Written By:
notices and features - Date published:
12:30 pm, May 4th, 2015 - 120 comments
Categories: Dirty Politics, journalism -
Tags: #dirtypolitics, ben rachinger, dirty politics
For the background please read the first post in this series: Rachinger on dirty politics.
Demonstrating yet again the vital role of independent media, Scoop has taken up the story: “I Am Rawshark” – Ben Rachinger’s Sequel To “Dirty Politcs”. Thompson writes:
Arguably therefore this is an exceptionally fine piece of undercover investigative journalism into a matter of national significance.
[spelling corrected]
Ben’s story is unfolding here, the Scoop piece is a good summary.
The current rise of populism challenges the way we think about people’s relationship to the economy.We seem to be entering an era of populism, in which leadership in a democracy is based on preferences of the population which do not seem entirely rational nor serving their longer interests. ...
The server will be getting hardware changes this evening starting at 10pm NZDT.
The site will be off line for some hours.
Intrigue. Suspicion. Suspense. But with serious possible outcomes.
Fascinating…..thanks for the reference in the earlier post to Lauda Finem, I didn’t know about that site before.
Where is this heading?
Some more links of interest,
https://ellipsister.wordpress.com/2015/05/03/the-follow-up-the-rachinger-posts/
https://twitter.com/conspiracism/status/595043544252854274
Great to see Thompson writing thoughtfully about the credibility issues and coming down on BR’s side. Also good to see him putting BR’s style and approach in the context of his generation, that strikes me as a crucial understanding, esp once the MSM get on board.
thanks weka, “BR’s style and approach in the context of his generation”,
Looks like Slater is back running Eades attack pieces on his blog.
Either Slater wasnt out pig/duck shooting with his collaborator Lusk this weekend or he was home writing up stories to attack labour.
A site photo this afternoon has him with a gun. A comment on the link: https://ellipsister.wordpress.com/2015/05/03/the-follow-up-the-rachinger-posts/ has comments about a gun and having a gun licence.
Whenever some person takes a gun and wipes out others, often in the USA, authorities look at their internet and social media postings and say “How come this person was allowed to have a gun?” It is too late to ask the question at that stage.
Our journalists do not do serious investigations. Most of them seem to be lazy, inefficient, or beholden to the RW powers in the government.
Just imagine if this sort of scandalous and serious story had come into the possession of some quality journalists in USA, France or UK!
What a train wreck this Slater fellow really is. He was complicit in a successful attempt to “break into” the Labour Party’s computer and steal information relating to membership. Then he discovered someone “broke into” his own computer and stole incriminating emails. So he laid a complaint with the police and within a week or so one of our best investigative journalists has his home raided by police. And while all of that is happening, he’s plotting to have The Standard blogsite broken into…
The mind boggles!!!
“What a train wreck this Slater fellow really is.”
What a train wreck the whole bloody lot of them are – there’s even a Hooton in the mix. All those trite, hackneyed old sayings spring to mind (like “lay down with dogs, get up with fleas”).
(The guy has a fascination with bloody firearms as well FFS!!! as do some of his cohorts!)
One can understand why they’ve opted for the only option they’ve chosen (TINA) which is to keep trying to kick the can down the road a little further, but it seems to me they’re running out of road. Maybe THAT’s why Steven Joyce wants to build a few holiday highways.
How much easier life is when there’s just a teensie weensie miniscule bit of honesty in the mix, sprinkled with a smattering of principle.
I hope Tex Paeha isn’t going to have to pick up The Oil Slick’s medical bills – or any of ’em for that matter. They’ll be having to open up Kimberly Residential care when that kicked down the road ‘can’ comes to rest.
He was complicit in a successful attempt to “break into” the Labour Party’s computer and steal information relating to membership.
Now now, let’s not rewrite history. Private documents were put on a public-facing server and members of the public, including Slater, downloaded them.
Yep. They were private documents. Yes, it was clear that they were not intended to be accessed and used. Like a wallet found dropped on the street, did Slater attempt to contact the owner and return it, or did Slater simply open the wallet up and start rifling through the contents – well, we all know don’t we.
“Private documents were put on a public-facing server and members of the public, including Slater, downloaded them.”
This implies they were accessible to the general public, which they weren’t. It also implies that Slater was Joe Bloggs public and he wasn’t. He was working for the DP crew.
This implies they were accessible to the general public, which they weren’t.
Of course they were, all you needed was this amazing obscure hacking tool called “Google”. All you had to to was go to Google and say “show me all the files at labour.org.nz that are marked as viewable by the public and which contain the word ‘membership'” Boom, Google would spit them all out. You didn’t even need to download anything from the Labour server, you could just say “Google give me the version you’ve got cached”.
It was even more fun if you searched for the word “password”. Internal SQL server configs really shouldn’t be backed up to public webservers.
“All you had to to was go to Google and say “show me all the files at labour.org.nz that are marked as viewable by the public and which contain the word ‘membership’” Boom, Google would spit them all out. “
Who would do that?
Sounds like someone’s come up with a bunch of reverse engineered, parallel constructed search terms.
Anyway, it’s nothing like what Slater said when he pretended it was him what did it.
Who would do that?
Curious members of the public.
..who had been alerted by Slater.
Isn’t that how you found out about it? Or are you saying you just independently stumbled across the same information by coincidence?
“All you had to to was go to Google and say “show me all the files at labour.org.nz that are marked as viewable by the public and which contain the word ‘membership’” Boom, Google would spit them all out.”
Are you being literal there? Because unless you are, the general public won’t know what you are talking about.
“You didn’t even need to download anything from the Labour server, you could just say “Google give me the version you’ve got cached”.
Most people don’t know how to access google cache.
“Internal SQL server configs really shouldn’t be backed up to public webservers.”
Yeah and IME most people that would write that overestimate the geek skill level of the general public.
Even if he was being literal, it wouldn’t have worked according to what Slater describes in the video above.
He had to search through the files of a web address that no-one could have known existed unless they were snooping around the ip address of one of Labour’s other web addresses.
Yes it was insecure, and no Labour shouldn’t have left it like that, but the analogy of leaving your door unlocked and getting burgled is exactly appropriate.
Thanks, that’s what I thought, you had to know what and where to look for, it wasn’t as simple as googling ‘Labour credit card details’, and most people would have no idea. Which of course points to how and why Slater knew.
They had to know where to look – which wasn’t that hard but really required a bit of accident.
However cracking into the database that the credit card details were held was a quite deliberate act that was both criminal and morally repugnant. Anyone who was made privy to that information was also criminal.
The NZLP should have laid a complaint and pursued both Cameron Slater and his associates with the upmost vigour. It is something that they should be doing now with the additional information that came out of the rawshark information.
@lprent
I wish Labour would, I do not understand why they are not like a dog with a bone and pursuing Slater and Co.
If Slater was a decent guy, he would have alerted Labour about their insecure website. He didn’t. Instead, in that video he publicised the private information of people (email addresses, credit card information etc). He had absolutely no permission or the right to do that.
So, what I want to know is why did Labour or the police or the courts or the privacy commissioner not take any action against Slater?
If they did, do you know what happened and if not, why not? I am curious to know.
If Slater was a decent guy
Seems to me that’s a pretty big IF.
So, what I want to know is why did Labour or the police or the courts or the privacy commissioner not take any action against Slater?
IANAL but I guess that the Labour Party would be the defendant for not securing personal information that had been entrusted to it.
Yes, I would like to know the answers to those questions too.
SHG @ 7.2
Piffle!!
They unlawfully entered the site with a view to stealing, in the same way that criminals (which is what Slater and co. are) unlawfully enter someone’s home with a view to stealing…
The only reason Labour didn’t lay a complaint with the police at the time…I think it was because of the close proximity to a General Election.
Apparently if you leave your door unlocked it’s not really stealing 🙄
On that basis, that means anyone can go inside… steal everything and burn the house down and they can’t be prosecuted.
Who said they left the door unlocked anyway? Slater’s mob? Now the lock might not have been impregnable but there was a lock alright and Jason Ede broke it and entered.
Yep it is such a stupid insulting thing to argue and speaks volumes about the moral beliefs of the right.
stealing
You misspelled “infringing copyright”.
Nope, it’s nothing to do with copyright.
The phrase you’re looking for is “illegally accessing private information.”
Slater – well, lots of people – accessed private information that had accidentally been made public.
Like who? Apart from Ede/Slater and the rest of John Key’s gang of thugs.
Well considering the server’s contents were copied and indexed by Google, I’m guessing lots of people had a look. I certainly did. “Show me all the files that contain the word ‘password'” was pretty hilarious-slash-tragic.
The fact that days previously Clare Curran had been asking on Twitter if anyone knew how to set up Drupal was just icing on the comedy gold cake.
What you just woke up one day and decided to have a nosy around the ip address of Labour’s website to see if there was anything out of place?
I don’t believe you.
this ^^^^^
someone is bragging post event to make the event seem innocuous
s252 of the Crimes Act 1961:
Given that you’ve said you know it was “made public” accidentally, did you reasonably think that you were given access to the computer so that you could search for password files? Or were you even just a teensy bit “reckless” as to whether you’d been granted access for that purpose?
If you really wanted to win the argument, you’d go into a police station, ask for someone experienced in computer crimes, and then provide them proof of what you’ve claimed here that you’ve done. And dare them to charge you.
Don’t be silly, the only crime on the internet is copyright infringement as explained by SHG above.
So SHG wouldn’t steal a purse or a car, but SHG would burn a DVD?
Fuck, if Labour won’t press charges over their website, maybe SHG will be done by the MPAA. They’re quire diligent about such things…
Not sure what you mean by “steal” a car. Apparently if it’s unlocked, it’s anyone’s car according to SHG.
” accessed private information that had accidentally been made public.”
It’s still private information, SHG.
If you leave your door unlocked, the private files in your desk draw don’t suddenly become public information.
The best analogy for what you or Cam or Jason did is that you saw an unlocked door that you know should be locked, entered the house, rummaged through the desk, photocopied any interesting papers to take with you, had a squizz through the family photo albums, and a quick rummage in the knicker drawer.
Oh yeah, and then publish what you found.
So yeah, I can see why you didn’t like me comparing you to a common thief. You’re soooooo much classier than that.
If you leave your door unlocked, the private files in your desk draw don’t suddenly become public information.
OK, let’s run with that analogy.
What if you had hired a butler and mistakenly instructed him to give an itemised inventory of every item in your house to anyone who knocked on the door?
And what if you had accidentally instructed your butler to duplicate any item in your house upon request and hand it to anyone who asked?
And what if one of the visitors to your front door had been a researcher from HOUSE CONTENTS LISTS AND COPIES INC who then had an interaction with your butler like this:
*knock knock*
Butler: “Hello, welcome to Labourwebsite House, how can I help you?
Researcher: “Hi, I’m Mr Google from House Contents Lists and Copies Inc, can you give me a list of every item in this house? Of course you can exclude any items that you wish to remain private.”
Butler: “No sir, my instructions are clear, they say to hand the index of house contents over in its entirety upon request. And here it is.”
Researcher: “Hey, thanks. Just in case anyone asks us what’s in your house we’d be able to reply more quickly if we had a local copy of your house at our end, so could you please send me an exact duplicate of every item on this list to put in our warehouse? Of course you can exclude any items that you wish to remain private.”
Butler: “No sir, my instructions are clear, they say to provide a duplicate of every item upon request. And here they are.”
Researcher: “Cheers!”
If I then ring up House Contents Lists and Copies Inc and say “hey dudes, have you got Labourwebsite House in your database?” and they say “yep” and I say “do any of the objects in that house contain things that look like passwords or lists of names or credit card numbers?” and they say “yep” and I say “can you send me copies of all those things please” and they say “yep, so long as you look at these advertisements” and I do so… well, that’s not stealing is it?
Put another way, the person who needs to own this fuckup is not me, not the helpful Mr Google at House Contents Lists and Copies Inc, not the helpful butler (he was only doing what he was hired to do and given clear instructions to do); the person who hired the helpful butler and gave him totally inappropriate instructions is at fault.
In your analogy, “the Butler” is the role your ethics would have played.
So your objection is that Slater shouldn’t have taken advantage of this mistake because doing so was mean?
It was a crime under several parts of the Crimes Act. He could do it if he chose.
The only real issue was that the NZLP didn’t lay a complaint and get him banged up in prison.
Or even better if they haven’t done so already, they should lay or repeat the complaint now. Post Dirty Politics it is quite clear the crime was quite intentional, premeditated, and involved considerable effort and expense (ie hiring someone to crack open an encrypted database).
If you’re talking about the donors database, IIRC a backup of sql.conf containing hostname, username, and password was sitting there in one of the public web directories. You could google it.
My objection is that your feeble attempt to excuse criminality is feeble.
(felix; You’re still not being very clear. Why is that?)
cause shg is slater or his dp bitch; easy 2 see
Is starting to look that way alpha z.
SHG, your analogy is pure fantasy.
You didn’t find the files in question by searching google. You watched Slater’s video and went to the addresses he listed.
And Slater (according to his video) didn’t find anything by searching google. He just snooped around the labour ip.
So all your analogy shows is that Labour’s security was shit. Which we know. It doesn’t alter anything you or Slater did.
I’m not entirely unsympathetic to your criminal urges though. I was in a similar situation not so long ago.
I watched Slater’s video some weeks after everything hit the fan, but I wasn’t that interested. I honestly can’t remember what led me to check out the site; for some reason twitter comes to mind. Of course when looking at a new site that I’ve been told will make me facepalm myself to death, the first thing I do is go to google and type “site:domainname” to see what google thinks of it.
So just to be clear, you’re saying that without knowing about Slater’s adventures, you, independently and of your own volition, stumbled across the exact same directories as Slater did because you were curious enough to perform a google search for all the public files on a Labour Party server.
And you did this weeks before you heard that anyone else had?
Sorry SHG, it’s just not a very good story.
The first record I have of laughing about this with someone is a couple of days after the date of Slater’s video. But I didn’t watch his video until weeks after that.
You’re still not being very clear. Why is that?
Did you visit the server in question on your own initiative or was it as a result of Slater having already done it?
This is not a difficult question, SHG, either you heard about it because Slater/Ede had already been in there and you simply followed suit, or you happened across the exact same information entirely by coincidence around the exact same time.
Or they heard about it from a third party.
If I recall correctly something like the entire web services community of Australasia was laughing, crying, and/or cringing about this episode for a couple of days before it hit the mainstream media. It’s possible that Slater was patient zero, but as I said I didn’t see his video until weeks after he posted it.
Sounds like complete bullshit to me. I usually get told about those pretty fast.
But hey, these are digital people who both gossip and who tell people about holes when they hear about them. Find a verifiable link and post it. I will ask the system operators to check it for me, and check the backup systems. In which case I think that you have the professional morals of a rabid weasel.
Otherwise I’d just call you a bullshit artist, a contemptible liar, and a blowhard idiot. And ban you permanently…..
Yes weka that’s probably the truth, but SHG has been saying that anyone could have just googled for the information and found it, and implying that s/he did exactly that.
I don’t think SHG did that, so I’m trying to get a clear statement either way.
So far, nothing.
I agree. They’ve been asked multiple times to clarify and have instead repeatedly obfuscated. Wonder why.
I’m trying to get a clear statement either way.
So far, nothing.
Well obviously, I need to get clearance from my handlers at Crosby Textor before I give too much away.
Still no answer, SHG? I’ll try again.
Did you go and have a look because someone told you there was something to look at, or did you just happen to find exactly the same information by googling a domain you were coincidentally curious about?
ps hey weka, the other possibility is that SHG is Jason Ede but we’re not allowed to make that sort of speculation here.
Here’s what my handlers at Crosby Textor have told me I should say.
Some time around the twelfth or early thirteenth of June 2011 I received a message by means I am not at liberty to disclose*. The message was something like
OMFG check out this pile of fail
healthyhomeshealthykiwis.org.nz
grab popcorn
It was something like that, pretty short, which means it could have been a twitter DM, or a text message. Or a post in a web admins forum. Something like that **
So I visited the site in a browser, checked whether it was indexed in Google, had Google show the first page of everything it knew was at the site, and looked a bunch of stuff like the site’s DNS configuration, where the site was hosted, who had registered the domain and when, when the site first appeared to have shown up on the Internet. Functionally similar to the things that Slater posted in his video, although using different tools. I have all that stuff pretty automated. And upon seeing how the site had been misconfigured and what sort of info was being published to the world I laughed and laughed and remembered my early mistakes as a web admin and then cried and thought of the poor guy who had fucked this up so bad.
The first correspondence I have FROM myself to anyone else about this clusterfuck is June 13, and I can see myself joining an already-extant discussion about it on another web forum on June 14. The first post about it here at the Standard was on the 12th from what I can see.
(How’s this for funny: one of the posts I’ve found from myself is one saying “oh jesus, click this link to download the internal SQL server config” on the 14th, which suggests the story had already been on The Standard for two days but no-one had yet told the Labour web admin)
Then I was busy for a while on other stuff and didn’t really think about this for a week or so, and then after it had all hit the MSM I saw Slater had posted a video dated June 10, so it was obviously all over the Interwebs for days before I became aware of it.
You know what I think happened?
Someone saw Clare Curran asking for help with “Droopol” on twitter
https://twitter.com/clarecurranmp/status/67917487261495296
and thought “Curran’s doing something on the web and will fuck it up because Clare Curran, so let’s dig around and see what her pet projects are right now, and in general if Labour is about to launch any new website or if it has registered any domains recently”.
But I WOULD say that wouldn’t I.
* can’t remember
** see above
[lprent: Dirty Politics pretty well set the timeline for Cameron Slater and Jason Ede accessing the Labour party website in early May 2011 (exactly when I don’t know – don’t have the book in front of me).
By the 12th, the information had gone through the hands of people like a unnamed National party tech, been seen seen by many National party MPs, a encrypted database had been opened someone, and who knows who else had profited from the receipt after the fact of the proceeds of a crime. All of those people are potentially chargeable under various sections under the Crimes act.
The information was released on to the local web by Cameron Slater on the 12th of June as he started publishing information from the unauthorized access of the site. It was initially sent out to friends, fellow travellers, and confidants on the 12th (probably including you) and spread from there. On the 12th, I got the first word of it myself from side channels and passed it to the NZLP.
In other words, your whole story about it being known a long time before Cameron Slater released the information looks like it is completely invented. Which is the point that many here have been making to you.
Basically you appear to be a bullshitting weasel ]
Thank you, at last.
Someone told you you should go check out a domain that you had never heard of.
So all your protestations about how you could have just accidentally googled it is entirely hypothetical and has nothing to do with what you actually did.
Why couldn’t you have just said that all along?
Quoth lprent
your whole story about it being known a long time before Cameron Slater released the information looks like it is completely invented
I never said any such thing. I said that I had been engaged in discussions about the Labour’s accidental publication of private info for weeks before I saw Slater’s video. Posters to this discussion have assumed that what I was saying was
– Slater told me about the website fuckup, and
– I watched his video as soon as he uploaded it
It’s just that neither of those things are true.
Nope. I’ve been saying that if Slater and Ede hadn’t exploited the situation AND spread the word about it, you never would have known.
That’s the bit you’ve been trying to weasel around.
You didn’t just stumble across the directory independent of Slater and Ede’s actions.
Yep Felix, and the whole ‘it was visible to anyone on the net’ has just been proven to be crap
Take a simple free online tool like
http://www.yougetsignal.com/tools/web-sites-on-web-server/
Add the domain name of your choosing. Let’s say, “nzherald.co.nz”. That free simple tool will then say “the server on which nzherald.co.nz resides also hosts the following domains:
nzherald.co.nz
share.apn.co.nz
totalcommerical.com
nieonline.co.nz”
You can click on them and see if they’re functioning websites.
I had no idea that the site totalcommerical.com existed until just now. I had never heard of it. But it’s online and publicly accessible. And imagine that it had been (a) set up wrong and was publishing a bunch of files that (b) should never have come anywhere near that server but, for some reason, had been put there.
So – and again this is just conjecture – I wonder if someone saw Clare Curran doing her “mememememe” schtick on twitter and thought “hmm, Clare Curran is asking for help with a website content management system, and Clare Curran is the absolute last person who should be entrusted with anything to do with technology, so let’s see if any new sites pop up on the Labour web server, I’ll just use one of these free online tools, and ooh there’s a new domain name, I’ll click on it and see what HOLY FUCKING SHIT NOBODY IS THAT STUPID”.
And that’s how something can be both unpublicised and “visible to anyone on the net” at the same time.
SHG, it’s too late. You already admitted above that you went to a directory that someone told you about.
You didn’t just happen across it by randomly looking up server IPs, and you’re not wowing anyone with secret interweb wisdom.
No-one has been in any doubt about the state of the directory. It should never have been left open.
And Slater/Ede should never have a) exploited that mistake or b) spread the word to people like you instead of reporting it to the owner.
weka is quite right, it was never “visible to anyone on the net” it was visible to people going out of their way to look for it.
The bit you’re having trouble with, I think, is responsibility for actions.
Just to make it really really clear, SHG, even in your fantasy the important bit is what happens after this:
One way to finish that story is “I’d better warn them about it”.
The other way is, well, what you’re trying to justify.
SHG, it’s too late. You already admitted above that you went to a directory that someone told you about.
Well… yeah? I was just explaining to weka how something could be simultaneously unpublicised and “open to anyone on the net”. Anyone on the entire Internet who chose to could look up what websites lived on the Labour server and then browse through them, and then see the one that had been set up to be wide open and to (inexplicably) contain backups of very sensitive files.
Except that most people would have no idea what that tool was. Assuming your tech instructions are right, In order for the private info on the Labour site to have been visible, the public would have had to have known such a tool existed and how to use it, which they didn’t. The only people it was visible to were people with certain tech skills.
Plus what felix is saying.
This conversation is well past stupid.
The only people it was visible to were people with certain tech skills
Or people who could google for
how to find other sites on a web server
https://www.google.com.au/search?q=how+to+find+other+sites+on+a+web+server
…like I did just now.
But they would have to know a number of things in order to do that, and most people don’t have that knowledge.
I’m not sure if you are being obtuse, or really don’t get it, but thanks anyway because you have in fact proved fairly conclusively both my and felix’s points.
I can probably access any house in my street using nothing more than the wide array of tools in my basement and years of experience with doors and windows.
Therefore so could anyone else, and there’s nothing wrong with it.
Pure idiocy SHG.
There was nothing “had accidentally been made public” about it. It was deliberate, criminal hacking and theft of private information by Ede and Slater.
There was nothing “had accidentally been made public” about it. It was deliberate, criminal hacking and theft
If you tell yourself that as hard as you can and click your heels together three times it might actually turn true.
or, you know, not.
Some fascinating insights into the technical aspects of the episode there SGH.
So, for the benefit of an IT illiterate like myself, can you describe in similar terms the process that Rawshark employed to gain access to Slater’s emails?
I can.
Slater’s emails were openly visible to anyone who cared to hack his server, which anyone could have done if they had the necessary tools and skillset, and anyone else could have just paid someone to do it.
Also he used gmail accounts which as everyone knows are indexed by google.
He was clearly asking for it.
So, for the benefit of an IT illiterate like myself, can you describe in similar terms the process that Rawshark employed to gain access to Slater’s emails?
Imagine a vending machine that advertised cans of coke for $2. Imagine now that the switch behind the coin slot was flaky in such a way that when you inserted a $2 coin AND a 5c coin the vending machine – expecting a nice round $2 – freaked out and promptly opened the entire front panel, exposing every can.
At a guess I suspect that someone exploited a bit of code that connected Slater’s blog to say, his Facebook page, in a similar way, and when a bit of unexpected data was passed to it in a very particular way his website freaked out and promptly “opened the front panel”. At another guess I’d say that access to the internals of the blog gave access to user account details, including the email address attached to the administrator account, and at another guess maybe the password on the blog account and the gmail account were the same thing. People are lazy with stuff like that.
Or maybe if the blog was completely compromised it was done in such a way that the blog was given a new instruction to silently upload a bit of remote-control code to the next computer that logged into the administrator account, and after that the intruder had access to Slater’s desktop computer, and just recorded the keys pressed the next time Slater logged into his gmail and facebook accounts.
All very hypothetical.
You don’t need anything as complicated as injections as a working theory. Generally accessing php in a web server only gives you access to the web directories and below. All of the published material could be explained by Cameron’s known (and boasted about) habit of squirrelling away dirt, including dirt on his friends, on his hard disks.
From what was accessed a likely (and a lot less complicated) scenario was that he left a unsecured port open somewhere, a port scan found it, and gave rawshark access to a single computer’s drive(s).
Offhand, poorly secured ftp, rdp, netbios, nfs, mysql, and a myriad of other ports would have done it. Because of the amount of travelling that Cam seems to do, it wouldn’t surprise me if he had a pile of those ports accessible from his laptop.
It is likely that he used IMAP or POP3 on his server to access emails from multiple accounts, leaving databases on the disk. It is probable that he logged his online conversations (there are a number of utilities that do that), and if not, then as you say a keylogger can be inserted into most systems if you have access to the OS system folders.
Damn near every system that I have looked at where there is a fool who knows a little has some of those ports open, and they are forever stupidly opening pinhole ports in their switches trying to get something to work.
Thanks for that.
So would the hacking of Slaters data have necessarily required a higher level of intent, knowledge, and effort than the process that obtained the Labour Party info?
Beats me – I have no idea how good he is at protecting his systems. I never bothered to look. That is because unlike Cameron Slater, I am not a career criminal with facing charges in numerous court appearances. Nor do I have his blatant disregard of the laws about accessing other peoples computers. Or his lack of a moral compass.
But based on some of the comments about his systems by Lusk and others in Dirty Politics and people talking about him, it does sound like the answer was that he was pretty damn lousy. That is both technically and as a admin.
But in my opinion, after Slater pissed off rawshark with his comments about the advantages of dead feral members of a West Coast family, it doesn’t seem that great level of skill was required. It is also likely that whatever damage on his systems that took so long to recover from was purely done to make the thefts of data less apparent. I guess that whoever rawshark is was quite aware of Slater’s propensity to be both lazy and sloppy.
It didn’t require any difference in legality if that’s what you mean.
Just as illegally entering an unlocked house is no different to illegally entering a locked one.
I don’t think so Felix.
In legal terms, there are actually quite strong distinctions of culpability made according to the degree of pre-mediation / forethought / planning / level of effort /etc required to achieve an illegal purpose.
The law often prescribes quite detailed and set ranges of differing penalties for the same offence based on these factors.
So taking spontaneous advantage of an unoccupied unlocked house is usually and formally judged at a lessor level of culpability than a calculated and premeditated act of breaking and entering while the occupants are present.
On the same grounds, most insurance companies won’t cover you for burglary if you house wasn’t properly secured….
It requires exactly the same level of intent to enter a locked house as an unlocked one.
The only difference is the difficulty.
So you, like SHG, are arguing that because a door is unlocked, you’re entitled to open it, and because I can open a lock, it’s not burglary.
Also could you please take out the words “while the occupants are present”?
It makes you seem a bit dishonest.
Thanks.
“So taking spontaneous advantage of an unoccupied unlocked house is usually and formally judged at a lessor level of culpability than a calculated and premeditated act of breaking and entering while the occupants are present.”
But still a crime, yes?
And let’s remember the slater on LP crime was more one of wandering around the property and spotting an ajar widow and climbing in. The taking and distributing contents.
@ Felix.
Please note I did not argue that either case was not a crime.
@Tracey.
It seems to me that both cases involved some level of intent and effort, and so were crimes.
I’d be really fucked off if someone intentionally stole data of mine and distributed it publicly, as I’m sure we all would.
So I’d be keen to see both perpetrators put before a court and then hung drawn and quartered if found guilty.
We all agree on that at least?
Nope. That’s barbaric, sicko.
” both perpetrators”
From what I understand, rawshark knew he was breaking the law and was prepared to take the consequences if caught. Slater and co still don’t think they did anything wrong (or at least claim that). Rawshark was doing a public service so I would hope that would be reflected in sentencing. Slater and co were engaged in Dirty Politics with distinct partisan political intent, I hope that would be reflected in sentencing.
The two crimes are not the same.
@Felix. Sorry. I forgot that every single attempt at humour here needs to be flagged. No matter how obvious.
@Weka. Lets hope both cases do get to court so we can see how the Law views these matters.
The lost sheep: So would the hacking of Slaters data have necessarily required a higher level of intent, knowledge, and effort than the process that obtained the Labour Party info?
Yes to all. They’re really not comparable at all.
lprent: You don’t need anything as complicated as injections as a working theory. Generally accessing php in a web server only gives you access to the web directories and below.
True. But remember Slater’s blog is running WordPress, and the first three uncommented lines of wp-config.php are database username, database password, and database host. I can think of two or three WP plugins that give direct phpmyadmin-style access to the SQL, and this isn’t even my area of expertise. Realistically once you have an admin-level login to WP you own the box.
From what was accessed a likely (and a lot less complicated) scenario was that he left a unsecured port open somewhere, a port scan found it, and gave rawshark access to a single computer’s drive(s).
Offhand, poorly secured ftp, rdp, netbios, nfs, mysql, and a myriad of other ports would have done it. Because of the amount of travelling that Cam seems to do, it wouldn’t surprise me if he had a pile of those ports accessible from his laptop.
It is likely that he used IMAP or POP3 on his server to access emails from multiple accounts, leaving databases on the disk.
Slater doesn’t strike me as the self-taught sysadmin type. I doubt he rolled his own server, and even if he had mail on that box (which would be crazy), it wouldn’t have given access to Gmail (the whaleoil.co.nz MX points at Google, so I presume when he says “gmail” he means “Google Apps”). Unless he reused the same password on multiple accounts, which would also be crazy, but everyone’s done it at some point. And remember some of the Rawshark material is Facebook chats, so Slater’s Facebook account credentials had been cracked as well. You think Slater had 2FA enabled?
Tracey: And let’s remember the slater on LP crime was more one of wandering around the property and spotting an ajar widow and climbing in. The taking and distributing contents.
No. I think this is the fundamental error that nontechnical/noncopyrightnerd people have made – and it IS an error – and it’s the number one reason why such people just can’t understand why Slater hasn’t been charged with a crime.
It’s not at all like someone wandering around the property and spotting an ajar window, climbing in, and taking stuff out. That would be breaking and entering and theft.
It’s more like Slater was walking down the road and found a footpath leading to a new section with a new shed, with the door wide open and a big sign reading “come on in, all visitors welcome, everything here presented for your viewing pleasure”. And when Slater walked in he was surprised to see what was on display, and rubbing his hands with glee he pulled out a camera and took photos of everything that he considered interesting, and then left without disturbing or removing anything.
Slater did nothing other than use the permission he’d been given as a member of the public to access a server that had been put online and set up for public access and he saw things that shouldn’t have been there. That’s it. All talk about burglary and windows and opening desks and taking things away is just wishful thinking.
Tracey: Let’s assume accessing it was not illegal, how about publishing or otherwise using information taken thereafter?
I’m not really across what Slater did with the info he discovered. Was it published or used anywhere?
For example, passwords and bank account details. Even if access to the site was legal, not a single owner of the password or bank account gave “you” permission/authority to take their information and do anything with it. Case law is pretty care that bank account details are owned by the account holder, not the repository, so when did they give authority for someone other than the LP to use or distribute their information?
My understanding of the Privacy Act is that it’s up to each individual donor/creditcard holder to request from Slater whatever information he knows about them, and even then he has greater-than-normal protection since he is a “journalist”. Each person whose privacy has been breached appears to me to have quite obvious grounds for action against the Labour Party for not protecting their information.
The “server” is not publicly available
Yes it was.
we are invited only to a shop to access what is visible on the shelves
Everything was on the shelves.
not to go through the back room
There was no back room.
See what you’re doing is presenting inaccurate metaphors chosen for their ability to depict in a nontechnical way what you WANT to have happened, not what did. You know Slater is a Bad Man, so what he did must have been a Bad Thing achieved through Bad Means. So your metaphorical examples contain windows and locks and back rooms and what have you. But your chosen examples are just plain nothing like what happened.
SHG you are showing how you have a modicum of technical understanding and no understanding whatsoever of human or legal considerations.
I am not a lawyer so am not qualified to comment. Mickysavage I would be interested to hear your thoughts, as a lawyer, regarding Graeme Edgeler’s post here:
http://publicaddress.net/system/cafe/speaker-confidential-information-the-legal/?p=319836#post319836
I’m tending to the view that what has been alleged is not a breach of section 252, because of subsection 2. I think we all have authorisation to access the computer system which operates as the server hosting the Labour Party website.
…or a human.
SHG
Let’s assume accessing it was not illegal, how about publishing or otherwise using information taken thereafter?
For example, passwords and bank account details. Even if access to the site was legal, not a single owner of the password or bank account gave “you” permission/authority to take their information and do anything with it. Case law is pretty care that bank account details are owned by the account holder, not the repository, so when did they give authority for someone other than the LP to use or distribute their information?
Citibank v Blompkampf & White HC 1992
Brambles
With respect I disagree with the legal conclusion you quote. The “server” is not publicly available, we are invited only to a shop to access what is visible on the shelves, not to go through the back room and trawl through anything we find there.
Now n this case by error visible has become everything if you know how… So it is not accessible to everyone cos not everyone knows how (despite your elaborate musings above). In any event the contravention either at civil or criminal level, imo, is more clear cut when you examine what was done with what was found there.
SHG interestingly, had you scrolled down, and I suspect you did, you would have seen this response to Graeme’s musings
“Felix Geiringer, 8 months ago
Graeme, I don’t think you are right about s 252(2). You have to go back to s 248(b). A computer system is defined to include any part of a computer system. That means you can commit the offence in s 252(1) in relation to part of a computer system. The question in s 252(2) becomes whether you were authorised to access that part.
I believe that this is the only interpretation that makes any sense. Under the interpretation you set out, for example, anyone with a Google account could hack into anyone else’s Google account with impunity, as long as they were both on the same server.”
I’ve had a few nasty run ins with Ben Rachinger on Twitter; my view is that he is highly intelligent yet also outright emotionally manipulative and driven by careerist motives. No thanks.
+1
But CR, I reckon he’s also going through a period of ‘reflection’ – so hopefully he’s got people supporting him and we’ll all cut him a shitload of slack. Being profoundly deaf explains a lot to me.
It can be a very insular world, and even when growing up, emotional maturity doesn’t necessarily come that easy.
I suspect the manipulation you refer to is the result of his being taken advantage of (by the likes of you know who).
But the thing that amuses me is that just as BR is reflecting on it all, so too are a few of the ‘old school’ Gnats (not that the current bunch would give a fuck).
As Rache once said ….. “It won’t happen overnight, but it WILL happen” (which will also be around the time the sound of squealing pigs will be deafening, and that smirk on Winston’s [and his brother’s, for that matter] face will be as wide as the national party candidate for Northland’s arse butted up against a Sabin on a billboard)
He seems pretty vague on his politics as well.
He knows exactly where his politics lie, but he knows even more about which side of the bread is buttered.
Is there anyone that has ever been better off through an association with Cameron Slater? This is a genuine question. From what I’ve seen it appears that any sort of connection to Cameron eventually leads to disaster. Either through public embarrassment, loss of income, loss of career or social standing and in Ben’s case, possible legal complications.
His hit rate of harming those he is against is mixed, but his hit rate of harming those close to him seems to be about 100%.
[That user name is already emplyed by some-one else…so I added the ‘almost’] – Bill
Disturbing stuff but good on Rachinger for doing the right thing (eventually). Labour must be squeaky clean in its dealings or else it risks being tarred with the same brush.
Must read analysis for anyone following #dirtypolitics, both for its look at the dynamics of disbelief, and for his way of looking at conspiracies relatively neutrally,
http://all-embracing.episto.org/2015/05/04/the-b3nraching3r-allegations-part-one/
I spent a chunk of time today catching up Ben’s tweets. We should be very angry all over again (not at Ben obviously). I’m also noting the huge stress he must be under, and the circumstances he is doing this in (no stable home, income etc, threats to himself and his family).
Felix, in case you haven’t seen this already, the explanation about the extra payments from Slater to Ben (he was being paid for other related work).
https://twitter.com/B3nRaching3r/status/594827835786678272
This also from @gtiso about the range of payment dates,
@B3nRaching3r @LostArcNZ it neatly covers the time between the public birth and death of Freed.
https://twitter.com/gtiso/status/594976083251867649
Thanks weka
[lprent: someone hijacking a email address. Adding to permanent bans. By the look of it some kind of arsehole from Lauda Finem astroturfing a post]
Yeah, yet another load of bollocks from the ‘staff’ at LF. Fascinating stuff. Yawn.
Nasty and targeted.
Interesting and amusing. I guess that they are starting to get worried.
Once you get past the bullshit that our con artists of Onehunga and Mt Roskill like to draw over themselves, the following things stand out.
1. The police are investigating them for breaching suppression orders.
I have news for them. Holding their servers offshore doesn’t mean anything in legal terms, especially when it gets in front of a judge irate about direct breaches of a suppression orders..
2. They don’t understand the powers that interpol has, nor the levels of cooperation that police forces routinely extend to each other.
and
Well nothing else of significance really. The rest of it winds up as Raymond being his usual silly self…
Another farcical denial that Cameron Slater doesn’t write posts for them. His hamfisted style is pretty distinctive. And it is something that is has been in front of a court already and by the sounds of it will probably feature in a civil case eventually heading their way.
I am so glad that our site doesn’t do any of these kinds of stupid games.
Love this. Below a photo of each reads this line:
Straight from the Slater song-book?
They can’t even get their lefts and rights right. Lynn is on the left and Greg is on the right.
pretty sure that Greg is to the left of Lynn ;-p
I would have said so as well.
Haha. Not sure about that …
Funny thing about that post is their claim the Herald had pulled its article about the silly blogger who broke name suppression but then sought name suppression. The article is still up (http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11429608).
Maybe the authors of LF have difficulty with clicking on links …
They can’t reach links cos they are sitting on a very high pile of legal textbooks. That is what you do when you are legal experts. So people know you are legal experts.
Kinda goes a long way to proving who sits behind LF. Especially given their tendency to pronounce themselves as “legal experts”…
I would be more inclined to credit the authors at LF as “legal experts” if they were better at punctuation. Their abuse of the apostrophe is criminal
Not just the apostrophe.