Conspiracy Corner – @TheDailyBlogNZ Hack

Every Thursday, about 8:15am, Matthew talks with Zac (with Lucas lurking on the sidelines) on 95bFM’s “Breakfast Show” about conspiracy theories.

In the middle of last week, Martyn Bradbury of The Daily Blog wrote a post which said:

Last night, just after about 7pm, The Daily Blog was subject to an extremely sophisticated hack attack that directed people away from the blog to a gambling site.

This attack occurred a couple of hours after we blogged about Seeby Woodhouse being subjected to questions when entering America and re-entering NZ and a day after we hosted and live-streamed a public meeting against the TICS Bill.

The sophistication of the attack, and a couple of tell tale signatures during the hack, for us, suggest something more insidious and serious than a disgruntled member of the public.

Luckily Selwyn was able to save everything and move us to a more secure position.

I would hate to think this is our tax dollars at work.

I was asked by a few people if I was thinking of covering the hack on last week’s “Conspiracy Corner”. After all, what Martyn is alleging is conspiratorial activity. A sinister act committed in secret to achieve some end. Now, I can buy there are groups out there who might find what the Daily Blog stands for problematic (I imagine the Kiwiblog regulars hate it, as I’m sure even parts of the Standard do), but Martyn’s claim insinuates that the hack is more than just one of these groups. No, he suggests the hack may have been the result of our tax dollars being put to work.

An extraordinary claim, and one that needs extraordinary evidence to back it up. However, as there were precious few details in the original post, I didn’t really want to say anything without some evidence to back it up. Given that people like Morgan Nichol had asked for some substantiation for Martyn’s claim, I decided to leave it for the time being, hoping that such evidence would be forthcoming.

It was not.

After the show last Thursday, I got curious and decided to see if I could get some more information about the hack, given that questions about it were going unanswered (or worse). Long story short: I ended up contacting Selwyn Manning, who dealt with the hack at the time it was occurring, and we had a lengthy and very productive discussion about the hack, who might be behind it and why Martyn thought it might be more than the work of “a disgruntled member of the public”. Once you’ve listened to the segment, why not take a look at my analysis of what I think really happened.

[Thanks to Selwyn Manning and Drew Calcott for their input in investigating this matter, both of whom have read through the following prior to my posting it here.]

The Hack

When any blog gets hacked, especially if that hack is directed at a WordPress blog and ends up resulting in the blog’s traffic being redirected to a gambling site, the most obvious explanation is that the hack is nothing more than, as Morgan Nichol claimed in the comment’s thread, the work of:

[O]ne of the thousands of bots that continuously search for and attack all WordPress sites. I administer hundreds of WordPress sites and the hack attempts are pretty much constant

This was my suspicion as well: it looked too much like a standard blog hack and nothing particularly special. WordPress blogs are, after all, notoriously prone to hacks ((The only reason why I’ve never been hacked is not due to great security but due to the fact that I’m almost entirely unknown outside of a few, dear readers.)) I put this to Selwyn, and he replied by noting that he’s perfectly aware of the security concerns around WordPress installs and so has put in place a large number of security devices to protect against common, known vulnerabilities of the WordPress platform. Still, given the hack did occur, new and even better protection is now in place at the Daily Blog, right down to the site being moved to a much more secure server and OS configuration.

As such, Martyn’s claim the attack was “sophisticated” follows from the evidence Selwyn provided him (as Selwyn noted, Martyn is not really the tech savvy person of the Daily Blog and relies, like many of us, on the word of people who know more about this kind of thing), given that this was not just a mere WordPress hack ((I know more about the details of the hack than I am letting on here, but I’m not sharing them because, well, you don’t need the technical details and it’s not really a good idea to share them to all and sundry anyway. You might be one of those people out to get anyone of us!)). In that respect, its sophisticated relative to what would normally be taken to be the most likely hypothesis. However, that doesn’t tell us it was sophisticated to a level that we can infer it was the actions of something more than a disgruntled member of the public.

Why? Well, because I went and talked to a security consultant/forensic analyst, Drew Calcott (no anonymous appeals to authority here) who deals with such hacks professionally and on a daily basis. His analysis was tha it wasn’t so sophisticated that it couldn’t have been the work of a script kiddy interested only in achieving a hack or redirecting a site which has heavy traffic elsewhere.

So, there’s an open question here about the sophistication of the hack: on one level, yes, it’s sophisticated relative to what we would normally take to be the best explanation, but it’s not sophisticated such that it tells us much about the kind of person who might have done it. In the end, all other things being equal, it would have been your child.

Was it?

The Motivation behind the hack

The story doesn’t end there: in conversation with Selwyn we talked quite a bit about who he thought might be behind the hack.This goes towards Martyn’s claim the hack was “targeted”. Selwyn doesn’t think it was taxpayer funded/the government. Rather, he thinks it might well have been the actions of a certain group of activists who, in recent weeks, have been sending him veiled threats, such as claiming they will not tolerate the Daily Blog’s support of particular political parties or candidates. ((I know a little more about the supposed “who” than I am letting on, but I’ve agreed not to be too specific here.)) These threats have ceased post the hack, which kind of indicates that this particular group of activists might well have had a hand in it.

Selwyn isn’t certain this group was behind the hack, but I share his suspicion that it’s at least a plausible candidate explanation for what happened. Certainly, the modus operandi in the hack was a bit weird; the site was redirected to an inactive gambling site, so it doesn’t look like anyone was directly benefitting from the hack other than causing discomfort to the proprietors of the Daily Blog. ((Although its quite possible the gambling site was purpose built to inject malware onto the users who were accidentally sent there: Selwyn, unfortunately, did not keep a record of the site the Daily Blog’s traffic was redirected to, so we can’t go and look at it to find out more.)).

The Government Theory

If the person responsible for dealing with the hack doesn’t think it was our taxpayer dollars at work, why did Martyn Bradbury insinuate it might have been? Well, consider this:

Martyn was one of several instrumental figures who lead a push against the Government about the recently passed GCSB Bill, holding Town Hall meetings and the like. He had also recently returned from a public meeting in Wellington where Seeby Woodhouse, a prominent ISP figure in the New Zealand IT industry, had talked about how he feels he has recently become a surveillance target due to his activism against the GCSB Bill. It’s not too hard to start connecting the dots and go “Hmm…”

However, just because you are suspicious about some activity, that doesn’t necessarily mean your suspicion is justified and the kind of thing you should air publicly to a large audience. The problem with the original post over at the Daily Blog about the hack was the lack of evidence to support the insinuation the hack might have been paid for by our tax dollars. It’s perfectly healthy in this day and age of revelations to be quite suspicious indeed about the various security apparatus in our society. It’s probably also quite healthy to be skeptical about the current government’s sincerity. However, if you are going to associate a hack on your website with something “more insidious and serious than a disgruntled member of the public”, then you really should be willing and able to provide evidence. Otherwise you are engaging in scaremongering and, frankly, the kind of seemingly-vapid conspiracy theorising the Left is constantly tarred with engaging in.

Given what Selwyn has told me, it’s hard to distinguish between the two likelihoods that either the hack was just a script kiddy or the follow-through the veiled threats the Daily Blog has been receiving ((After all, the veiled threats might have stopped not because the group successfully hacked the site but because as the site was hacked, the group inadvertently got what they desired (or just assumed one of their members was responsible).)). However, given the available evidence, the likelihood it was a taxpayer-funded hack seems relatively unlikely, even given, say, Seeby Woodhouse’s concerns because the other possibilities are just prima facie more likely given what else we know.

In the end, I think Martyn, the author of the post in question, was being just a tad hyperbolic in his reaction to the Daily Blog being hacked, and ended up expressing a conspiracy theory which was not warranted by the available evidence. Something did happen last week, and there’s a bit of a mystery behind it, but it’s unlikely to be one of the government’s creation. After all, in the end those of us on the Left don’t need the government to bring us down: we’ve got each other for that.


Mark Harris says:

Martyn, hyperbolic? Never in a million years! 😉