run the country , and this point especially applies to the lazy lot we have in at the moment.
         
        I see you and a lot of the other sheep have started chanting Nationals slogans and sound bites, can’t you lot think for your-selfs or is it you just feel safer in a gang blindly following a leader.

        • Berend de Boer 36.1.2.1

          MrSmith: public servants run the country

          Ah right. OK boys, let’s all stop working, public servants run this country anyway.

          But in some sense you’re right obviously. It doesn’t matter who runs the country. Labour/National, policies barely change, except that National borrows to run the country, and Labour managed to do without.

          I think you’re severely mistaken that I’m a National Party voter.

          • MrSmith 36.1.2.1.1

            Ok I should have said run the Government and the public services. But It’s the insinuation that just because someone messed up, Labour then aren’t fit to run the country, Nacts have been spinning this line for a while and they have been getting some traction, but a Government isn’t just one person, storm in a tea cup.

    • DavidW 36.2

      To quote a phrase Mr Prent MBA “diddums”

      I’m sure that the CIA, DHS, SIS, NSA and Uncle Cobbley and all and all have your “very private phone numbers” now and your calls are being monitored as we speak.

      Time for some new phone numbers I think.

      And it was all that nasty National Party’s doing.

  36. Jum 37

    “Lanthanide 31.2.1.2.1.2
    13 June 2011 at 8:23 pm “The closest we have come to real dictatorship ever?” That would be Jerry Brownlee and CERRA/CERA, actually.”

    Speaking of Brownlee and CERA – Does anyone know about this re its accuracy etc?
    as follows:

    ‘ Hotel Grand Chancellor is a story that needs to be told. Maybe a book someday! It was finally announced on Wednesday but it is the story behind the delay that is interesting.
    This story also applies to the rebuilding and repair of Christchurch which Fletcher Building are overseeing..
    The tender was to RCP (project managers for council) but was passed over to CERA once they arrived.
    CERA is staffed entirely by Fletchers employees.
    CERA delayed the announcement for a month to enable Fletchers to study the other tenderers info & submit a late bid. The day it was submitted CERA awarded them the tender.
    Fletchers price was 3 million higher than anyone else’s!
    Fletchers have no intention of doing the demolition, taking the risk, or putting up the bond to cover the risk. They are just appointing themselves as project managers to clip the ticket & then getting the original tender winners to do the work.
    How did they get away with it?
    Do a companies search on Fletchers. (No – don’t bother we’ve done it for you below).
    They just got bought by the Reserve bank!
    RBNZ owns 275 million Fletcher shares while Hugh Fletcher now only has 5000. Its a SOE. A Govt department!!
    They bought themselves an income stream. They direct all the profits from the recovery straight into their own pockets instead of allowing the people of ChCh to make a bit each to help them recover.
    You have to admit it is clever!!
    But how on earth did they keep it out of the media?: NZ’s largest Co gets bought by Govt & it doesnt make even the tiniest news report? Really???
    Something is rotten in the state of Denmark! (or in this case Canterbury!)
    Meanwhile still no start to the demo & recovery after 3 months.
    The books get fiddled while ChCh burns!
    This is doing the rounds and will help you understand what a monstrous fraud is being perpetrated here:
    Subject: The books are being Fiddled while Christchurch’s future Burns!

    Subject: FW: What is going on in Christchurch….. The real story

    Here are a few questions for you to think about (oh, I’ll make it easy: I
    will give you the answers as well)

    Q. Who appointed RCP (Resource Coordination Partnership Ltd) as Project Managers for the management of ‘critical buildings’ following the February
    22nd earthquake?

    A . Christchurch City Council under instructions of the NZ Government

    Q . Who appointed CERA?

    A . NZ Government.

    Q . Who appointed Fletcher Building to manage the demolition works and then, reconstruction works?

    A . NZ Government firstly, then CERA
    Q . Who is the main single shareholder of Fletcher Building?

    A .. NZ Government. if in doubt check below:
    Who is NZ Central securities Depository Ltd?

    Q . Who called for the tenders for the demolition of the Grand Chancellor?

    A . RCP

    Q .. Who is to be the Principle to the demolition Contract (i.e. the
    Payer)

    A . The Crown (NZ Government).

    Q .. Who assessed the Tenders for the Demolition of the Grand Chancellor?

    A . RCP

    Q . Who has been awarded the Grand Chancellor job (at whatever price and/
    or conditions)?

    A . Fletcher Building

    Q . Who will make the profits?

    A . Fletcher Building (and it’s Shareholders)

    Q . Who is the main shareholder of Fletcher Building? (I know, I already asked this one, but it could be a trick question)

    A . NZ Government as the Reserve Bank of New Zealand(no trick question, sorry)

    Q . Who has been blind-sided?

    A . Everyone involved in the (supposed) tender process firstly, but more importantly, the people of Christchurch and New Zealand who thought that they lived in a first-world economy.

    Q . What are the ramifications?

    A . Immediate loss of confidence by all independent Consultants and Contractors in the tender process if CERA, RCP or Fletcher Building are involved jointly or singularly in a government sanctioned role, for fear of a continued potential for a monopoly and huge profiteering there from.

    Q . Who are the winners?

    A . Fletcher Building and the NZ Government, along with the other Financial institutions that form the majority shareholders in Fletcher Building.

    Q. Who are the losers?

    A . The property owners, their tenants, clients and customers, along with everyone in New Zealand who believes in a ‘level playing field’, all the people of Christchurch, and all the people of New Zealand that have supported, volunteered their time and/or donated their hard earned, tax-paid monies to the recovery following the devastating events of February 22nd.

    Q .. What should I do?

    A . If you care about living in a democratic, free market and transparent economy, please send this on to everyone in your email address book who needs to know what is happening.
    As New Zealanders, exposure of this rort is our best protection. ‘

Links to post