It was hardly 'hacking' was it?

Forums › Off topic › It was hardly 'hacking' was it?

1 | 2 | 3 | 4 | 5 | 6 | 7

278 posts

Ultimate Geek

#1111334 19-Aug-2014 14:59

Does the PM or anyone in National think it's appropriate that Ede who was a senior staffer went through a Labour Party database?

Speaking for myself, there are a range of possible answers to this. They range from "charge him with theft now!" to "good on him!". My response was that it was unwise of him to do so. Not illegal, not firing material (unless as a sacrificial lamb). By doing so he has put his boss, the PM, in a embarrassing situation and that is never a good idea. But he did apologise to the Labour Party for doing so back in 2011 and gave assurances that there was no "misuse" of the information.

Do I think he is the first member of a Prime Minister's office to do something that can be regarded as unwise? No, I don't. That doesn't make his actions any less unwise but I do find the level of outrage overblown. All of this was three years ago...

Tinshed
Wellington, New Zealand

BarTender

3606 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1111342 19-Aug-2014 15:14

Tinshed: Does the PM or anyone in National think it's appropriate that Ede who was a senior staffer went through a Labour Party database?

Speaking for myself, there are a range of possible answers to this. They range from "charge him with theft now!" to "good on him!". My response was that it was unwise of him to do so. Not illegal, not firing material (unless as a sacrificial lamb). By doing so he has put his boss, the PM, in a embarrassing situation and that is never a good idea. But he did apologise to the Labour Party for doing so back in 2011 and gave assurances that there was no "misuse" of the information.

Do I think he is the first member of a Prime Minister's office to do something that can be regarded as unwise? No, I don't. That doesn't make his actions any less unwise but I do find the level of outrage overblown. All of this was three years ago...

Erm, so lets just confirm here.

You think it was unwise as a senior staffer of National for him to engage with Whale Oil as part of the politically motivated action to inflict the most damage possible. My view is anyone with an once of respectability would have not gone down that path. Yes find the issue, yes inform them first it was found so they can fix it and even yes publicly disclose it to discredit them. But downloading the data and trolling through it to maximise damage, that's stepping over the line.

The details of the plan were worked out between Slater and Ede in the final days before the launch. The computer logs show them both accessing the Labour site on 7 June, Ede (identifiable by his computer’s technical characteristics) arriving at 10.11 p.m. and Slater (who forgot to disguise his home IP address) two minutes later at 10.13 p.m. Then on 10 June, just two days before the attack was launched, they to-ed and fro-ed by e-mail, working out which bits of the Labour information Slater should emphasise.

But it had been a close shave. The next day, 14 June, Ede and Slater exchanged several e-mails expressing their relief that Labour had not discovered Ede’s role. Ede wrote: ‘An interesting sidebar in Pagani’s story is that they’re chasing us by matching IP neighbourhoods and the types of computer we use. You stand out like dogs balls because of your damn Mac!!!!!’ He continued, ‘In my case, I wish to offer a hearty sigh of relief and celebrate dynamic IP addresses.’ He meant his computer regularly changed its IP address, which ensured he could not be identified by its IP address. If Ede had had a static IP address like Slater, the Labour Party might have been able to prove he had been inside their computer system. He titled his e-mail, ‘Thank You for dynamic IP addresses.’

Hummm.. So there wasn't any intentional malice in his activities, it was just unwise right?

Edit: The use of "unwise" was just an coincidence from John Key saying it was unwise today right :)

Dratsab

3946 posts

Uber Geek

Trusted

Lifetime subscriber

#1111352 19-Aug-2014 15:33

This article may help.

Klathman

301 posts

Ultimate Geek

#1111356 19-Aug-2014 15:37

Seems to me that Labour made a mistake that resulted in people being able to access sensitive data. If it were a private company or a goverment agency then the privacy commissioner would be getting called to prosecute labour for failing to secure personal information. In fact I believe that since it involves credit card information that the Labour party's bank could fine them under their agreement under the PCI-DSS standards. Imagine if this was facebook or any other tech company. I doubt that anyone would feel any sympathy for their situation.

I don't know how viable saying that the data was stolen or hacked as there was no warning that the data was private, no agreement that needed to be accepted by the user for what they could and couldn't do with the data and no login requirement to restrict access. You can definitely argue that it was immoral but that's not illegal.

I imagine that Labour could request that all copies of the data be destroyed and they could use the police to attempt to enforce this but not sure how that would go.

bazzer

3438 posts

Uber Geek

Trusted

#1111375 19-Aug-2014 16:03

JWR:
bazzer:
ajobbins: Much better conduct from the Greens: [source]

Greens show they can be trusted - with folders The Green Party showed a nice side of politics when it returned a misplaced folder to Nikki Kaye. Spotting the folder on a flight, a party staffer contacted colleagues about what to do and was told to return it to the food safety minister unread. A spokesman for Kaye confirmed the folder was misplaced, but that it contained ‘‘no sensitive information’’, with only a few speaking notes and printed pages from her diary. ‘‘She is very grateful to the Green Party staffer for picking it up.’’

I have no doubt that this is simply because this was the best outcome for the Greens rather than for any altruistic reasons. By returning the folder that contained "no sensitive information" they can paint themselves as the good guys. I wonder what would've happened if the folder had contained something they could use?

A bit of reading comprehension called for here.
The Green Party staffer was told to return the folder unread!
It is irrelevant whether he information was sensitive or not.

And if you believe that, I have a bridge to sell you...

BarTender

3606 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1111379 19-Aug-2014 16:20

bazzer:
JWR:
bazzer:
ajobbins: Much better conduct from the Greens: [source]

Greens show they can be trusted - with folders The Green Party showed a nice side of politics when it returned a misplaced folder to Nikki Kaye. Spotting the folder on a flight, a party staffer contacted colleagues about what to do and was told to return it to the food safety minister unread. A spokesman for Kaye confirmed the folder was misplaced, but that it contained ‘‘no sensitive information’’, with only a few speaking notes and printed pages from her diary. ‘‘She is very grateful to the Green Party staffer for picking it up.’’

I have no doubt that this is simply because this was the best outcome for the Greens rather than for any altruistic reasons. By returning the folder that contained "no sensitive information" they can paint themselves as the good guys. I wonder what would've happened if the folder had contained something they could use?

A bit of reading comprehension called for here.
The Green Party staffer was told to return the folder unread!
It is irrelevant whether he information was sensitive or not.

And if you believe that, I have a bridge to sell you...

Or you never just know. They could be honest lot. Who'da thunk it.

freitasm

BDFL - Memuneh
79289 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1111381 19-Aug-2014 16:21

Ok, for those who think the "take the TV" analogy is bad, let's change it.

If you leave your credit card on your desk and go out for lunch, and someone comes in, copy the number and goes ordering things on Amazon, is it ok? No, it's fraud, not theft. And it is not ok.

Same thing: if someone sees the data and makes a copy of it to act on it, is it ok? Knowing names and credit card numbers were in that data would you feel the same if your information was part of the dump?

It's not a political question for me. It's a moral and ethical question.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

Klathman

301 posts

Ultimate Geek

#1111391 19-Aug-2014 16:38

freitasm:

It's not a political question for me. It's a moral and ethical question.

Absolutely. I don't think anyone could say that Slater or any other party was taking the moral high ground on this one. The thing is that I also think that Labour's attitude is also wrong and is actually illegal. Collecting personal data and not putting any protection in place isn't just immoral but illegal. So who looks good on this one?

jeffnz

2870 posts

Uber Geek

Trusted

Lifetime subscriber

#1111393 19-Aug-2014 16:39

why don't we just take the political side out of it as it is going nowhere and just stick to the topic.

Galaxy S10

Garmin Fenix 5

6FIEND

774 posts

Ultimate Geek
Inactive user

#1111395 19-Aug-2014 16:41

freitasm: Ok, for those who think the "take the TV" analogy is bad, let's change it.

If you leave your credit card on your desk and go out for lunch, and someone comes in, copy the number and goes ordering things on Amazon, is it ok? No, it's fraud, not theft. And it is not ok.

Same thing: if someone sees the data and makes a copy of it to act on it, is it ok? Knowing names and credit card numbers were in that data would you feel the same if your information was part of the dump?

It's not a political question for me. It's a moral and ethical question.

Your example is still not analogous... The closest approximation to the "credit card on the desk" example is that someone came along and saw that it was left there and announced to all and sundry in the office, "Hey! Look what this dumbass left here on his desk!" And then teased them mercilessly about it when they returned and berated them for all the bad things that could have happened to them if it had been someone less scrupulous who had discovered it. Sure, someone copied down the "credit card number" (and used it as proof that it had been lying around unsecured) ...but nobody went "ordering things on Amazon" or acted in any way on the data other than to rub the negligent party's nose in it.

(edit: jumbled words)

gzt

17137 posts

Uber Geek

Lifetime subscriber

#1111400 19-Aug-2014 16:46

6FIEND: the people who trawl the streets while the Auckland Inorganic Waste collections happen aren't engaging in illegal activity when they take things are they?

In the real world inorganic situation - potentially yes. This is still property and still owned by someone. Technically you should be asking the permission of the owner before taking it. By law it still belongs to the owner even if you have it in your possession.

Imagine a person moving into a house leaves a brand new entertainment centre on a trolley on the verge between the truck and the house on the same day as the inorganic. It is obvious the person is moving house. Anyone can see that. Truck is open, house is there. Another person takes advantage of the situation and takes the entertainment centre home on the trolley. This person is apprehended.

If that exact situation went to court a conviction would occur because the intent is obvious.

Leaving the analogy behind - in this 'hacking' (lol) it appears there was intent and there is some evidence for that. Aside from that, the applicable laws are a different matter.

Edit: I really do not want to extend this analogy or defend it lol. It's obviously not physical property and the laws are all different etc, etc. Just answering the question there.

BarTender

3606 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1111673 19-Aug-2014 22:36

gzt: Leaving the analogy behind - in this 'hacking' (lol) it appears there was intent and there is some evidence for that. Aside from that, the applicable laws are a different matter.

Edit: I really do not want to extend this analogy or defend it lol. It's obviously not physical property and the laws are all different etc, etc. Just answering the question there.

I think if we wanted an Analogy we could use Copyright Infringement as I would assume most people on here have an idea about it.

If I happened to see a copy of the pre-release of Avatar 2 sitting around (as an example) and take a copy of it then no one is loosing out on any money or so people have used as an excuse in the past. However I know it is copyright material that many people had worked hard to create so it's copyright infringement and there are laws to protect copyright. I know it's bad, I know I shouldn't be doing it but heck I don't care and am going to do it anyway.

Now if I happened to be the Secretary to the CEO of RIANZ and happened to have after chatting with the someone from rotten tomato's (again just as an example here and best I could think of?) about the plot lines as he wanted to write a review on how rubbish the movie is. It's not really a good look is it?

Yes James Cameron shouldn't have left it lying around so it's his own dammed fault. Especially working with Rotten Tomato's since I proactively worked on them to trash the movie the best I was able to.

I knew what I was doing was wrong, but I did it anyway. Corrupt is a more accurate description of what I did rather than Unwise.

gzt

17137 posts

Uber Geek

Lifetime subscriber

#1112927 21-Aug-2014 15:47

gzt:
CB_24: It was hardly 'hacking' was it?

It is not hacking unless there was a previous attack on the security permissions. Labour use of the 'H' word is just silly.

However, I do agree with the use of the word 'intrusion' if it used to describe the privacy context. The membership data and credit card donation data was private to the people that provided it and should not be used for any other purpose. If that occurred it is very bad.

There are other aspects also which seem more relevant to the overall Hager book topic so I posted them over there.

I might have to revist some of these comments. But as before there are no indications this was hacking in the sense of breaking security or working around security restrictions.

But it is now a bit clearer that the information gained was not gained from simple documents. Additional technical sophistication was used to extract the information from the files obtained. This is much closer to 'hacking' in the sense of applying technical knowledge to gain access to information.

But like everyone else I'm just amazed (putting it politely) that the Labour Party did not pursue legal avenues for the return/destruction of these files containing information private to individuals that had donated to them or communicated with the Labour Party in some way. It's a serious matter I think the Labour Party have some responsibility for and I don't see any indications the party lived up to that responsibility to get that information returned.

I do think that overall this is like finding a bag on the street. Instead of just looking at the wallet to get an address or phone number to return it then to rifle through it and finding some sealed envelopes, open them and examine their contents.

JWR

821 posts

Ultimate Geek

#1112972 21-Aug-2014 17:07

gzt:
gzt:
CB_24: It was hardly 'hacking' was it?

It is not hacking unless there was a previous attack on the security permissions. Labour use of the 'H' word is just silly.

However, I do agree with the use of the word 'intrusion' if it used to describe the privacy context. The membership data and credit card donation data was private to the people that provided it and should not be used for any other purpose. If that occurred it is very bad.

There are other aspects also which seem more relevant to the overall Hager book topic so I posted them over there.

I might have to revist some of these comments. But as before there are no indications this was hacking in the sense of breaking security or working around security restrictions.

But it is now a bit clearer that the information gained was not gained from simple documents. Additional technical sophistication was used to extract the information from the files obtained. This is much closer to 'hacking' in the sense of applying technical knowledge to gain access to information.

But like everyone else I'm just amazed (putting it politely) that the Labour Party did not pursue legal avenues for the return/destruction of these files containing information private to individuals that had donated to them or communicated with the Labour Party in some way. It's a serious matter I think the Labour Party have some responsibility for and I don't see any indications the party lived up to that responsibility to get that information returned.

I do think that overall this is like finding a bag on the street. Instead of just looking at the wallet to get an address or phone number to return it then to rifle through it and finding some sealed envelopes, open them and examine their contents.

You can also list copying the person's credit card details as part of your analogy. Because, in one of Slater's emails, he gloats about getting credit card details of all Labour's online donations.

ajobbins

5052 posts

Uber Geek

Trusted

#1112982 21-Aug-2014 17:21

6FIEND:
freitasm: Ok, for those who think the "take the TV" analogy is bad, let's change it.

If you leave your credit card on your desk and go out for lunch, and someone comes in, copy the number and goes ordering things on Amazon, is it ok? No, it's fraud, not theft. And it is not ok.

Same thing: if someone sees the data and makes a copy of it to act on it, is it ok? Knowing names and credit card numbers were in that data would you feel the same if your information was part of the dump?

It's not a political question for me. It's a moral and ethical question.

Your example is still not analogous... The closest approximation to the "credit card on the desk" example is that someone came along and saw that it was left there and announced to all and sundry in the office, "Hey! Look what this dumbass left here on his desk!" And then teased them mercilessly about it when they returned and berated them for all the bad things that could have happened to them if it had been someone less scrupulous who had discovered it. Sure, someone copied down the "credit card number" (and used it as proof that it had been lying around unsecured) ...but nobody went "ordering things on Amazon" or acted in any way on the data other than to rub the negligent party's nose in it.

(edit: jumbled words)

Yes, but simply noting down the credit card number may still be a crime in that case. For what purpose did they write it down? Simply hearing it was of no fault of theirs, but they knew that number wasn't for them, and making a copy of it without authorisation MAY still be an offence, even if they don't go on to use it. Despite knowing the information wasn't intended for them, and was sensitive, they made a conscious decision to take a copy anyway.

Being the that sensitive information wasn't at the root of the domain (They had to drill down into subfolders to find it), a better analogy would be that someone accidently left their wallet in the communal kitchen at work (With a credit card inside). Someone stumbles across the wallet, and looks inside to see who it belongs to. Before returning it to the owner they write down the credit card details before sending a shaming all office email calling out the owner for their poor security in leaving their wallet in a common area, and advising they now have the persons credit card number.

Hacking, probably not. Deliberately accessing information you know is a) Sensitive and b) Not intended for you, yes.

Twitter: ajobbins

1 | 2 | 3 | 4 | 5 | 6 | 7