How blogger Whale Oil accessed Labour Party computers

How blogger Whale Oil accessed Labour Party computers

Summary: A right-wing blogger has documented in video how he gained access to what should have been confidential party and donor information.

SHARE:

Call me a bit old school, but generally I like elections to be about policy and vision. There isn't much of either on view in this New Zealand election round.

Since the publication last week of Dirty Politics, a new book by investigative activist Nicky Hager, policy and vision have all but disappeared. The book is based on emails and other communications between blogger Cameron Slater (aka Whale Oil) and others on the right, including a cabinet minister and staff in Prime Minister John Key's office. 

Dirty Politics, in part, reignited an old argument: that Slater hacked a Labour Party website in 2011 and gained unauthorised access to information, including donor information and credit card details. 

I'm not a fan of Slater's. In Dirty Politics, Slater is quoted in seemingly hacked emails as calling the working people of East Christchurch "scum" — this is after the devastating earthquakes that drove many out of their homes.

My background is working class, from Auckland's west. When Slater does that, he is calling me scum as well.

But amongst all the blather there has been very little of substance about what Slater actually did to access that Labour Party information. The answer is, not much. He didn't have to. It was published in a way that even Google's robots could access and index it.

Slater documented this in detail in a video he posted on YouTube (below) and the incident was followed by official investigations. No further action was taken.

Some are still arguing that what he did was illegal and they may have a point. Hacking means different things in different legal jurisdictions. To me though, if something is published on the open internet, with no real security controls and requiring no real skill to access, that's not hacking. 

That's browsing.

And it was and still is highly embarrassing for the opposition Labour Party, which should thank its stars New Zealand does not yet have a compulsory data breach notification regime. If it did, the party would have faced the humiliation of having to tell its own supporters it had not looked after their private information properly.

However, the law in New Zealand, like elsewhere, is far from clear on where the boundary lies between hacking and browsing. 

Jono Natusch offers a good wrap of those arguments, which highlight what a shame it was the Police or the Privacy Commissioner decided not to take action back in 2011 when all this occurred. Sadly, we need a judge to decide what Parliament was trying to say when it rewrote the Crimes Act to criminalise "unauthorised access to a computer system".

But any real hacker, no matter what shade their hat, could not look at that video and call this hacking — and I'd be wary of supporting any law that did.

A lot of questions remain unanswered about where and how Hager got his information. Whale Oil says his Gmail was hacked and points the finger at Kim Dotcom, FBI extradition target and founder of the Internet Party.

Dotcom denies any involvement. 

One thing is for sure, the reignited hacking furore does appear to have achieved a very rare thing: put a seemingly untouchable Prime Minister on the back foot (audio).

Meanwhile, the book was sold out  when I tried to buy it (twice) and is going into reprint, proving the truth of what Philip Matthews (@secondzeit) tweeted a few days ago: "Haven't seen this many people commenting on a book without reading it since university."

Topics: Security, New Zealand, Web development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Distract and deny...

    all you want, but the real story here is the political machinations that Slater and the National Party have been up to, and the damage they have been seeking ti inflict on any and all their opponents. Spliting hairs over what constitutes "hacking" does not make what Slater and Ede did for John Key any less immoral and disgusting.
    Master668
    • Nevertheless....

      ...there's a Labor Party sysadmin somewhere who should have been fired over this (or his boss).

      Nevertheless, the mere fact that someone bought a cheap, easy to pick lock doesn't justify burglary.
      John L. Ries
  • The "browsing" is not the point

    It is what you do with that information which you have discovered by browsing Publishing what you know its owners would wish to keep private is at least unethical and should be illegal. To leave a door open, through negligence, is not "publishing" (as the Prime Minister asserts). An analogy would be a family accidently leaving the back door of their home open. I sneak in and steal nothing (that would be naughty). I simply rifle through the "unprotected" underwear drawers and their bank statements and then publish photographs on my blog. What would you think of me? "Slime ball" comes to mind.
    Bob G Beechey