Is it blackmail?

There are many out there calling Keith Ng and Ira Bailey whistle-blowers.

I don’t think that is a fair call to label them as such.

Still others are calling it blackmail, but is it?

Well let’s look at this quite simply.

Ira Bailey, who has a less than honest background, is an employed system administrator and just happens to have some spare time to spend down at the local WINZ office. I don;t know about you guys but I know precious few employed people who willingly spend even a nano-second contemplating spending time in a WINZ office let alone as Keith Ng portrays it, having “half an hour to kill at a WINZ office”.

He then stumbles across some sensitive data and instead of saying something he downloads some copies then buggers off. He calls up WINZ and asks if he can get paid of he tells them where a systems breach is.

When they don’t reply in his timeframe he trots off to his lefty mate, former Helen Clark staffer Keith Ng, who conveniently puts him in touch with a hacker.

Meanwhile WINZ gets back and says that they don’t pay for information. Ira Bailey then says oh that’s alright I’m talking to a journalist.

Several days later after explaining or showing Keith Ng how to do what he did they publish it all on line and create a mass of publicity.

So is this blackmail?

Well, answer this…Had Ira and/or Keith being paid a “consulting fee” would the story have run?

Of course it wouldn’t have…the loophole would have been closed, no one would have said anything and everyone would have been none the wiser. Instead we have this…now I ask again…Is this blackmail?

If it isn’t blackmail it certainly seems to be a new business model whereby you work with a hacker, nick some data, ask for a “reward”, then when told to nick off you publish it and ask for “donations”.

Tagged:
  • Troy

    It seems like blackmail. What worries me is that this goat’s cock felt it was all well and fine to threaten to expose the personal information of thousands of people (innocent at that) – for him that seems fine – does this guy sleep at night – yup he sleeps fine because blackmailers have no foibles, no feeling of guilt nor any capacity to feel remorse for harm (potential or otherwise) inflicted on innocent people. I hope he and his hacker are dealt with severely under our hacking laws (if at all possible).

  • Jimmie

    This is another ‘iceberg’ story from a bunch of dodgy lefties. (The initial plot is approx 10% of the truth)

    Hopefully a review of WINZ CCTV will show exactly what happened but I’m guessing it went like this.

    One of the losers found out about the apparent lack of security and the lefties put the following plan into action.

    1 Download as much sensitive data as possible for political/criminal uses. (See story that vaguely mentioned a flash drive)
    2 Contact a hacker to see if more info could be obtained and/or malicious attacks made on the MSD network.
    3 Contemplate propaganda uses of the security breach.
    4 Contemplate ways of making $$$ out of the security breach (This may have been point 1)
    5 Make sure a partially believable legal cover story can be used to cover dodgy dealings.

    I am reminded of the George Thoroughgood song Dirt deeds done dirt cheap…..

    Also the MSD need a kick up the rear end for the breach in the first place – unacceptable.

    The CCTV timeline + access logs should tell the story of what really happened and I hope these losers get locked up & the MSD IT guys get fired.

    • Agent BallSack

      ACDC did Dirty Deeds done dirt cheap, Thorogood played Bad to the Bone.

      • Neil

        He’s probably confused with George Thorogood & the Destroyers version of Bad to th Bone…. has not a bad link to this either…

    • blokeintakapuna

      Jimmy – it was AC/DC that sung “Dirty Deeds Done Dirt Cheap”
      George Thoroghgood sung “You talk too much” though…

  • Morgy

    I would love to see a timeline on the info flow. Especially when you have Cindy being geared up and ready to go on all media outlets from 6:30am on Monday already making the obvious allegations so that by the time the Minister and CEO can actually front up, it looks as though they are chasing their tail. When did Cindy and friends learn of this? Was it at 10pm on Sunday night? I don’t think so. Also, couldn’t some reporter actually show us what keystrokes were required. According to Ng and Cindy it was just a few…..Well Mr and Mrs Reporter/Journalist how about not taking their word for it and finding out yourselves and telling us. Let’s make no mistake….this is not good and there need to be questions but the way this has been done is another joke. Even Peter Williams this morning led the news by this line: “Another embarrassment for the Government this morning as it has emerged that the whistle blower was Ira Bailey, one of the Urewera 17″ Why is that an embarrassment? Why lead the story that way?

  • BJ

    Knowing precious little about systems programming I have to ask – could Ira have maliciously loaded a file/data into the system ( perhaps provided by a 3rd party) that allowed him access.
    Granted, closing the breach is important, but if ever there should be an enquiry into anything in the last few months this is it because something doesn’t smell right. If fowl play is identified let the perpetrators be made a glaring example of.

    • James Gray

      Looks to me like genuine incompetence here. Plenty of window lickers in the IT world, and this is a very easy trap to fall in to if you don’t put an ounce of thought in to your design.

      • Neil

        Absolutely – a thirteen year old could have got in and more easily than Ng did…..probably noone imagined they wouldn’t have had better safeguards else this would have been discovered sooner.

        • itman

          a 13 yea old at the winz office looking for employment ?

    • 2ndAmendment

      could Ira have maliciously loaded a file/data into the system ( perhaps provided by a 3rd party) that allowed him access.

      absolutely. He could have set up autopayments to pay himself millions of benefits fradulently (although that’s really no different to what WINZ does all day anyway)

      • Neil

        Only because their system was as open as a whale shark’s mouth.

        • Markm

          You seem to know or claim to know an awful lot about the Winz IT system Neil.
          Tell us your sources for your claim a 13 year old could get in.

          • Mitch82

            From what I understand, this wasn’t even really a hack – there wasn’t any exploit used, he simply found another way to access the network file structure when the conventional methods were disabled. It’s kinda the more technical version of a smart-arse going into Noel Leemings, getting access to Windows Explorer through a hotkey and deleting System32.

          • Neil

            It’s called having been unemployed and being given their computer cubicle to search for work…..They think that if they leave the links to each of the on-line job finding websites on screen that’s all you’ll look at….

    • itman

      depends on whether he had read or write access to the data…

    • pukakidon

      He certainly classifies himself as a Linux expert. I wonder what Linux tools were on that USB stick he plugged into the Kiosk machine while he was waiting for a bus.

  • LionKing

    I suspect Keith Ng hasn’t quite thought through his actions well enough. Asking to be paid for this raises the question who is the money going to? Keith or Ira? If it is Ira, then yes its a backdoor way of gaining revenue. The Police need to be involved and the full weight of the Justice system – Bring on Crusher.

  • LesleyNZ

    Hmmmm – and who is behind these two? No way would Ira Bailey have just decided to pop down to his local Winz office. Is there someone working within Winz who doesn’t like what is happening within Winz behind the tip-off?. Something is very odd about this whole saga – The what, who, how, when and why is just too deliberate looking. Was this meant to be a politically motivated stunt backed by a political party or person/persons? I think there is a lot more to come out of this one. Keith Ng will soon be wishing he had not got involved.

    • insider

      Maybe he was there to apply for, hmm I don’t know, some form of benefit? Under our system quite a few people who work are also entitled to benefits. Odd that.

    • Petal

      “No way would Ira Bailey have just decided to pop down to his local Winz office.”

      You’re onto it.

      The REAL source is still unknown.

    • Neil

      Ummm – I always thought is was the left who were accused of being hyper conspiracy theorists….. you can’t accuse them of being thick as two short planks one day and then blame them for this type of action….this is quite clever..

  • Bea

    And if MSD had paid up, this crowd would have claimed they were ‘bought off’ or ‘bribed’. Their sole aim was to embarrass the Government no matter what. And, as usual, the media falls into line.

  • Mitch82

    It helps to understand the White/Black Hat culture within IT if you’ve never heard of it, before you come to any conclusions.

    People in the computer security world are regularly paid fees, rewards for finding security holes – they’re known as White Hat hackers, or ‘ethical’ hackers. Google, Yahoo and Microsoft pay massive amounts freely to these people, and it’s becoming a legitimate field for those who know their way around networks. It’s not Microsoft that keeps your Hotmail account safe, it’s these guys. It’s just how the industry evolved.
    Some of those who started out poking around systems for fun decided to use their talents to help companies keep themselves safe, instead of leaking the security holes to the public to stoke their ego or cause harm. The latter are Black Hats, people who you’d find in LulzSec, AntiSec and Anonymous.
    Wikipedia has a page on White and Black Hat hacking.

    • Mitch82

      That said, it’s cute watching imitator bloggers try to follow in WO’s footsteps by causing a media uproar. Imitation is the most sincere form of flattery.

    • Morgy

      Does that mean if a White Hat Hacker was to find a problem and then also find that the company don’t reward, they then play political games or would ‘ethical hackers’ then just do the right thing and tell them what they know?

      • Mitch82

        A white hat would alert them, and hope they get a reward. They wouldn’t demand a reward on threat of releasing it. That’s the line that becomes blackmail. I guess my point here is that the white/black hat culture isn’t widely known about, but it’s definitely there. Things are always going to be blurry in ethics, but IMO white hats do infinitely more to keep systems like Windows and Linux safe than the companies. As do the Locksmiths that spend their time figuring out weaknesses in locks so that the companies can make better ones, not so they can exploit the weakness.

    • johnbronkhorst

      This is not that case…WINZ did not pay someone to test thier system! This person STOLE information. No different than if you leave your door unlocked by mistake and a burglar steals your TV….It’s still stealing.

      • Mitch82

        Agreed, but they should have. From my understanding, it wasn’t even a hack needed to get into the system, it was just navigating in the right way. If the neighbor leaves the door open and you walk in and take the TV, that’s theft. If you tell the neighbor their door is open, you’re a good neighbor.

        But in the case where WINZ leaves their door open for months, if not years, and people’s personal information is at risk, the situation is a little different. The company that did their security audit failed, and the two guys here handled it wrong.

        I’m not defending these guys, if I were in their position I would have said “Guys, you have a big hole in your system, here’s how I did it. While we’re at it, here’s my CV in case you don’t want this to happen again.” Seems like the blogger is trying to get some publicity, I’ve no idea about this other guy that was linked to the terror raids.

        • Neil

          Yep – just a little pissed someone else did it….

        • johnbronkhorst

          Actually, I heard he used a USB drive to do it. So what program did he contaminate the security with to access this? Charge him with criminal damage of a computer system and stealing information from it!!!!!

          • Mitch82

            He used the USB drive to take documents away, made the comment about the copying being painfully slow because of the network speed. He used a simple workaround method in Microsoft Word to get access to the file system.

            He definitely stole information from the computer based on the comment about sifting through 3600 odd invoices or something, doubt he would have done that in the office. But there wasn’t any damage.

    • Bitch82

      You are a hypocrite and a muppet. He is a black hat because he did it maliciously for money.

      • Mitch82

        I didn’t say he wasn’t, I just brought up the white hat – black hat issue because it’s highly relevant and widely misunderstood. Also, fist yourself.

        • pukakidon

          Ew thats a bit filthy. Is that what happens in Annette’s Wellington flat?

    • Neil

      Agreed Mitch…totally. Oh wait that’s me….

  • Doug

    Why would a Systems Administrator use a USB stick, was he updating
    his CV sounds very fishy.

  • Euan.Rt

    I agree. What is employed Ira doing in a WINZ office with a flash drive?
    On the other hand Little Pony is going to come unstuck calling this the most serious breach. Govt just needs to continue their line that they have been let down by the IT guys. No real political responsibility here other than the possibility of being alerted to the possible problem at an earlier time and not dealing with it sooner. This has yet to be proven.

  • Petal

    “Had Ira and/or Keith being paid a “consulting fee” would the story have run?”

    My gut says yes.

    It would only have added the dimension of “and they gladly paid HUSH MONEY to make this go away!”

    These guys have a history of fighting The Man. The money wouldn’t have stopped their innate need to do what they have done.

  • blokeintakapuna

    Just wait for the MSM to ask Bromwyn Puller for her take on the situation…

  • pukakidon

    I would like to know what business Ira works for he has obviously trust issues and should not be anywhere near personal information. If it is a government or banking he needs to be given his marching orders. Hacking is illegal in this country and he should be charged.

    • owl

      very good point – Linkedin says Chinese Accupuncture Clinic and he is linked to a number of IT chat groups. I guess if I was his boss I would be asking him some very big questions this morning and questioning my own security systems.

      • Neil

        He might even be up for a pay raise if they get the work…..

        • pukakidon

          I think you have been watching too many movies, it does not work like that. NZ IT industry is a very small interlinked community, once you are known as a security problem it will be over for you if you. I for one would not go near this Chinese Acupuncture Clinic he is associated with.

          • Neil

            I’m in the IT industry.

          • pukakidon

            I am afraid using office or help desk operator doesn’t really cut the mustard. If you don’t know that the IT industry is very small and people know everyone else especially in the security and information assurance arena, then you might be out of touch I am afraid. No large company would hire a security risk like this guy. It is too much of a risk, I would be very interested to see who he has been talking to as regards to the vulnerability assessment performed last year. Look within and you will find the culprit.

  • 2ndAmendment

    It’s cyberterrorism – pure and simple. “Gaining access to a government computer used in the administration of justice” (such as kids placed with WINZ). In the US under PATRIOT ACT mandatory sentencing guidelines, that’s 20 years inside a superMAXX.

    In NZ, thanks to leftists and leftertarians, we don’t have appropriately draconian cyberterrorism laws. This case shows why we need them!

    But these terrorists have – in one very important sense – done us all a service: the MSD & WINZ systems are clearly not fit for purpose

    so let’s recognise that fact, and simply turn them off. All of them. Off.

    Problem solved.

    • Neil

      Don’t even go there bud – that shit is scary enough without using this as a possible example. There is no way that WINZ are dispensing justice.

    • Mitch82

      Maybe get our own Gitmo with a waterboarding suite for whistleblowers and hackers while we’re at it, eh? Throw Cam in there because he speaks badly of the Government, give him some re-education?

      • pukakidon

        Oh you would be into that wouldn’t ya Mitch. Stripping the guys naked dripping water on them and blowing whistles.

  • Gazzaw

    A different matter but it does involve making big money out of this issue. How long before an ambulance lawyer pops out of the woodwork to orchestrate a class action on a ‘no win/no fee’ basis? As sure as fleas follow a dog.

  • Neil

    Sounds more like a lovely right-wing business opportunity to me actually…..

  • In Vino Veritas

    It may not be blackmail, but it is certainly accessing a computer system without authorisation. Try Crimes Amendment Act 2003 section 252(1). Up to 2 years, thanks very much.

    • Mitch82

      In court his lawyer would argue that he had authorised access because it was a public kiosk. Never used one so I don’t know if you have to click/sign any terms of service stating what you can/cannot do on the system, but without that it might be hard to make a clear cut case on 252(1).

  • http://twitter.com/Inventory2 Inventory2

    When Ira Bailey and the other activists were arrested, Scoop profiled them all; this from Bailey’s profile:

    Ira was instrumental in the reconstruction of the house known as 128, which had been
    abandoned, then rescued from destruction by the local community. Not only did he help rebuild the house, but he also set up a library there, and a bike workshop – at the
    weekend and in the evenings he made himself available to tutor members of the public in bicycle maintenance and repair, and would take old broken bikes and fix them up, providing a cheap, and often free, means of transport for those who needed it.
    This work, and visits to Nicki Hager’s self-built house, inspired Ira’s interest in
    building construction, and he had recently been working as a builder with the goal of eventually constructing his own house and becoming self-sufficient. His few spare hours were spent working on a wind turbine powered by old scooters, designed to provide his electricity needs.
    Although clearly a committed political, environmental and rights activist of long standing, friends say Ira had not been heavily involved in recent months, concentrating instead on his wind-generating project.

    http://www.scoop.co.nz/stories/HL0711/S00008.htm

    This bit certainly gets the antennae buzzing: “This work, and visits to Nicki
    Hager’s self-built house…”
    ; might we be getting closer to finding out how Nicky Hager came into possession of Don Brash’s e-mails?

    None of this excuses the MSD however if their system is found to have been left vulnerable. Kudos to Key for ordering a more widespread review than just for MSD.

    • LesleyNZ

      Yes – good point – Don Brash’s emails – there could well be a connection……………

  • Gazzaw

    Ira has inadvertantly popped his head up over the parapet. Life will not be quite as easy from now on.

  • DangerMice
    • pukakidon

      Maybe donations from Labour or the PLA sponsored Huawei

  • fozzie

    Can’t help thinking that if this monumental cock up by MSD and Paula Benefit happened under another government’s watch how different this conversation would be here. MSD were told over a year ago there were security problems – they did nothing – what sort if IT idiot set this up ? I have small business client with more idea of security. Stop shooting the messenger and shee the blame home to those who are responsible for this stuff up – and shuffle that fat arsed Benefit to the back benches where she belongs

    • Gazzaw

      Yeah, I’m sure that Ruth Dyson would have been right on to it fozzie. As of course would her predecessor David Benson-Pope. And speaking of fat arses (pleased you mentioned that) both were very ably assisted by Associate Minister Parekura Horomia.

      I think I’ll stick with Paula.

    • Mediaan

      Not only is Paula Bennett doing a superb job, this just HAPPENED to occur at one of her highest points in the public esteem. The release of her well-thought-out initiative on reducing violence towards children. just beginning to be looked at by the public, and a hugely enthusiastic response. Top marks to Paula.

      Seems very planned in timing to me.

      Is this one of the little poison pills left behind by Labour and their mates?

  • itman

    this idiot lefty “system administrator” has broken the most important unspoken rule, that all professional system administrators and IT engineers should know and follow.

    NEVER SPEAK OF OR DIVULGE ANY INFORMATION THAT YOU COME ACROSS WHILE ON THE JOB.
    Ira Bailey, you may as well shred that cv of yours, and just stick to tree hugging, maybe learn a little more te reo, you should never be placed in such a position again.

    IT Managers the world over, hopefully find this article next time they google your name when checking your application..
    MUPPET !

  • Mediaan

    There is a strong link back to events more than a year ago. At which time Brendan Boyle, MSD chief, was head of E-Government and regarded as a computer whizz. He only came to (eleven billion a year spending) MSD as chief less than a year ago.

    http://computerworld.co.nz/news.nsf/news/innovation-the-buzz-word-for-govt-ict-council

    Don’t read it if you have a delicate stomach and pay taxes.

    Why? It turns out our Government spends two billion a year on ICT.

  • anon

    Anyone looking to “blackmail” google can do so here: http://www.google.com/about/appsecurity/reward-program/

    Also I seriously doubt any one on this thread who has claimed to work in IT actually does.

84%