Share on Google Plus Share on Twitter Share on Facebook Share on LinkedIn Share on PInterest Share on Fark! Share on Reddit Share on StumbleUpon Tell A Friend 2 (2 Shares)  
Printer Friendly Page Save As Favorite View Favorites View Article Stats   No comments

OpEdNews Op Eds

Norm Coleman and Identity Theft Gate: Is Your Online Donation to Norm Coleman Safe?

By (about the author)     Permalink       (Page 1 of 2 pages)
Related Topic(s): ; ; ; ; ; ; ; ; ; ; (more...) ; ; ; ; ; , Add Tags  (less...) Add to My Group(s)

View Ratings | Rate It

opednews.com Headlined to H3 3/13/09

Become a Fan
  (4 fans)

After reading all the ignorant comments recently attacking Adria Richards, an IT consultant that was one of the first to blog about the egregious security failures of the Norm Coleman website, I couldn't take it anymore. Shooting the messenger seems to be the modus operandi of many Republicans.

The story has its first origins back in late January when the Coleman campaign claimed very publicly to the media that their website crashed because so many people were coming to their site in support of their election contest and wanting to see if their votes were not being counted. This claim by the Coleman campaign was later proven false by a number of IT professionals and the real reason the site went down was that it was either done on purpose by Coleman's own IT people or accidentally because of an internal misconfiguration.

As an IT professional herself Adria Richards was curious about this story and followed up on it to see if indeed the Coleman campaign had purposely crashed their own website. She stumbled upon something else. She found that Coleman's campaign website was fraught with security problems and blogged about it in late January. Because Adria never actually downloaded any of exposed files she never realized just how sensitive the information found within these files were. A number of other people tried to raise the issue back in January as well. There was no real response from the Coleman campaign about these issues that were brought before them in a very public manner. They of course knew at the time just how sensitive the information was in the exposed files.

Now fast forward six weeks later to Wednesday March 11th. The website Wikileaks.org, which was developed as a whistle-blowing site for untraceable mass document leaking and analysis, posts a page again exposing the egregious security flaws and displays example personal information that was found within an exposed Norm Coleman donor database. As the Wikileaks blog states, "Coleman supporters only know about the issue because of our work. Had it been up to Senator Coleman, they would never have known." There are numerous laws both federal and state that dictate the proper handling of personal credit card information and any security breaches that reveal personally sensitive information. According to Minnesota Law H.F. 1758 what the Coleman campaign did is illegal because they were required to destroy the digital existence of their donor's credit card numbers within 48 hrs of first capture and not permanently store them in a digital form.

In response to what Wikileaks posted, Norm Coleman's campaign spokesman Cullen Sheenan released an email statement to its donors suggesting that the posting by Wikileaks.org was politically motivated and further suggested that people within or associated with Wikileaks.org illegally hacked the Norm Coleman website to obtain the information within the database.

Cullen Sheehan even hinted that the leak might be a work of political sabotage saying, "We don't know if last evening's e-mail is a political dirty trick or what the objective is of the person who sent the e-mail."



But Adria Richards had already revealed weeks prior that the database was just sitting there in an unprotected and rather public way. You just had to stumble into the right part of the internet to find it.

"It's not hacking," she said to the Minnesota Independent yesterday. "I didn't use any hacking tools. A browser was my tool."

"That's not hacking," Richards said. "If you can download Firefox from Firefox.com — if you download a picture from your grandma, you’re downloading a file. Is that hacking? Five-year-olds can download files."

A poster on Adria's website astutely made the following analogy. If a Bank decides to put all your money under a tarp in a public park instead of the bank vault and a passer-by finds the money under the tarp and alerts the media, do you blame the passer-by or do you blame the Bank for their complete incompetence and negligence? As a potential depositor in a bank I would thank the passer-by for letting me know, by way of the media, that this bank can't be trusted to keep my money safe.

Just because the passer-by stumbled upon this cash hidden under the tarp (and by the way doesn't take any) does not justify detractors in trying to claim that the passer-by was trying to steal the Bank's money.

With enough people stumbling around a park someone would eventually find the money.

Cullen continued the "shoot the messenger" mantra and suggested that federal authorities had been brought in to see if there was a security breach. Further they had previously claimed that the Secret Service had determined that no sensitive information had been leaked from the Norm Coleman website. As we know now either that statement is false or the Secret Service is incompetent when it comes to investigating potential cyber-crime.

The real security breach was in allowing Norm Coleman to represent the citizens of Minnesota for the past six years.

As a fellow IT consultant, I deal with security issues almost daily. I see hackers scanning websites, by way of server logs, EVERY day looking for potential openings and exploits. These hackers are using untraceable zombie computer networks from all over the world. Chinese hackers, Romanian hackers and yes many pre-teen hackers from the United Sates. Leaving gigantic security holes in your website exposed for weeks and not taking the appropriate action is inexcusable and an even more egregious offense is to not bother to inform all the donors that their information and credit card numbers were compromised.

All of the security breaches found in Norm Coleman’s website could be easily found automatically with internet scanners very similar to what Google uses to index the entire internet. I can almost guarantee you that there are Chinese and Eastern European hackers that have had this information well before Adria Richards stumbled upon it. And if you think these professional hackers are going to call up Norm’s office and let him know I have some oceanfront property in Iowa to sell you.

Next Page  1  |  2

 

Eric Nelson is freelance writer, an editor at OpEdNews, and a spiritual progressive from Minnesota who has become more politically active. The reasons for this should be obvious to most; rising poverty, a broken health care system, and a growing (more...)
 

Share on Google Plus Submit to Twitter Add this Page to Facebook! Share on LinkedIn Pin It! Add this Page to Fark! Submit to Reddit Submit to Stumble Upon

The views expressed in this article are the sole responsibility of the author and do not necessarily reflect those of this website or its editors.

Follow Me on Twitter

Contact Author Contact Editor View Authors' Articles

Most Popular Articles by this Author:     (View All Most Popular Articles by this Author)

How Wisconsin GOP and Kathy Nickolaus Could Have Stolen the Supreme Court Election if They had Wanted to

Probable Case of Swine Flu in Minnesota Occurs in District Represented by Michele Bachmann

Evidence of Republican Election Fraud in the Al Franken, Norm Coleman Senate Race?

Whats Wrong with Waukesha Wisconsin? More Anomalies in Prosser and Kloppenburg Race

Alan Greenspan calls the McCain Economic Plan a Disaster for the Country

Attack on McCain Staffer Ashley Todd Called into Question by Pittsburgh Police

Comments

The time limit for entering new comments on this article has expired.

This limit can be removed. Our paid membership program is designed to give you many benefits, such as removing this time limit. To learn more, please click here.

Comments: Expand   Shrink   Hide  
No comments