Harper hacked by hash brown - Macleans.ca
 

Harper hacked by hash brown

LulzSec has done Harper and Canada a favour by pointing out a dangerous security vulnerability


 

That title scans, but isn’t really accurate—forgive me. The more precise but less fun headline is:

Conservative Party website and Twitter account hacked, probably by LulzSec. 

On Tuesday, hackers gained access to the CPC’s website, and proved it by posting a silly news update about Stephen Harper choking on a hash brown. Who was behind this “attack”?  CBS is pointing to LulzSec, the same hacker entity that has thoroughly pwned Sony (6 times!), though LulzSec’s culpability is unconfirmed.

Tony Clement and Jack Layton, who rarely find themselves on the same page on any given issue, have found common ground on this one. Both feel very strongly that the prank was not funny.  But they’re wrong—it’s *kinda* funny.

More than anything, it’s revealing. It reveals that anyone with hacking ability could speak as the Conservatives.  It also reveals that the CPC’s online information is poorly managed—the fake news about the breakfast incident automatically generated an official Conservative party tweet, which spread the misinformation across the web. Because of this, the hoax reached anyone who follows the CPC on Twitter (probably every political reporter in the country) and not just those who happened to be on their website in the short time the joke was online. That’s pretty serious—Harper has made policy announcements via Twitter.  If the hackers had been terrorists or fraudsters instead of pranksters, the damage might have been quite real.

LulzSec (or whoever) has done Harper and Canada a favour by pointing out a dangerous security vulnerability in a pretty innocuous, harmless and lulzy way. The Conservatives are justly embarrassed, and you can bet they’re tightening up their web security right now, and hopefully making sure that a pair of human eyes sees each tweet before it hits their feed.

When hacks like this occur, we focus on the wrong thing: Was it LulzSec or Anonymous? Who are LulzSec? Do they have anything to do with Julian Assange? Is it true that Assange wears pink satin underwear? 

Who cares?

The meaningful stories here are about those who are hacked, not the hackers.  Major security weaknesses in the U.S. military, the U.N., a multinational like Sony or the ruling party of Canada are far more pressing matters than the identities of helpful geeks who expose vulnerability instead of exploiting it.


 

Harper hacked by hash brown

  1. Would your opinion remain unchanged if it was YOUR personal computer that was broken into?

    It’s a crime, man.

  2. The hack would have a rather limited target: those who believe what is posted on that web site.

    • Apparently, that audience includes a relatively large number of journalists, considering they reported the story as fact.

      • Apparently you believe that “journalists” believe everything they report.

        As a former newspaper reporter, I assure you that is not the case.

        • So, you’re saying that the reporters and news outlets that reported on this as if it was fact did NOT actually BELIEVE that the Prime Minister had been rushed to hospital?  Riiiiiight….

          If they didn’t believe the Prime Minister had been rushed to hospital, doesn’t that mean they were lying when they reported it as fact?

          • They believed that it was published on the CPC web site. That’s not the same as believing it was true.

      • You believe what you read in newspapers?

  3. Cybersecurity is a joke in most places….the intelligent thing to do is hold contests for hackers….and then hire them.  The UK just did so….and a company in the US invited hackers to hit their site and offered a prize of 25K to break their security

    It’s about time Canada took it more seriously instead of buying WWII artifacts

    • Please note that it was not a Government of Canada web site that was broken into. (I refuse to use the term “hacking” for the criminal act of breaking into a private computer)

      The Conservative Party of Canada is a private organization.

      It’s no different than, say, breaking into macleans.ca and publishing false stories.

  4. “Tony Clement and Jack Layton, who rarely find themselves on the same page on any given issue, have found common ground on this one. Both feel very strongly that the prank was not funny.”

    V Postrel:

    “Technocrats are “for the future,” but only if someone is in charge of making it turn out according to plan. They greet every new idea with a “yes, but,” followed by legislation, regulation, and litigation …. they get very nervous at the suggestion that the future might develop spontaneously. 

    It is, they assume, too important and too dangerous to be left to undirected evolution.”

      • I do wish you’d focus on the situation…perhaps a re-reading of the news item?

      • “Wednesday’s breach involves email addresses, which are not collected by Elections Canada.”

        • Would publishing email addresses be against the law?  Not long ago, a separatist organization published the list of donors to the Quebec Liberal Party, including their personal addresses, and family connections.  And that was not against the law!

          http://donsliberaux.resistancequebecoise.org/

  5. As far as security concerns go, I think a Page smuggling things into the Senate is a much larger concern than fake press-releases and Tweets. I doubt Russia would target Canada with nukes based on a Tweet from any political party.

    • LOL oh DO be serious

    • LOL

      I doubt Russia’s going to target us with nukes because some young lady held up a cardboard “Stop Harper” sign either.

    • The thing smuggled into the Senate is a piece of cardboard with politically charged wording on it.  Not a huge security risk, IMO.

  6. May I presume that y’all who are celebrating this would have no problem at all if the computers being broken into belonged to the NDP, or the Liberal Party of Canada, or any other private organization?

    • No, you may not presume such a thing.

      Many places have been hacked over the last few weeks….PBS, Sony. Amazon etc….this is the first one I know of for a political party. It won’t be the last.

      However THIS political party is in charge of the nation’s security, so they’d better get their rears in gear.

    • Who exactly is “celebrating” this?  Some people seem to think this is a minor hack and modestly amusing, some people think this is a harbinger of much worse hacks to come, because cybersecurity is generally a joke, but I’ve read the initial article and all the replies here, and I don’t see anyone “celebrating” the hack.

      As for the seriousness of the hack, it’s not the hackers who take to Twitter to openly mock organizations and individuals for being so easily hackable that we need to worry about, it’s the hackers who keep quiet and exploit their hacks without us ever knowing about it that we really need to worry about.  That said, LulzSec did go so far as to post user information openly and unsecured on the net, which to my mind obviously crosses the line at which their grey hats start looking awfully black.

  7. Hashbrown Harper. It has a nice ring to it doesn’t it? 

  8. “That’s pretty serious—Harper has made policy announcements via Twitter.
     If the hackers had been terrorists or fraudsters instead of pranksters,
    the damage might have been quite real.”

    That’s why politicians need to stop playing PR games, and restrict policy announcements to the place they belong: a Tim Hortons in Voterich, Ontario.

  9. Echos of Weinergate in the US.  In the end, someone was rather stupid and did not think things through. Weiner did not realize Twitter is a very public forum. Sony had un-ecrypted client password files. The CPC wants everybody to be it’s friend and follower. What were they thinking? What did they expect.

    Should this be a surprise? NO.  Should it result in new laws for the government to be able to crack down on pranksters? NO.