Treasury probably wasn’t hacked

Photoshopped image credit: Pixy

I heard Stuart Nash on the radio on Wednesday morning, screaming ‘dirty politics’ over the leak of the budget document. Here we go again. Anything Labour doesn’t like these days is ‘dirty politics’. It is becoming a hackneyed phrase. Funnily enough, we have not heard anything from Nicky Hager over the budget leak (so far anyway), and let’s face it, if anyone knows about hacking, he’s your man.

National have stared down Labour and have stringently denied that they had anything to do with hacking into Treasury’s computer systems. It seems unlikely, however, that there was any hacking at all.

A security expert has cast doubt on the New Zealand Treasury’s claim that it was hacked.

Bruce Armstrong from security firm Darkscope said claims from the head of Treasury, Gabriel Makhlouf, that 2000 attempts in 48 hours as proof shows their lack of cyber security awareness.

“There are nearly one billion website breach attempts blocked every day across the world – it is far more common than most people expect,” Armstrong said.

“The 1000 attempts per day is simply ‘white noise’ on the Treasury site.”

It is a worry though that the Head of Treasury does not know this. That in itself makes it sound as if Treasury’s security is not crash hot.

The tech team at Darkscope believes a more likely scenario was that someone used a so-called “spider crawler” to find hidden content on the Treasury website – which would obviously be distinct accessing a secure database of information.

A second security expert confirmed to the Herald that it isn’t unusual for an organisation to be hit with thousands of attempted hacks in a given day.

“Organisations are often under automated attacks, which can register thousands of attacks a day,” said Aura Information Security general manager Peter Bailey.

Bailey said cybersecurity experts monitor these attacks to determine whether there has been a spike, which would be indicative of an increased effort to get in.

He said the severity of an attack would have to be measured against the usual amount of activity for an organisation and also whether there had been a concerted effort to access something in particular.

Makhlouf went on to say that Treasury thought its website was secure until the Budget information was leaked.

Which obviously, it wasn’t.

Hacking implies that someone tried to access the Budget data without authorisation, but so far no information has been forthcoming to support that claim.

Instead, screenshots of the results from a Google search for “estimates of appropriation 2019/2020” are circulating on Twitter suggest that the data was published accidentally.

While clicking on the direct link to the Treasury website revealed no information, Google had fetched and cached copies of the Budget data, with a publication date of May 30.

Google last fetched data from the Treasury’s Budget 2019 web pages on May 26 this year, a cached copy of the site showed.
The Treasury has admitted that staff uploaded some documents to the department’s website for publication on May 30, but said the material was in a directory that was not accessible to the public.

A Newspaper.

This sounds like a comedy of errors rather than a crime. Reminds me of a criminal walking into a police station and walking out with 11 illegal firearms… or something like that.

National is adamant that they were not involved in any hacking, and apart from a few screaming lefties, everyone seems to be taking them at their word. But in a world where there are claims of election meddling and data is continually stolen to gain personal information, Treasury ought to know better. The department in charge of the country’s most sensitive data needs a security tune up. Let’s hope that was provided for in the budget document as well.