The @B3nRaching3r Allegations – Part Four

The Ben Rachinger ((I must apologise for consistently mispronouncing his name on the podcast; it irritated me when the people behind Lauda Finem couldn’t do enough due diligence to spell my surname correctly, so sorry.)) story has been picked up by the media. It started with on TV3’s “The Nation” last Saturday and then was followed up by an article in the New Zealand Herald on Sunday. Rachinger had suggested just a few weeks back on Twitter – despite prior claims to the contrary – that all was good in the mainstream media, which is when I think we can date the Nation taking an interest in his story.

The story itself, as presented in the 10 or so minutes on the Nation, is interesting precisely because of how it differs from Rachinger’s narrative in the (now deleted) Medium posts. ((Thank the gods for services like Instapaper.)) The story we saw on Saturday morning was simple and concise: Rachinger first got in contact with Slater when the Whaleoil blog was hit by a denial of service attack in early 2014. Rachinger offered to help Slater secure his site against further attacks, and they struck up a correspondence. This led to Rachinger being paid by Slater to do work for him. Eventually Rachinger was sufficiently trusted by Slater that he asked Rachinger to hack the Labour Party-aligned blog, the Standard. However, by this time Rachinger was aware of the claims made against Slater in Nicky Hager’s book “Dirty Politics” and he claims he decided to launch his own investigation/entrapment of Slater. So, whilst Slater thought Rachinger was hacking the Standard, Rachinger was simply pulling publicly available data from the site. Slater eventually worked out that he really was getting nothing useful and terminated the relationship.

The story on the Nation, then, is the story Rachinger posted on Medium but stripped of much of the ancillary and sometimes quite questionable details. There is no hyperbole about Rachinger’s sacrifice, or how he is now being hounded by influential people and has had to go on the run. There is no talk about the Tony Lentino job Slater tried to get for Rachinger, which always seemed like an irrelevant sideline. The discussion about Slater’s connection with the Israeli Embassy: gone. Finally, there was no attempt to link the Standard hack to David Farrar or Matthew Hooton (which, as I covered previously, was always a stretch). Just a simple story of a hacker who was asked to infiltrate a blog and took Cameron Slater along for a ride.

Part of me would like to think that the calm, cautious reporting of the salient details is very much due to this series of blogposts. Realistically, though, it’s much more likely to be the result of good journalism on the part of the Nation’s staffers. Getting an actual journalist to present your story can do wonders.

The Nation story also plays down the police informant angle; there was nothing about Rachinger’s claims to be regularly meeting with a police handler throughout his association with Slater. Indeed, there was little to no discussion as to when Rachinger decided to start his one person investigation/entrapment of Slater. ((Indeed, the fact he refers to it as being his own investigation – rather than one in which he was supposedly helping the police – is interesting to the point that you would either think he has post facto made up a noble reason to have got onside with Slater, or that the police asked the Nation not to mention Rachinger’s central role in their investigation.)) This is important, because according to numerous internet commentators (including myself), either:

  • Rachinger went in at the beginning as a noble hacker intent on blowing open Slater’s criminal activities (what we might call the “Noble Rachinger” hypothesis), or
  • Rachinger was sincere in his offer to help Slater and later came to regret his association (the “Credulous Rachinger” hypothesis) or
  • Rachinger was an eager and willing accomplice to Slater who then was either burnt by Slater or burnt Slater, causing them to become enemies (the “Suspicious Rachinger” theory).

I think it’s fair to say that Rachinger’s deleted Medium posts and (for the moment) inaccessible tweets slip and slide between the Noble and Credulous hypotheses. Yet a lot of people side with the Suspicious construal because they either:

  1. claim to have been in correspondence with Rachinger over the period of time he was working for or with Slater, and thus they say this correspondence reflects a different story from the one Rachinger has presented or
  2. they cite Rachinger’s past behaviour online (doxing, threatening to contact people’s employers, et cetera) and argue that there is no reason to charitably assume Rachinger was acting nobly.

Myself? I suspect some version of the Credulous or Suspicious hypothesis is the most likely, given his past behaviour, the nature of some of the correspondence Rachinger leaked and the fact he came to the attention of Slater due to a video which criticised one of the people on Slater’s hit list, Kim Dotcom. That, however, is by-the-by; the story we saw on the Nation states that Rachinger was bluffing Slater by the time it came to the request that the Standard be hacked. If we accept that to be true, then what the Nation presented was clear evidence that Slater decided to pay someone to illegally access data on a blog as part of his ongoing #dirtypolitics campaign, which is conspiratorial in nature.

So, is this a warranted conspiracy theory? Well, no matter what we think of Rachinger himself the evidence he has provided seems reasonably clear (if we assume the various screenshots, bank account transactions and the like have not been faked). Slater and at the very least his mysterious funder (more on that in a second) were engaged in a criminal conspiracy.

How involved, then, was Rachinger? Well, Rachinger says he did not hack the Standard. There are two good reasons to believe this. The first is that Slater’s response and subsequent falling out with Rachinger shows that Slater not only thought he got nothing useful from Rachinger, but that he had been played. The second reason is that Lynn Prentice, the Editor at the Standard, claims there was no evidence of a hack. ((Although there are two reasons why Prentice might say that if an undisclosed hack had occurred. The first is that the hack was successful and invisible, and thus Prentice didn’t know about it. The second is that you might not want to admit to being hacked in the first place. However, given the evidence of the falling out between Slater and Rachinger, I think we should accept Prentice’s supporting claim here as good evidence that there was no hack.)) As such, it seems that whatever happened, the Standard remained unhacked.

Now, some are speculating that Rachinger planned to hack the Standard, but failed or discovered such a hack was outside his realm of IT comfort. That is to say, Rachinger might be trying to make his failure and subsequent falling out with Slater look noble. ((Indeed, given that we got no story about him working with the police throughout this period, this particular hypothesis seems like a reasonable thing to consider.)) However, for our purposes we can ignore claims about his motivations (and potential failures) and focus purely on the fact Rachinger is admitting he was complicit to some extent in Slater and Company’s criminal enterprise. ((I know some will say that ignoring Rachinger’s motivations here is a bad idea, since it speaks to character and his past behaviour online. I’m not downplaying that. Rather, I am focused in this particular analysis on the claim of conspiracy by Slater and Company.))

Slater has, of course, denied criminal activity. In fact, he claims he operates entirely legally. As Russell Brown pointed out on Twitter, that’s just not true, and Lynn Prentice has called Slater out on the hypocrisy of crying foul when the Whaleoil blog was hacked (which led to the eventual #dirtypolitics revelations) but then wanting to hack the Standard. However, the Herald story mentions that the Counties Manukau CIB are investigating Rachinger’s claims, which means they at least think there is a case to be made for this being a serious offence. However, they also admit that Rachinger’s history of putting evidence online has complicated the investigation. This is a serious problem, because the investigated know what they are being investigated for and thus can work to answer those questions preemptively (and to their favour). This is what I call the “Kerry Bolton defence”, named after the far-right, Aotearoa (New Zealand) based author Kerry Bolton. ((Bolton was accused of being a Holocaust denier on a Radio New Zealand programme by (my friend) Scott Hamilton. Bolton denied this and complained to the Broadcasting Standards Association (BSA) and initially had his complaint upheld. However, this was, in part, because Bolton took down many of the web resources Hamilton used as evidence, and so Bolton made it look as if Hamilton was smearing him unjustly. However, Hamilton was able to show that a) the resources had existed and provided other written evidence, which lead to a rare retraction of a BSA ruling.)) It’s much harder to prosecute someone if they not only know the details of an investigation but can then work to counteract those details whilst the investigation is on-going. The worry is that Rachinger’s publication of his amassed evidence (including large chunks of private correspondence which was irrelevant to his central claims about a criminal conspiracy led by Slater) will lead to the police saying “Too difficult; we give up!” or “Well, we can’t use this in court now…” Whilst there will be, I suspect, huge public and political pressure for this investigation to get as far as the prosecution phase, it is also possibly that it will end badly for the public (and not so badly for the conspirators).

Which leaves me – for the time being – with the biggest unanswered question in this morass of conspiracy theories. Who is Slater’s mysterious funder, the person who was able to stump up the $5000 Rachinger offered (or asked for) when the Standard hack was proposed? In the Medium posts Rachinger hinted that the identity of the funder would eventually come out. In the Nation story, however, he admits he does not know who Slater’s funder is, which either means he never knew or the person who suspected it of being is no longer a viable suspect. So, the funder remains mysterious.

It’s possible there is no funder, of course. This ties into my previous discussion of Slater as a fantasist; he may have claimed there was someone wealthy working with him to make himself look more important. Some have mooted that the $5000 likely came from one of Slater’s many fundraising drives, since Slater keeps pleading poverty. Or there really is a funder and it’s one of the likely suspects named in “Dirty Politics”. Or… Or is there another player-qua-conspirator yet to be revealed? Will time tell, or is the investigation now so comprised that we will never know? I guess we might find out should there ever be reason for me to write part five…


lprent says:

Although there are two reasons why Prentice might say that. The first is that the hack was successful and invisible. The second is that you might not want to admit to being hacked in the first place.

Or it may just be that I simply run secure systems – which is what happened.

There are two levels of this. Ben Rachinger appears to be a mostly a social engineering hacker. The type of person who persuades people to give up their password, bank accesses, and money with honeyed words and interesting stories.

Not exactly the type of person that is likely to win over a sceptical 55 year old anti-social programmer who has spent decades in the company of those charming politicians. Ask any politician I have ever encountered for even short periods, and they’ll tell you that I’m very immune. And that was before I spent time moderating a major political blog.

But he also has some tech skills…

I’ve been doing computer programmer and support in one form or another since I finished my MBA coursework back in 1986 and dropped out of being interested in management. I’ve coded in everything from assembler through C/C++ to the plethora of current languages that I use. I stay current in almost all of the computing skills I have ever learnt, because most are a lot of fun (ie excluding any form of basic, VAX, JPL, Cobol, RPG, dos batch language, ObjectiveC, etc ). All of it since 1994 has been on various networks from dialup, eftpos, telcos, student accessible, MMOGs, and very secure systems – plus the open internet.

I’ve also been volunteering to do code and systems for political and activist purposes since about 1990. The types of things that people like Cameron Slater have been wanting to access.

I know how to make systems hard to crack. I also know how to make sure that those cracking into them give me all the information I desire to track those doing it.

The barrier systems that only let through a few public services (essentially email and http). Each of those systems has significiant checking on them for things like repeated logins or spam pushing. Systems or people accessing them incorrectly will simply get locked out for long periods of time.

I have to do this because the bots on the net are relentless. Any site doing as much traffic as The Standard is a primary target for takeovers and spam. We get thousands of attempts to login or inject spam message every day on the website. The mail system has the same load for it.

I have an obvious professional interest in security, so I or my code monitor it rather than handing it off to the staff in a datacentre. It gets analysed by some damn good brought in tools like wordfence and others in a multi-layered analysis. That rejects about 99+% of all attempts because they are done with some pretty dumb bots on distributed networks.

I run a secondary layer that looks at what *all* of the ‘people’ let through actually do. This happens for the everyone who isn’t me. With me, it only allows me super-admin access from specific devices and networks, and even then it gets finicky about unexpected verification checks.

While it is quite feasible to get into The Standard, it is pretty damn hard. It is harder to keep the data. Some parts of the system are designed to drop the keychains if they detect subversion attempts.

But it is a whole lot harder to do it silently and without trace. You’d have to subvert multiple systems that are monitoring each other, each with their own access protections. You’d have to prevent cross system logging. You’d also have to know what the running processes are actually doing, and they’re not that standard. And you’d have to do this in realtime. It would be interesting to meet anyone who could do that. But I doubt that they’d work for a cretin like Cameron Slater or his funder(s).

As for not wanting to admit a hack? Why would I bother concealing it? I carry no responsibility for the site except for what I care to put into it. There are no employers, no shareholders, no insurers, nothing but some hardware and software

More importantly there is nothing to conceal apart from the privacy that we give our commenters and authors for their emails and IPs. We don’t have MPs or staffers writing on the site and never have. Our email records have none of the crap that Cameron Slater accumulated because we’re not paranoid accumulators of blackmail material like he is.

We are and always have been a cooperative rather than a collective. We don’t bother talking to each other much because we don’t need to. We didn’t even have a forum area until Micky and r0b organised to start putting up a monthly private post at the end of September. That post gets less than a hundred comments a month. It replaced a peer to peer backend messaging system that got about 15 messages a month.

Besides, anyone getting into the system will be doing it for a reason. You can bet in the case of The Standard a large part of that reason will be to attack me directly or indirectly because I try to make sure of that (see Cameron’s targeting priorities). And left people aren’t afraid of telling me or anyone else on TS when something is happening. I simply don’t abuse trust when it involves what we work on. (I may disagree vehemently – but hey that is part of my gentle personality and a whole different matter).

Anyway, The Standard has been running since August 2007. In that time there have been two breaches. The first was a hack using a vulnerability of WordPress running on windows, and there were a whole lot of wordpress sites that fell to that vunerability. The second was when a login was given to the person who did the H-fee post – ie it was social. Both happened in 2008 and never again.

Both were made public as soon as we figured them out and the appropriate action taken. No need to get too paranoid in your conspiracies.

Thanks for that, Lynn. I’ve slightly changed the wording on the footnote to stress that I’m talking about a hypothetical, rather than making it look as if I am saying a hack did occur and you either don’t know about it or are denying it. My intent was simply to point out that there are a host of possible explanations that need to be considered when appraising the available evidence, one of which is the “Deny it happened” scenario (a favourite of governments everywhere, often in the face of overwhelming evidence). As you point out, there’s little good reason for you to deny such a hack, had it occurred, and I’ll take you on your word about the security measures employed.

weston says:

holly heck iprent thats the most comprehensive refutation of a fairly small suggestion i think i have ever read !! made me laugh with delight . i know im gushing a little but you should be the pm or at the very least speaker of the house i doubt thered be any nonsense !! cheers