Hard News by Russell Brown

Read Post

Hard News: Dirty Politics

2389 Responses

First ←Older Page 1 2 3 4 5 96 Newer→ Last

  • David Hood,

    without knowing anything about his servers, if he was running something that when he made a blog post gave the option of making a Facebook announcement, he might have had his Facebook credentials stored on the publishing server.

    Or he might have gone, I'll use this spare server space to back up my own machine as an offsite backup, what could go wrong?

    Dunedin • Since May 2007 • 1443 posts Report Reply

  • Joshua Brodie,

    Quite unlikely that the DDoS resulted in the email breach but DDoS as a smokescreen for data breach is increasingly common, tying up IT and site owner attention and resources and masking the intrusion within the flood of requests.

    Would need further investigation into whether Whaleoil ever hosted a webmail service alongside the site to know more.

    Wellington, NZ • Since Aug 2014 • 1 posts Report Reply

  • Stephen Judd,

    Many people use the same passwords everywhere. Easy to imagine that the WhaleOil blog admin account and, say, Slater’s FB account had the same password. So compromising the web server might yield the info needed to compromise things elsewhere.

    Wellington • Since Nov 2006 • 3121 posts Report Reply

  • Sacha,

    It's charming how we're helpfully trying to work out how the information was accessed, rather than what it shows. #geeks

    Ak • Since May 2008 • 19594 posts Report Reply

  • Sam P, in reply to Joshua Brodie,

    The MX records show that domain as having its mail handled by gmail, it shouldn't ever even pass through that server.

    New Zealand • Since Aug 2014 • 1 posts Report Reply

  • Russell Brown,

    Danyl nominates the hacking of Labour's computers and abuse of of SIS information as the two big takeaways so far.

    Auckland • Since Nov 2006 • 22584 posts Report Reply

  • Sofie Bribiesca, in reply to Russell Brown,

    Danyl nominates the hacking of Labour’s computers and abuse of of SIS information as the two big takeaways so far.

    I'd go with that . Dirty, and by track record we see deals that frankly stink and we get to pay for this shit. I really think (just an opinion of mine) that Labour can look really stupid when things like "sorry for being a man right now" goes viral because a bunch of employed shitstirrers jump in and before you know it the seed is planted. I give anything like that 24 hours to take hold. Once again job done. The smug pride that then continues in the House is childish. That's our democracy. And John Armstrong bleats on.

    here and there. • Since Nov 2007 • 6796 posts Report Reply

  • william blake,

    well i'll be fucked.

    Since Mar 2010 • 376 posts Report Reply

  • SHG, in reply to Russell Brown,

    Danyl nominates the hacking of Labour's computers and abuse of of SIS information as the two big takeaways so far.

    If Danyl's #1 is the Drupal clusterfuck that we all laughed at back in June 2011, I can't see - without having read anything in the book of course - how that counts as anyone hacking the site. It was wide open to the Internet and all that shit was visible to anyone who cared to look.

    nup • Since Oct 2010 • 76 posts Report Reply

  • Rich of Observationz, in reply to SamC,

    Pretty much.

    One would start by cracking his CMS password, etc. Look for any social networking API links with tokens. If there's a webmail server running, then trap passwords on that. Some people use VPNs to access their web servers - that's a vector, especially if you can hijack DNS that way and hence grab POP/IMAP access. If he's using ssh, turn off autologin and have it ask for a password. Or try and get X forwarding to happen.

    Minutes of endless fun. All hypothetical, of course.

    Back in Wellington • Since Nov 2006 • 5550 posts Report Reply

  • Russell Brown,

    The Facebook route is made more plausible by the inclusion in the book of Facebook messages from Slater.

    Auckland • Since Nov 2006 • 22584 posts Report Reply

  • SHG, in reply to Balance,

    A hacked server can provide a privileged platform to attack a client machine, typically a site admin's personal computer, which in turn could spill the beans for log in credentials to other services

    Yeah I thought of that, but compromising a webserver in order to copy a keylogger to a client PC when it logs in to do administration and then gain access to mail/FB is a whole other level of intrusion. Is the DDOS just a smokescreen?

    nup • Since Oct 2010 • 76 posts Report Reply

  • B Jones,

    The whole thing puts the Whaleoil attacks on Tania Billingsley in a different context, doesn't it?

    Wellington • Since Nov 2006 • 975 posts Report Reply

  • Robyn Gallagher, in reply to Anonymous Coward,

    the most likely scenario is that either the DDoS attack is a read hearing

    Totally off topic, but "read hearing" is the best eggcorn ever. It fills my heart with joy!

    Raglan • Since Nov 2006 • 1946 posts Report Reply

  • Jonathan King, in reply to B Jones,

    Jesus. Chilling.

    The whole thing puts the Whaleoil attacks on Tania Billingsley in a different context, doesn’t it?

    Since Sep 2010 • 183 posts Report Reply

  • Balance, in reply to SHG,

    Is the DDOS just a smokescreen?

    From what I can understand, DDoS attacks are nearly always a pretense to a deeper, targeted breach (aside from those attacks performed purely for the giggles).

    And while "key-loggers" could be "how", that, to my mind, sounds so 90's. The attack interface from a privileged position is so ridiculously large now - there's a veritable smorgasbord of options once the beach-head has been made.

    Since Aug 2014 • 4 posts Report Reply

  • Greville Whittle,

    To be honest I'm more concerned with the facilitation of OIA requests to the SIS than how the emails etc got passed to Nicky Hager.

    I wonder if it'll be on sale in Hamilton tomorrow.

    Hamiltron • Since Oct 2008 • 50 posts Report Reply

  • Anonymous Coward, in reply to SHG,

    DDoS needs to be packaged with other, more sophisticated attacks to be anything more than a temporary disruption. DDoS is the car parked in across your driveway. While you're arguing with the driver, someone else is hauling your TV out the back door after smashing a window to gain entry.

    Wgtn • Since Apr 2008 • 6 posts Report Reply

  • Anonymous Coward, in reply to Robyn Gallagher,

    Glad you enjoyed my... intentional... Easter egg for the grammar-conscious..

    Wgtn • Since Apr 2008 • 6 posts Report Reply

  • Rich of Observationz,

    Gotta say though, my money would be on National Party machinations going a bit wrong. Key wants to keep an eye on the Collins faction, so he gets his mates down on Pipitea St to grab Slater's emails. Then someone gets to see them who's not in alignment with Slater at all, who gives the details to a friendly hacker, who then passes them on to Hager. Something like that.

    Back in Wellington • Since Nov 2006 • 5550 posts Report Reply

  • izogi, in reply to Stephen Judd,

    Many people use the same passwords everywhere. Easy to imagine that the WhaleOil blog admin account and, say, Slater’s FB account had the same password. So compromising the web server might yield the info needed to compromise things elsewhere.

    I’m not a security expert but that was my line of thinking when I read it. It might be something impressive but could be as simple as passwords left lying around or used for multiple roles on a server that he lazily assumed was safe. The simplest explanation to me is that Cameron Slater probably isn’t too assertive with his security measures to begin with.

    He has at least one GMail account, which is advertised on his site. If he hadn’t enabled 2-step authentication (which I heartily recommend enabling for any GMail account of any significance), it’s really just a matter of discovering his email password. From there, potential access to any number of other accounts, facebook included, could be as easy as invoking an email password reset.

    Wellington • Since Jan 2007 • 1139 posts Report Reply

  • steven crawford,

    It’s charming how we’re helpfully trying to work out how the information was accessed, rather than what it shows. #geeks

    It’s like the large hadron collider. The engineering is huge.

    Wellington • Since Nov 2006 • 4077 posts Report Reply

  • Keir Leslie,

    Even if Ede/Slater haven't broken any laws, if the PM's misled the public about his office's actions that's a big deal.

    Since Jul 2008 • 1452 posts Report Reply

  • cindy baxter,

    So this is interesting.

    In November 2009 hackers broke into the files of East Anglia's Climate Research Unit and released a deluge of emails to the public, arguing (incorrectly) that the conversations between the scientists showed duplicity over climate science.
    They called it ClimateGate, even though nine separate investigations exonerated the scientists and showed the leakers had shamelessly cherry picked sentences out of the emails and twisted them.

    The Norfolk Constabulary never did get to the bottom of who had stolen the emails. The community I work in considered them stolen. Very much so.

    Nicky is clear that there was a hack. He even says it in the Herald. I'm guessing there's going to be a police enquiry as to who "stole" these emails?

    Morality question: Is there a difference? I know that I hold WhaleOil in the same regard as I do the guys who hacked/leaked the ClimateGate emails but the shoe's sorta on the other foot here. No, Nicky's not twisting the emails, I'd imagine, and has meticulously checked everything, but the way in which he appears to have received these emails and data seems remarkably similar to the ClimateGate affair.

    auckland • Since Nov 2006 • 99 posts Report Reply

  • Rich of Observationz,

    Attachment

    Bingo.

    Back in Wellington • Since Nov 2006 • 5550 posts Report Reply

First ←Older Page 1 2 3 4 5 96 Newer→ Last

Post your response…

Please sign in using your Public Address credentials…

Login

You may also create an account or retrieve your password.