In the Manakau District Court later this morning the trial of Ben Rachinger on fraud charges related to a admitted solicitation attempt to hack this site by Cameron Slater begins. The trial is set down for 5 days. Unfortunately I won’t be there. However there aren’t any court orders to prevent me from expressing my views and advice on the trial.
For those you who haven’t caught up on this interesting and (for me) time consuming farce, I’d recommend reading David Fisher’s “Whale Oil blogger Cameron Slater admits soliciting hack“, Keith Ng’s “The Whaledump Saga: Scooby-Doo Edition“, or just have a look through our Ben Rachinger links.
Essentially, Cameron Slater appears to have been a fool in believing whatever bullshit that fitted his rather strange and very hypocritical view of how the world operates. He paid Ben Rachinger $1000 upfront of an agreed upon price of $5000 for material hacked from my home servers.
Section 249 and/or section 252 of the Crimes Act makes it an offence to access my computers without permission or to gain advantage from it or to cause me loss. That means that if Ben Rachinger had broken into my home servers, he’d have been charged for those crimes – just the same as rawshark would have been if their his identity had been discovered. However after I’d spent some very expensive 1 days writing code to scan logs for any penetrations of my systems. There didn’t appear to be any attempts on the site apart from the routine spambots and various attempts to hijack the site for botnets.
The only actual crime that appears to have been committed was section 311(2) of the Crimes Act which makes it an offence to even try to procure the services of someone to access my systems.
311 Attempt to commit or procure commission of offence
(2) Every one who incites, counsels, or attempts to procure any person to commit any offence, when that offence is not in fact committed, is liable to the same punishment as if he or she had attempted to commit that offence, unless in respect of any such case a punishment is otherwise expressly provided by this Act or by some other enactment.
Rightfully, this was the charge that was placed against Cameron Slater by the police.
However for some inexplicable reason, and despite a number of previous convictions that should have precluded the police from offering it, the police chose to proffer diversion to Cameron Slater without notifying me nor The Standard. The police didn’t tell us when the hearings were taking place. Nor did they even notify us that they hadn’t opposed the name suppression requested by Cameron Slater, that hitherto ardent (and evidently deeply hypocritical) opponent of name suppression and police diversion. We found out through the grapevine.
This was pretty clear violation of the Victims Rights Act 2002. The police apparently thought that because I’d made a statement that, after considerable effort, I couldn’t see any evidence that Ben Rachinger had actually penetrated my systems, that no crime had been committed. This was a rather fatuous excuse as I’d also stated that spent a lot of time checking my systems and beefing up security on them.
That was a direct response to the information that someone (apparently “the funder” referred to in various conversations) had paid considerable amounts of money to gain information from them as a result of an offence. That had raised the
I became aware, while working in Italy, that the final hearing of the diversion was about to take place. Fortunately I was able to organise to return a few days early to NZ to attend it. While I wasn’t able to prevent the diversion, I was able to help to strip the name suppression and to get a decision that the police had erred in their interpretation of the Victims Rights Act.
Ben Rachinger had refused diversion and opposed name suppression, preferring to make his trial public. I was intending to appear as a witness or as a party to the case.
Unfortunately I appear to have had the dates wrong in my calendar (despite the police informing me of the correct date in mid-year) and went back to Italy on the 3rd of December for a frequently delayed job. As I hadn’t heard anything, I figured the trial had been delayed and that I’d be back for the trial. So I was rather astonished to find a email from the police when I arrived at Frankfurt airport from the police saying:-
I would like to catch up with you to provide you with your witness summons.
My immediate reaction was rather sulphurous. Fortunately I had a few hours sitting in transit to have a meal, an awakening coffee, cool down and return a more civilised response than my immediate draft response (now filed under ‘abusive’). Even in the best of times, being able to get holiday time with about 7 days notice to attend court for several days would be difficult. Getting it while I was waiting for a plane to Rome was infuriating.
Of course I’d have been a difficult witness for the police and prosecution case. While I have no particular respect for Ben Rachinger2 and I don’t know that much about the details of the case against him, even after sitting through two hearings on the charge(s). There are several points that come to mind.
I am assuming that the $1000 he has been charged about is the $1000 forward payment for materials gained from my servers. I find it more than a little ridiculous that fraud or dishonesty charges could be made on someone not performing a criminal action could be brought by the police. That does appear to be what the case rests on.
A criminal3 prosecution for fraud by Ben Rachinger for not hacking my servers rests on if he intended to or even tried to gain access to my servers without permission. I think that it is is likely that trying but not succeeding to gain unauthorised access
I went to considerable lengths when the hacking allegations arose early in 2016 to isolate any unauthorised intrusions, there were many millions of computer log lines to examine. I didn’t have clear time frames on when intrusions were meant to have occurred. Nor did I have clear guides on what the type of intrusions were purported to have taken place. So I was forced to make some very wide ranging searches over more than a five month period. However I do have considerable experience and skills (unlike Cameron Slater – see Dirty Politics) in securing servers that are online to the internet.
So I searched for actual unauthorised access to the servers. That was attempted logins using characteristic password hacking attempts, unauthorised attempts to access back-end functions of the website, and technical attempts to bypass firewalls. I didn’t see any that were attributable to Ben Rachinger or anyone else that succeeded 4.. In my (pretty expert) opinion, it is highly unlikely that any did succeed .
However that doesn’t preclude that no attempts were made through non-technical means. I didn’t need to look as deeply for those. I examined all logins by past and present admins, editors and even authors in the website to see if they were coming from unexpected locations or IP addresses without seeing anything unusual. There are also a number of private pages, posts, and lists of users that would have been an obvious target for any intruders. None of those stood out as displaying characteristics of strange or unauthorised access.
However, for all of that hard work, I couldn’t state conclusively that no attempts or success at unauthorised access did not take place during that period. I just think that it is highly unlikely. From memory, that is what I stated in effect in my statement to the police.
I don’t have any faith in the veracity of any statements made by either Ben Rachinger or Cameron Slater. In my opinion, both have proved themselves to have ever changing stories about themselves or their actions. However I suspect that is a situation that the courts have dealt with time and again, and they are perfectly capable of making up their own minds about it. I’d just comment that in my view, anything that is not backed with hard factual evidence should be discounted and largely ignored.
I’m rather grateful to Ben Rachinger in a strange way. What his confused story about hacking The Standard did, when it arose back on twitter in February 2015, was to alert me that someone was attempting to do unauthorised access to the site. His later comments made it clear that someone was willing to spend quite a lot of money to do that. In fact almost double the money than we expended on running site annually.
It was also clear that wasn’t just the usual suspects around the blogosphere and net 5 that the security systems on The Standard were designed to foil. The $5000 that was offered by Cameron Slater as a bounty was enough money to tempt someone with actual skills to be interested in the task. That kind of money to attack a website being run on a voluntary basis on a platform with some well known flaws is kind of ridiculous overkill. Because I wasn’t aware of who the mysterious “backer” was that kept showing up in the tweets and screen dumps, I had to assume that more money was available. After all it could be anyone from the mysterious investors in ‘freednz’ to members of parliament bearing in mind that the apparent purpose of the hack was to embarrass the newly appointed leader of the Labour Party, Andrew Little, when he first rose in the house in 2015.
Even if I didn’t assume that more money was available, there was hell of an incentive to simply access a system and create the required ‘evidence’ when they don’t find what their paymaster wants to see. There really isn’t a lot to see in the back-end of The Standard apart from the usual day-to-day, and frequently mildly acrimonious carping between authors. My biggest fear with conspiracy nutters like Cameron Slater and his cohort is that when they don’t find what they want, that whoever creates a plausible loophole into the system will simply also just create whatever crap is required. You don’t have to look far through the ridiculous stories that Ben Rachinger was feeding Cameron Slater and him getting wet with excitement about them to see that is a plausible scenario about what would happen.
As a result of this. Over the past few years, I’ve spent weeks of my time upgrading the security systems in the servers and the site to cope with a far higher level of sophistication and skills in hacking attempts.
By exposing the lengths that Cameron Slater was willing to go to to manufacture a story, Ben Rachinger has done the body politic and me a great service. In my opinion, the court should slap him on the wrist. However they shouldn’t deter any future whistle-blowers from exposing similar conspiracies.
Powered by WPtouch Mobile Suite for WordPress