62

(UPDATED) PMO: Do you think it’s easy to secure a mailing list?


 

The following email turned up in my mailbox earlier today, but I didn’t actually get around to opening it until I was alerted to the contents by a clearly-far-more-vigilant-than-me-on-a-Sunday ITQ reader, who is also subscribed to the PMO media distribution list, and was somewhat distressed by the contents:

from Stephen Harper <pm@pm.gc.ca>
to ALLNEWS_E@lserv.pmo-cpm.gc.ca
date Sun, Sep 21, 2008 at 3:34 PM
subject Why you shouldn’t fear me

Hi The Average Canadian,

Stephen Harper wanted to tell you…

My name is Stephen Harper. I am an ALBERTAN, here me roar! My goal is to make Canada America’s 51st state and destroy health care that all Canadians cherish by infusing my propaganda with hard core ad hominem attacks. Please vote for me, because if you do, I promise you’ll be able to vote for McCain 2012!

We are a tar sands level party, not a grass roots party. We consider anything with the word “Green” offensive, except for the almighty American dollar, which we hope to be able to implement in the coming months! We shall first have to make sure that American and Canadian jelly beans have the same standards, and then we shall proceed.

I hope everyone has a great weekend,

Take care,

Stephen “I can lead you to Hell but not back” Harper

If you agree click here.

Now, the link may go to a site owned and operated by the Conservative Party — good ole Oily the Splot’s domain of willyoubetricked.ca — but the rest of the email makes it pretty clear that this email was not sent out by the Prime Minister’s Office — or even the party.

Instead, it appears to be the work of a politically-attuned prankster who – it seems – took advantage of a security hole that allowed a non-authorized client to send out a message on the media listserv.  But who? I’ve included the full headers under the jump for anyone who wants to play IP detective – feel free to leave your theories in the comments.

UPDATE: Well, this is — I don’t exactly know what this is, actually. “Odd” doesn’t seem to go nearly far enough these days. Anyway, a cursory googling turns up this intriguing tidbit, which may just be coincidence, but could also be a genuine clue: the same trick seems to have been used to send out (obviously fake) email from Stephane Dion earlier this year — email that also, curiously, directed recipients to the Oily the Splot site.

UPDATEDIER: Stephen Taylor, who is far less amused than ITQ, was also far swifter to determine that it was actually the willyoubetricked.ca website that was used to spoof the headers through its remailer service, which, sadly, has now been taken offline; memories of notaleader.coms past, anyone?  Anyway, what I find remarkable is the fact that the media listserv was – in fact, may still be – free for the spamming by anyone who knew the main address, which really doesn’t speak well of the mad sendmail skillz of whoever set it up in the first place. Someone taking advantage of that gaping security hole to send out a fake email from “Stephen Harper”? Not all that shocking. In fact, I’m surprised it hasn’t happened before.

Full headers below:

Delivered-To: kady.omalley@gmail.com
Received: by 10.67.98.12 with SMTP id a12cs203552ugm;
Sun, 21 Sep 2008 12:51:27 -0700 (PDT)
Received: by 10.65.112.18 with SMTP id p18mr5404936qbm.38.1222026686234;
Sun, 21 Sep 2008 12:51:26 -0700 (PDT)
Return-Path:
Received: from SNETMAILER.s.net ([198.103.112.201])
by mx.google.com with ESMTP id s35si4296924qbs.13.2008.09.21.12.49.16;
Sun, 21 Sep 2008 12:51:26 -0700 (PDT)
Received-SPF: neutral (google.com: 198.103.112.201 is neither permitted nor denied by best guess record for domain of owner-allnews_e@lserv.pmo-cpm.gc.ca) client-ip=198.103.112.201;
Authentication-Results: mx.google.com; spf=neutral (google.com: 198.103.112.201 is neither permitted nor denied by best guess record for domain of owner-allnews_e@lserv.pmo-cpm.gc.ca) smtp.mail=owner-allnews_e@lserv.pmo-cpm.gc.ca
Received: from LSERV ([172.27.252.59]) by SNETMAILER.s.net with InterScan Message Security Suite; Sun, 21 Sep 2008 15:48:47 -0400
Received: by LSERV.PMO-CPM.GC.CA (LISTSERV-TCP/IP release 15.5) with spool id
24569 for ALLNEWS_E@LSERV.PMO-CPM.GC.CA; Sun, 21 Sep 2008 15:34:58
-0400
Received: from [172.27.110.114] by LSERV.PMO-CPM.GC.CA (SMTPL release 1.0w)
with TCP; Sun, 21 Sep 2008 15:34:58 -0400
Received: from qmail-cgi-norm-0.netfirms.com (60-m.netfirms.com
[38.113.189.60])by mxtreme2.pco.gc.ca (mxtreme2.pco.gc.ca) with SMTP
id A8230DA71Afor ; Sun, 21 Sep 2008
15:49:18 -0400 (EDT)
Received: (qmail 94677 invoked from network); 21 Sep 2008 19:34:54 -0000
Received: from unknown (10.8.8.2) by 0 with QMQP; 21 Sep 2008 19:34:54 -0000
X-IP: 142.161.178.253
X-URI: /reachout.php?task=sendmail
X-ID: 3011848
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
X-BTI-AntiSpam: score:14,sta:40/028,dcc:passed,dnsbl:passed,sw:passed,bsn:22
/passed,spf:none,dk:passed,pbmf:none,ipr:0/1,trusted:no,ts:no,bs:no,ubl:passed
Received-SPF: none
X-imss-version: 2.051
X-imss-result: Passed
X-imss-approveListMatch: pm@pm.gc.ca
Message-ID: <20080921193454.77052.qmail@cgi2>
Date: Sun, 21 Sep 2008 19:34:54 -0000
From: Stephen Harper
Subject: Why you shouldn’t fear me
To: ALLNEWS_E@LSERV.PMO-CPM.GC.CA
Precedence: list
List-Help:
List-Unsubscribe:
List-Subscribe:
List-Owner:


 

(UPDATED) PMO: Do you think it’s easy to secure a mailing list?

  1. Attack of the disgruntled civil service? Maybe.
    Partisan left-wing hacks in the state? Perhaps.

    What ever happened to that anarchist-NDP band member who was arrested after allegedly leaking the Tories’ green plan two years ago?

    If Harper gets a majority I’d recommend a peaceful, albeit sweeping, purge in Ottawa.

  2. Neil,

    Why would an opponent (left wing hack) of the Prime Minister lure the reader of the ironic email to a Conservative attack website that ridicules the leader of the opposition? That does not make any sense.

  3. Maybe somebody put truth serum in Harper’s coffee.

  4. As I said, it’s a possibility that a left-wing hack sent it.

    Maybe the link to the website was just to mock the partisanship of the Tories.

    That being said, it very well could’ve been sent by the PMO.

    Like I asked before, what ever happened to the guy who allegedly leaked the Tories’ green plan a while back?

    I’d make changes to the bureaucracy regardless, just cause I’m a Western neo-con (whatever that means nowadays) and I want to do everything to Canada that Harper apparently wants, according to this email.

  5. Neil from Calgary:

    What exactly does it mean to be a western neo-con these days? Are you ready to start your own party in response to Harper’s decidedly centrist ways? I mean, that’s what Stephen did back when he was a neo-con.

    Do western neo-cons feel taken for granted?

    Just curious!

  6. See, now this is funny and clever.

    GiornoWatch aside: long lost GiornoSerf David Gentili, according to CTV QP, is running against Bob Rae.

  7. Hi Kady,

    the text of this message is so ironic and so left-wing-criticism that it doesn`t seem to be a real message from Harper. It looks like those e-mails I get from Africa, asking for my help to withdraw millions of dollars from an old savings account.
    But if there`s a breach in the web site security, it must be investigated, for sure.

    Have a great week!

    Bruno

  8. Anon – I KNOW! I saw that! The thing is, I wasn’t able to find anything out about him when he first surfaced at Langevin, so I’m hoping there is more of a googleprint now. But who will look after the Protocols of the Elders of Zigiorno now?

  9. Oh, and for the record, my guess is that it isn’t a diehard leftie or rightie, but a general purpose mischief-maker who spotted a hole, and slipped through it.

  10. Kady,

    If the exact trick was used to bring readers to Oily’s website earlier this year – doesn’t that kind of point to perhaps an eager “needing adult supervision” partisan Tory with lots of time on his hands and the access to the PMOs email list? If it is not the same person who orchestrated the last phoney letter link to Oily then it must be a billion to one coincidence. Just wondering.

  11. Oily did it! He’s looking for more hits!

  12. Bridget – That’s a fair point — I’m not sure how many people, other than the original Oilyspammer, knew about the willyoubetrickedbyspoofedheaders remailer feature, but presumably, someone could have remembered it. What I find most surprising, as I wrote in an update above, is that the media list was so unsecured. We could have all been spammed within an inch of our lives.

  13. Wow, that “Do you think it’s easy” line seems to have struck a chord with some Dion admirers. Interesting.

  14. I think this interesting in that Palin’s email account was also hacked into recently. I wonder if the pols are going to start taking lots more notice of their online operations because the potential for muckraking is enormous.

  15. Maybe Ryan Sparrow is sulking in a corner somewhere after being suspended from the campaign, and decided to get his revenge?? :-S

  16. What’s even more interesting another IP address: 38.113.189.60, which is presumably the Oily account that was spoofed to send this mail. According to ARIN, 38.113.189.60 belongs to:

    OrgName: Performance Systems International Inc.
    OrgID: PSI
    Address: 1015 31st St NW
    City: Washington
    StateProv: DC
    PostalCode: 20007
    Country: US

    Not only have they outsourced their rhetoric to Americans, it appears that they’re now outsourcing their IT needs.

  17. Chris R:

    I’ll let you in on a little secret. Most westerners are too busy getting rich to care about an election right now, particularly here in Alberta. I’ve seen a few campaign signs around the city, a few Jim Prentice ones, a couple Jason Kenney ones, one Liberal, a Green, though no Dippers. People here know that by creating a new party, we’d splinter the right once again, and remember, Harper’s political base is to the right of his policies. Abandoning Harper would mean abandoning a functional and powerful organization that essentially controls everything to the centre and right of Canadian politics. As long as Harper doesn’t go left of centre, we’re fine.

    I think many people in Ontario think of Harper as a Mike Harris PCer, when in fact Harper is more a student of Ralph Klein’s. I think Paul Wells wrote an article saying something like that. But it’s true. Harper is an incrementalist. Moderate centrism has become the “new” conservatism.

    We have our man in Ottawa, an Albertan born in Toronto. A perfect contrast. Someone who has managed to weaken Western alienation and the Quebec separatist movement. Harper has increased the power of our provinces while strengthening our military. Look at the expected increase in transfer payments to the provinces between 2006 and 2012. All signs point to stronger provincial spending and taxing power. He’s cut taxes, debt, and much of his spending has gone into defense, infrastructure (5 year, $33-billion), tax cuts (esp. the GST) for individuals and businesses, and transfer payments. I personally hoped he’d cut spending, but the Expenditure Review should do that in later years.

    Fiscal conservatism can be brought about slowly, and still achieve the same result as rapid reform, but foreign policy and defense spending are two areas where Harper has impressed many of his core supporters on the right. His constructive and cordial relationship with the U.S. is something that should be revered, not reversed, and his relationship with the other Americas is expected to bear fruit through various trade deals in the future.

    We might even get a free trade deal with the EU, thanks to this government. THAT would certainly bolster Canada’s reputation and standing on the world stage as a place to do business.

    Do I feel used? Maybe a little. I don’t like Jim Flaherty and although I recovered the money I lost on income trusts I consider myself lucky. But hey, it sure beats Dion, Rae, Dosanjh, and the rest of the centralizing Liberals.

  18. I thought this prank was pretty funny, actually.

    No harm, no foul.

  19. I have no clever sleuthing ideas, except that the header line “X-URI: /reachout.php?task=sendmail” seems to indicate to me that the willyoubetricked.ca server had an open script that, with the right data passed to it, would let anyone send mail as pm@pm.gc.ca. Which, uh, floors me by its sheer ineptitude.

    Not that people writing wildly insecure scripts in PHP is rare, but that the PMO — which you might remember is supposed to help run the country, when it isn’t trying to get more Tory votes, though I don’t know when that’s ever true — would have such dumb IT staff, whether internally or contracted, is just sad to me. This at least suggests it was completely non-governmental, as it should be – the web guys at the ministries have always struck me as fairly professional and competent, and don’t use PHP.

    Incidentally:
    mad sendmail skillz
    I’m trying to figure out whether this is just a clever guess and turn of phrase from the headers. The alternative is that you’re about six hundred times more geeky than I realized, and … well, it boggles the mind.

    Confidential to Dennis: Do you think it’s easy to not use this line over and over? It’s funny.

  20. It’s happened again – I just got this emailed to me:

    pm@pm.gc.ca
    to ALLNEWS_E@lserv.pmo-cpm.gc.ca
    date Sun, Sep 21, 2008 at 4:34 PM
    subject http://www.kosovocompromise.com

    hide details 4:34 PM (1 hour ago)

    Reply

    Serbia’s Southern province of Kosovo declared independence in February 2008. Harper’s government recognized it’s independence. Does this lead to slowly accepting sovereignty for Quebec? Here’s why Canada must follow International Law, the UN Chart, UNSC Resolution 1244 and the Final Helsinki Act of 1975.

    concerned citizen

  21. I was just thinking that maybe Harper has an alter ego – who just escaped…
    But the thought – someone above suggested – that Harper is in fact an alter ego of Ralph Klien – just gave me the shivers!

  22. We’ll put this in the “If the improper activity is directed at conservatives the conservatives must have deserved it” file.

    A very large media file.

  23. A Q from someone without the requisite sendmail skillz: Looking at the email blah-blahs, I cannot tell whether the CPC email list got swiped, or whether the PMO’s did. Neither is particularly great, but the latter strikes me as far more serious. Anyone?

  24. I also received the same email, in addition to one on Kosovo’s independence, both from PMO’s office.

    Serbia’s Southern province of Kosovo declared independence in February 2008. Harper’s government recognized it’s independence. Does this lead to slowly accepting sovereignty for Quebec? Here’s why Canada must follow International Law, the UN Chart, UNSC Resolution 1244 and the Final Helsinki Act of 1975.

    concerned citizen

  25. Kady:

    “But who will look after the Protocols of the Elders of Zigiorno now?”

    Issue No. 200 of the Protocols was published on September 20, 1903 (Gregorian Calendar)in Znamya (the Banner). Bell’s new ads emphasize the ‘er’ in Banner.

    Coincidence? Cue theme music to the Twilight Zone with Carl Sagan.

  26. Mike G: Sadly, I *am* that geeky. I have no excuse, and will now retire for the evening, head bowed in shame.

    MYL: Actually, neither was swiped, but from what I can see, the PMO email list was set up so that anyone could send to the general address – even without being subscribed to the list. Usually, one-way lists like that only accept messages from a specific address, and everything else is either automatically discarded, or held for moderation.

    It’s not clear whether this list required a (spoofed, in this case) pmo-cpm.gc.ca from: line to accept an email for distribution, but in this case, thanks to the de facto anon remailer provided by willyoubetricked.ca, whoever sent it out was able to do so from an apparently whitelisted domain. There’s something rather poetically just about that, considering that someone was using the same remailer to send fake email from “Stephane Dion” earlier this year.

  27. Thank you for the geek consult, KO. So that means a “gc.ca” email address was “corrupted” in the sense that email that came from some hacking jackass had the “look” of a government message. That is NOT trivial.

  28. Well, actually, what happened was that whoever filled in the sendmail form at willyoubetricked.ca just put “pm@pm.gc.ca” as his or her address, and as the recipient, the general distribution list for the PMO media list. A properly set up listserv would have rejected the email as coming from a non-regular address — since as far as I know, it doesn’t actually exist except as a receptacle for general delivery at PMO. It actually *is* fairly trivial, if only because it is so very avoidable with even the most cursory security checks in place.

  29. Kady, sorry, I did not express myself well. I meant to imply that such a trivial (as in “easy”) hijacking of a legitimate media email list “from gc.ca” with a message that was not from the government body in question is not trivial (as in “bloody serious”): to government credibility, foreign policy interests, maybe even national security.

    If the PMO can allow jackass messages to sneak in and get distributed under its banner, how many other federal government email mailing lists could be hijacked in a similar manner?

    How do I get the CRA’s email list to announce that the December income tax instalment will be waived, for example? Maybe tomorrow the DND will bogusly announce with great regret the loss of a dozen soldiers in an Afghan ambush? Then Health Canada will tell all Canadians via its alert-to-media-on-the-mailing-list to stop drinking milk immediately because we’ve got even more melamine than the Chinese do?

    Sorry, I see this as serious. Auditor General, the RCMP, CSIS, the works. Am I missing something?

  30. I just read Stephen Taylor’s blog post. He is unamused, as am I.

    The government needs to act at two levels, IMO. Federal “gc.ca” email / web security needs a major tightening up to prevent this jackassery in the first place, and the justice system needs to go to work on the jackass in question. And the Tories deserve a slap if a “public” submission from a partisan website of theirs was “permitted” to control a PMO gc.ca email server.

  31. Moderate centrism has become the “new” conservatism,

    So the new conservatism is… Liberalism?

  32. MYL – I would assume that most mailing lists are, in fact, secure from outside messages; really, that’s pretty basic, as far as list admin protocol. I’m on dozens of lists – as I’m sure most of us are – and have run my own as well; it’s the standard setup. Nobody runs open mailing lists for this very reason. The fact that the media list was left gaping like this is, quite simply, absurd. Whoever originally set up the list screwed up, and what’s amazing is that it has taken this long for anyone to notice.

    As for web-based mailers, the only way to secure them from this kind of abuse would be to require some sort of user authentication before allowing someone to send something out, which I suspect the admins at notaleader.com and – until tonight – willyoubetricked.ca – thought would discourage users from using it to alert their friends to the latest outrage perpetrated by Stephane Dion. (I’ve never really seen the point of them myself, and have never administered one, so I’m not sure if there’s an easy workaround to avoid these sorts of blowouts.)

  33. Kady, I have failed to get you sufficiently worked up about this. The geeky stuff is interesting and all, but THE MESSAGE DELIVERY SYSTEM OF THE LEADER OF A G8 NATION, NATO PARTNER CURRENTLY AT WAR, WAS HIJACKED (at least) TWICE BY AN IMPOSTER.

    Am I the only one here, resident or visitor at macleans.ca, to think this is a big deal?

  34. Considering all the “effort” that the Harper gov’t has made in trying to re-brand every single website in Tory blue (hmmm…I wonder how much that vanity is costing us…), it would not surprise me if security holes were left. Afterall, one only has to glance at the CPC website to see “quality” at work.

    Wasn’t it only a few months ago that personal information could be obtained from a recently revamped government website?

    Austin

  35. There, caps lock. That oughta do it.

  36. MYL – I’m sorry, I know I’m disappointingly sanguine about all this; it’s just that this particular hole is so very easy to fix that I can’t imagine it hasn’t been done already. It’s literally one parameter in the standard setup for a mailing list. It would take five minutes to change it, and then we can all sleep soundly.

  37. (thoroughly deflated sigh)

    Do I need to bold, italicize AND all-caps it? The easy to fix part is nice. **But it was broken!** The Office of the Prime Minister of Canada! What do I gotta do to get the nerd out of you and get the national interest spark back in?

    And if the PMO’s email server had such an easy-to-fix breach, do you seriously believe no other federal department is at risk of the same sort of mischief? Or how damaging such mischief could be?

    If you tease me with a reply again, Lucy, please don’t pull the football away with a mere comment on the simplicity of the patch.

  38. Sorry…it was passports in December 2007.

    Austin

  39. Speaking of passports…get a load of the Globe’s/Canadian Press’ latest attempt to scrape a Tory scandal from the bottom of the scandal barrel by “outing” Peter Mackay…for the capital crime of treating 1000 government employees to lunch who were working over the weekend to get through the passport backlog.

    After about 100 comments all condemning the Globe for trying to create a scandal out of nothing, the Globe refreshed the story and wiped the comments. Got 100 new ones slamming them for wiping the first comments thread.
    http://www.theglobeandmail.com/servlet/story/RTGAM.20080921.wpassport0921/BNStory/National/home

    But then again what do I know, I’m the paranoid guy who thinks the media is out to get the Conservatives…

  40. MYL – might I suggest you should direct your ire toward the appropriate, responsible persons and authorities?

    If there is incompetence here it has nothing to do with Kady. I’m certain she has more pressing things to do.

    [And when I say “pressing” anyone who even had the thought of shirts for Monday morning pass through their mind must surely be paid up Harper supporters and contributors?]

  41. Sigh.

    Even when kody’s left-biased media could seize an opportunity to slam the Tories for a security breach in the PMO’s email server on gc.ca, no one bites? What gives?

    I suppose I am the only one who sees this as a big national deal. I will have to sleep on why that is.

  42. Hi! I just got back from Stephen Taylor’s blog, and boy, are my sides splitting! Lotsa talk about ‘they’ being desperate enough to do anything, which, besides this bit o’ e-mail mischief, includes (please everyone, make sure you’re seated) KNOCKING DOWN CONSERVATIVE CAMPAIGN SIGNS!
    And yet, not even one post with a suggestion along the lines of “Lighten up, it’s only a joke.” I nominate Kody. Seconder?

  43. Wow 44 comments on a spam message. You modern media bloggers do know that mail headers aren’t evidence of anything, right?

  44. MYL, I hear you. Thankfully it was an obvious spoof, eh? But what if the prankster had been more malicious and sent out a regular-looking Press Release saying something like “PM Denounces Wall Street Bailout Strategy, Announces ‘The End of Capitalism'”? Or god knows what.

    Thank you, Prankster, for helping to preserve credit, world peace, etc.

    Meanwhile, would somebody please select whichever PMO staffer was responsible for setting up the listserv and frog-march them twice around Langevin?

  45. Jack, thanks, man, I was worried I was losing it, being the only one to care about somebody stealing the message delivery apparatus of the PMO. Although that’s two threads where we have agreed more than disagreed. Are we both ok?

    Steve, it’s not that the headers mean nothing. All the bank phishing emails are obvious proof of that. This case has some jackass manipulating the listserv of the PMO to send out a message, ostensibly “from” the PMO, to the addresses on the listserv! It’s not a random plea from a Nigerian to any possible address. It’s crap wrapped in a virtual PMO envelope sent only to a PMO mailing list.

  46. On the bright side, it was a PMO mailing list to the media, not, say, CSIS.

    On the scary side, what if it was a mailing suggesting that the PMO was supporting the UN Human Rights Council in calling Israels shelling of Beit Hazoun a war crime, and would be withdrawing our dimplomats and closing our embassies there until reparations had been made.

  47. All Harper’s horses and all Harper’s men
    couldn’t find the leaker of Brody-gate.
    How much is the taxpayer on the hook
    For a fruitless search, again?

    Maybe someone got ahold of the database Harper uses to target people, or accessed the database of an MP using the constituent data-gathering protocol in use to figure out who to target.

    Harper calls the spooks in. What are the chances that the spooks will be able to spill the beans on any other data-capture or cyber-sleuthing tactics the Harper government uses? Just find the perp who stole Stephen Harper’s personality again, but get the court date set for tomorrow!

    Lame.

  48. Steve Wart: “You modern media bloggers do know that mail headers aren’t evidence of anything, right?”

    Well, if you’re talking prosecution, the server logs are the evidence.

    Anyway, I’d hardly want to call in the CSE geeks on this matter. It’s in-the-clear email. By it’s very nature, it’s insecure. If it was secure, we wouldn’t have phishing scams.

    A lot of this problem arises from the new regime outsourcing IT to their partisan buddies. Follow the money as always.

    Anyway, there are other networks that the government uses for secure communications, but if I told you about them, I’d have to kill you. :)

  49. To the folks who are getting their shorts in a knot over the security implications of this prank, relax. Anyone who actually trusts directions that can affect health, security, or finances given in email that isn’t digitally signed clearly doesn’t understand how easy it is to spoof email addresses.

    The mailing list in question probably isn’t an open list and it’s probably configured so that only a limited number of people can post to it. However, anyone who understands how most list servers work would know that once you figure out the email address from which one can post, one can just spoof that email address and the list server will blithely accept it and distribute the spoofed message to all the subscribers. I’ll bet that’s what happened here.

    In one of the more popular list servers, Mailman, it’s dead easy to thwart that by expecting that the poster has to provide some secret key in the subject line in order for the message to get through. Mailman will strip out that secret key before forwarding the message out to the subscribers so it will remain a secret. Someone who manages to spoof the email address is presumably not going to know the key, and would not have any way of even knowing of the requirement for such a key, so even if they posted, the message would be either silently discarded, or it would be held for moderator approval.

  50. re:

    2nd hacked email about “Serbia-Kosovo = Canada-Quebec”, i.e. insult to Canadians’ intelligence…

    Now compare with this from FACEBOOK as of around March 28, 2008:

    Group Info Name: Serbian-Canadian Voting Alliance

    Type: Organizations – Political Organizations

    Description:

    In light of the Government of Canada’s decision to recognise the illegal and unilateral declaration of independence of Kosovo, and the Government of Canada’s refusal to consider views of 200,000 Serbian-Canadians, in addition to the large Russian, Greek, Ukrainian communities and others, this group has been created for the following purposes:

    I) To help depose the current Conservative Government of Stephen Harper which has recognized Kosovo’s illegal declaration of independence

    II) Further weaken the Liberal Opposition Party of Stephane Dion who is also for recognition

    This will be done in the following ways:

    I) By recruiting as many voters as possible to vote for the Green Party in the next federal election, who do not presently have any seats in the House of Commons. This will give a strong message to the Canadian government that they cannot easily ignore us.

    II) By recruiting new candidates who will run for the Green Party or be independent and who do NOT support the Government of Canada’s decision which recognises Kosovo

    Contact Info

    City/Town: Ottawa, ON

  51. 1) Saturday Sept 6, 30 hrs before Elections officially called,

    Globe and Mail story
    “Fearing Harper could win a majority, rivals sound early alarm”,
    by CAMPBELL CLARK AND DANIEL LEBLANC,

    Lots of Comments, new posters supporting elections being called, H., CPC, …

    Then Liberano threats started, such as:

    Vern McPherson [long time, well-known Lib commenter there]:

    harper isn’t much more than … …
    And know wht ??
    The bully/control freak is going to get his……….. like all bullys do …… ‘

    06/09/08 at 5:32 AM

    Then, e.g., this one appeared:

    Mrs Patrick Campbell from United States:

    Harper is a shitstain. I hope he gets cancer and dies.

    06/09/08 at 9:44 AM

    Then suddenly – all 364 comments gone, blog closed. Here is file with comments up to 9:52 AM (including above):
    http://www.keepandshare.com/doc/view.php?id=788410&da=y

    2)

    Best to bomb the other party’s weakest link

    Sep 07, 2008, Angelo Persichilli, Toronto Star

    http://www.thestar.com/comment/article/491830

    … If you are weaker than the opponent and are forced to go to war, you resort to the weapons you have.

    You don’t attack the bridge with Stealth bombers you don’t own;

    you resort to suicide bombers against the strongest link in the enemy’s ‘chain’ hoping for the best. ….

    Conservatives don’t have ‘Roman guards,’ as the Liberals called those around former prime minister Jean Chrétien, to protect Harper.

    If Conservatives don’t devise a mechanism to protect him
    from the Liberal suicide bombers, the next election will be the most unpredictable we have had in the last few decades …
    . . .
    =========

    [note the absence of ‘figuratively speaking’ single quotation marks …]

  52. Now that’s a mission statement I can get behind!After weeks on the fence, I’m totally voting Conservative.

    Palin/Harper 2016!

  53. CI – I sort of almost wish someone had tested that theory and sent something to the list from a non-pm.gc.ca address. (For a moment, I actually considered doing it myself via a secure anon remailer, purely as an investigative journalist-y experiment, but then realized that I can serve my craft far better outside the deepest, darkest reaches of the Langevin dungeons.) I’m assuming that by now, the list has been locked down.

  54. Hi Katey
    not sure if this will help. did a whois lookup on that IP address. It’s an older IPv4 assigned internet protocol. You’ll see that the IP block is reserved for ‘special purposes’ but that doesn’t mean this email came from IANA – they only administer the addresses. (this link http://iana.org/assignments/ipv4-address-space/
    takes you to the names of organizations with special assignments) You can contact IANA to find out perhaps, their phone number is below.

    Here’s what ARIN had to say:

    OrgName: Internet Assigned Numbers Authority
    OrgID: IANA
    Address: 4676 Admiralty Way, Suite 330
    City: Marina del Rey
    StateProv: CA
    PostalCode: 90292-6695
    Country: US

    NetRange: 10.0.0.0 – 10.255.255.255
    CIDR: 10.0.0.0/8
    NetName: RESERVED-10
    NetHandle: NET-10-0-0-0-1
    Parent:
    NetType: IANA Special Use
    NameServer: BLACKHOLE-1.IANA.ORG
    NameServer: BLACKHOLE-2.IANA.ORG
    Comment: This block is reserved for special purposes.
    Comment: Please see RFC 1918 for additional information:
    Comment: http://www.arin.net/reference/rfc/rfc1918.txt
    RegDate:
    Updated: 2007-11-27

    OrgAbuseHandle: IANA-IP-ARIN
    OrgAbuseName: Internet Corporation for Assigned Names and Number
    OrgAbusePhone: +1-310-301-5820
    OrgAbuseEmail: abuse@iana.org

    OrgTechHandle: IANA-IP-ARIN
    OrgTechName: Internet Corporation for Assigned Names and Number
    OrgTechPhone: +1-310-301-5820
    OrgTechEmail: abuse@iana.org

    # ARIN WHOIS database, last updated 2008-09-21 19:10
    # Enter ? for additional hints on searching ARIN’s WHOIS database.

  55. Katey,
    sorry, I entered in the wrong IP I put in the received IP not the sent. but ARIN can be contacted noc@arin.net

    It came from the privy council (obviously)whatever Privy Council 3 means

    GTIS NETBLK-CDAGOVN-C (NET-198-103-0-0-1)
    198.103.0.0 – 198.103.255.255
    Privy Council Office PRIVY-COUNCIL-3 (NET-198-103-112-0-1)
    198.103.112.0 – 198.103.112.255

    # ARIN WHOIS database, last updated 2008-09-21 19:10
    # Enter ? for additional hints on searching ARIN’s WHOIS database.

  56. Heh, I didn’t even notice my post was linked to in the update until this morning when I had hits coming from MacLeans!
    I was out having fun last night and didn’t have time to do techy research into this. But there are capabable bloggers on the trail, along with the ‘spies that shall not be named’ apparently too. Too cool.

  57. According to Jared at MTS they have identified the suspect but will not reveal his identity until forced to by a court order. Shouldn’t take too long I imagine. Some poor lefty slob is about to have his day completely ruined when the RCMP come knocking at his door and confiscate his computer. This guy is in deep do-do.

  58. Kady – Point of clarification: you just need to create a personality/profile/identity, depending on what your email client calls it, purporting to be “Stephen Harper ” in order to be able to play all sorts of pranks on those who would expect or welcome a message from the PM. If a reporter received an email from the PM inviting them to 24 Sussex for an exclusive interview, or some other equally plausible thing, how would they know that it’s legit and not the result of some prank?

    We’ve all seen spam where the “From” address is an address we recognize, sometimes even our own. Clearly, it doesn’t take make to spoof an email address.

    This “attack” was not a work of great genius and it did not require any technical skills beyond the abilities of a capable 14 year-old. If someone is apprehended, it will be interesting to see what, if any, charges are laid.

    Personally, I cannot see political opponents from any of the parties doing something like this. There is no “win” in this for political opponents and anyone with even half a brain could tell the message was a spoof. It’s more likely just a prank rather than an action intended to gain political advantage, though it could be a misguided supporter of one of the political opponents of the Conservatives.

    Either the author of the message was deliberately trying to come across as an adolescent or it is really an adolescent with the poor writing skills that is all-too-common amongst the youth of today, viz, “here me roar”. I found the escaping of the double quotes with backslashes to be interesting. I wonder if that is what was really sent in the original message or if the backslashes were added along the way. If they were in the original, it suggests someone with just enough tech skills to be dangerous. Normally, one would never have to worry about escaping punctuation in email messages.

    If there is a lesson in all this, it should be that we all need to start using strong cryptography to digitally sign messages. That is the only way to establish the true identity of the sender. If we became accustomed to receiving only digitally signed messages, anything that wasn’t would be suspect by default.

  59. ci brings clarity.

    Pity. All his contributors’ money Harper has spent on attacking opponents, and pennies spent on his own flanks, and on protecting the people Harper maintains an email list of.

    Sad sort of economics Harper’s got. Seems like he thinks burning people is almost as good as getting their cold hard cash. Not enough cash to use a secure list to protect the donor/supporter/or mere correspondent ‘s identity.

    Do you think it is easy to make priorities?

    Apparently not for Harper, since his email list is now likely all over the WWW. And it’s no fault but his own.

    If Harper can’t handled 20th century technology, how bad is he gonna blow up in the 21st?

    You’ve got mail!

  60. Mark Allan Whittle, what are you talking about? That BS might go over well with the Hamilton Spectator or CH News but some outside of Hamilton have a small bit of intelligence

    It takes one person amongst thousands who thinks their clever enough to ping an IP address and get a spoofing program to change the packet info on the TCP/IP protocol from that Privy Council email server. According to IT security specialists its a loophole in the older version 4

    According to the G&M, the PM asked the ‘spooks’ to see if there ‘might’ be a way to access their server but the G&M used language that indicated an’investigation’ – not that there was one. That’s probably their own hype.

    There’s a difference between email spoofing on the outside of an organization’s network which isn’t illegal (unless they are asking for money or your credit card info) and access to internal servers from the outside with malicious intent, which is. That’s something the Privy Council’s IT specialists would be investigating themselves

    There is no way in hell I’ll believe the IT security people within the Privy
    Council office would leave themselves that vulnerable and not put in spoof filters.

  61. Why is it that people have a tendency to go to unlikely scenarios first before considering more likely ones? This is *very* unlikely to be a sophisticated hack. This is much more likely the work of a prankster who found out the address of an account that could post to the list server in question, which if it is configured like most list servers, is not hard to do. The people who are fulminating about “nation at war”, etc. need to keep in mind the value of the information disseminated on that list. With no disrespect to journalists, the information that would be posted to that list I presume would amount to PR and not of great value. That is hardly the stuff of state secrets. What was compromised here? Not much. Sure, it embarrassed some people but there was no real harm done. Prior to this incident, expending any great effort in securing this list would have been akin to putting high-security locks on an outhouse. Even now, I wouldn’t take the same measures to protect the integrity of this list as say, securing the communications of the Minister of Finance. A cardinal rule of security is that you take measures commensurate with the value of the assets being protected. This is why most of us live in homes “protected” by locks and not in fortified bunkers.

    If this happens again, those of you who are carrying on over the national security implications of this incident will have some justification for your feigned or real outrage.

Sign in to comment.