Labour Leaks – How I did it

Labour and their proxy bloggers have been telling a great many lies about how I got access to their website, to their credit card donations and to their membership lists.

They have lied from beginning to end about the situation that exposes their members and donors to public scrutiny.

They even enlisted John Pagani to continue the smears by asserting that the National party gave me the information about the exposure to ensure their hands were clean. I absolutely refute those allegations. They have produced a few ip addresses to somehow prove that it was National that told me. This is fanciful.

On the server that I obtained the information there were 4 websites, they were,, and Anyone going to Labour’s online campaign lets-not site would ahve had their ip address captured. Grant Robertson mentions the huge response and Trevor Mallard boasts about the amount of traffic my site directed to Labour’s site and unsurprisingly I bet more than a few MPs and other party staff visited. I have the full logs of these sites, perhaps they would like me to publish them to prove that it is me telling the truth and them that is spinning.

National has not been involved in this release, like I would trust them to keep this information quiet for as long as I have been in Labour’s backend. John Pagani simply lies to suggest otherwise, as does Moira Coatsworth and Chris Flatt.

TV3 were going to run a video that I made showing how I accessed the details. They have pulled their clip because of the Christchurch earthquake. I knew that Labour would go personal, I knew they would fling mud and I knew that they would call me a hacker. So before I pulled the trigger on this series of leaks I made a video to prove how I accessed their data.

The video is damning. People should be sacked. The story is not about who accessed their site when, it is about the fact that ANYONE could and did.

Labour has failed in their duty to care to members and donors to keep their details private. They published those details in the public domain, open to anyone who cared to look. The information is still available in the Google cache proving it was open to the world and now cached forever by Google.

Labour has been caught red-handed using parliamentary services funding to host websites, collect donations and membership fees and staff working in parliamentary services to process this information. The reason I leaked the minutes on Sunday was to show that Labour has a policy of using parliamentary services to benefit the Labour party. I have the electronic evidence to prove it and they can spin all they like about staffers wearing different hats and being part time but the fact remains is that these transactions occurred from PS computers, on PS funded servers for the benefit of the Labour Party and that is against the law and against the rules.

At the very least Chris Flatt should be sacked or resign, Moira Coatsworth should go too along with any Parliamentary Services staffer caught doing Labour party work on the payroll of the public.

Meanwhile I still have the data in a safe place. I will continue to analyse it and identify conflicts and publish them at my leisure.


THANK YOU for being a subscriber. Because of you Whaleoil is going from strength to strength. It is a little known fact that Whaleoil subscribers are better in bed, good looking and highly intelligent. Sometimes all at once! Please Click Here Now to subscribe to an ad-free Whaleoil.

  • nigel201065

    Stupid is as stupid does
    I curse the security for the system at my work but it has never had an unauthorised access as you say if Labour cant run and secure a web site how the hell are they going to run and secure a country

  • cadwallader

    Thanks Whale. Your sober and technically balanced explanation is all that is required. The hysterics from Labour are typical!

  • oliveri

    @Whale – have you intercepted any feedback from NY branch about this situation?

  • Outstanding post Cam, and the video is brilliant. I wonder if Eddie and Irish Bill will retract their allegations now …

  • chimei

    But but but but, you fucking homo torrie sickness bene… wah wah waaaah

    Waits for Eddie to swallow that turd she so proudly produced.

  • naylor

    Well done Whale. It’s about time Labour’s secrets were exposed. Brilliant work.

    Stand tall against the threats and intimidation that Labour’s hacks will direct at you – especially directed by those thugs Mallard and Hodgson.

    You have done tax-payers of this country a great service. It’s a shame National doesn’t appreciate you more. But their loss is New Zealand’s gain.

  • peterwn

    “I will con­tinue to analyse it and iden­tify con­flicts and pub­lish them at my leisure.”
    Sounds like the torture of the thousand cuts.

  • axeman

    Grant Robertson repeated the Liarbore claim to Newsdork ZB just now that the “first breach” was by someone associated with National. He is calling bullshit on the WO activity especially on how much their [nebulous] fundraising has achieved.

  • Mother Doners to teenage son Websitis.

    ” I went to a lot of effort to prepare all that Party food and set the table and arrange it all nicely ”

    ” But MUM it’s NOT my FAULT the dog came inside and ate it all ”

    ” Did you shut the kitchen door? ”

    ” no”

    ” Did you put him in his kennel after taking him for his walk? ”

    ” no ”

    ” Did you remember to feed him on the weekend when I was away ? ”

    ” er no”

    “So you starved him, didn’t secure him, left the door to the food open, but it’s not your fault? ”

    ” Yeah that’s right Mum. He ate the food not me so it’s important that you blame the right person “

  • mediatart

    You seem to leave a lot out of your” how I did it”. And some of the sentences are meant to be read together so as to steer you away from what they really mean.
    eg on the server I obtained the information there were 4 websites.- of course the websites arent what you are interested in, its the databases that would be separate to the websites.
    And its the IP addresses of who went to the database thats interesting. Nice try trying to get us to think about all the visitors to the websites which is separate. It a long time ago since I had anything to do with this sort of thing but the trick then was to use non routable IP addresses .

    • devlsadvocate

      …did we watch the same video? What the hell do IP addresses have to do with anything? It looks like whale only mentioned the websites because that’s what lead him to the directory listing.

      (Its also hilarious that you lot can do an apparently flawless forensic examination of who has accessed the data, while my head still hurts from the involuntary facepalm when I saw that directory listings weren’t disabled, such was the Labour technological prowess. Honestly, do you ever listen to yourself say this shit out loud?)

      • mediatart

        In last week we have had security breaches at the IMF, and it seems that Citibank, one of the worlds largest banks has ‘somehow’ let hackers into its credit card details. Cet la vie. It wasnt that long ago that an Aussie banks ATMs were giving out money to customers who didnt have any, another Aussie bank took about 3 days to get updated balances correct and payrolls were processed. ALL IN THE LAST SIX MONTHS.

        Like I said Whale has made it look easier to access the index, as of course he was on a mission to disrupt labours online presence and he does have above average computer skills.

    • berend

      mediatart, huh??????

    • funkdup

      Which proves you don’t know what you’re talking about:
      “the trick then was to use non routable IP addresses” – which are useless for accessing anything over the internet precisely for the reason that they can’t be routed. They’re also known as Private IP addresses, and are to be used ONLY inside a private network. You can’t access the internet with a private IP address because there’s no way for return traffic to be routed back to you. The private IP address has to be translated (Network address translation) to a public IP address, which is routable, and which also gets recorded in logs.

  • lcmortensen

    You really have a voice for radio!

  • overthehill

    @spanishbride – If Labour is run by a gaggle of gays, and Whale has been “in Labour’s back­end”, I recommend a regimen of wire brush & dettol for a while.

    • devlsadvocate

      and scotch. Lots of Scotch.

  • statlerandwaldorf

    This is fucken bullshit. Where’s the donor list ?

  • berend

    After having given this some thought: I think you should publish the donor list, or anything you have.

    These guys love wikileaks, so they can hardly complain. And as a professional in the IT security field, only when there are real consequences will people ever take security seriously.

    Just publish it. That’ll wake up some people. Computer security in this country is disastrous, and that needs to be demonstrated painfully.

    • That’s easy for you to say Berend; until the legal position is clarified, WO is dead-set right to be a little cagey. He’s already taken a few for the team.

      • The thing is that just the threat of publishing them forced Labour to admit what they had done, errr failed to do. If WO hadn’t said he was going to publish them they may not have sent the e-mails to their supporters admitting fault.

  • bunswalla

    Cameron, this is as good a piece of investigative journalism as has been seen in this country for many years.

    • reid

      That’s what I thought too when I first heard it yesterday bunswalla. You should apply for a job as a repeater Cam.

      They’d probably turn you down though on the grounds you might do the editor, just like Conan the Barbarian did.

      In his forties, he seized the crown of the tyrannical king of Aquilonia, the most powerful kingdom of the Hyborian Age, having strangled the previous ruler on the steps of the throne.

      So maybe not such a good idea after all, but I still agree with bunswalla.

  • reid

    Well done Cam for putting this on the table.

    Noting the donation figure of approx $11k and noting a campaign costs round $2m and noting that apart from the unions there don’t appear to be any wealthy Liarbore donars who probably between them all wealthy or not don’t have a spare $1,989,000 and noting that PS is likely to be ever so very careful and transparent indeed with how their resources are going to be used in this upcoming election, one wonders how Liarbore is going to fare and one is vewy vewy distwessed to learn that in fact, it may be very poorly indeed, given how the hugely popular Nats must really be raking it in right now.

    Lacking a significant UN donation, one wonders whatever will happen to them. What’s that? The UN isn’t allowed to make a donation. What about the IMF? Not them either. Awwwwwwwww.

    This is tewwible.

  • adolffiinkensein

    Maybe Helen will tithe ten percent of her tax free half mil SUS?
    Naah bugger it. Why not twenty percent?

    • tooright

      I hear Chris said he was good for it. Said it’d be his first weeks pay but he owed it to Filk.

  • jabba

    after reading I2’s comment about the subStandard, I bit my lip, took a deep breath and had a look .. whoop, talk about spit the dummy. They can’t stop using the words hack, illegal, National Party etc. Good shit Whale

  • tooright

    I have not seen anything in the lame stream media about this issue. You’d think Labour would be grizzling like crazy to anyone who would care to listen. May be they have tested it and found everyone laughed their **** off. Oh the joy.

    I see Palin has had her emails released for her time in office and the LSM are having to resort to crowd sourcing to dig for the dirt. The Gnats should release the emails of the Clark years. All in the interests of transparency and open government – lefties love that don’t they?

  • whafe

    mediatart – Always thought you were the first living brain donor, but now I class you in the sect of being a brain donor clown pants..

    Wake up and smell the coffee!

  • thor42

    Outstanding stuff, WO! That video was ***great!***
    I ***really do hope*** that Act use the saying that you came up with –
    “How can Labour be trusted to run a country when they can’t even secure a website?”
    Snappy, apt and true.

  • kehua

    A masterpiece Cam, salut.

  • cactuskate1

    Have to say even a blonde can follow that tutorial.

  • maninblack

    pinkos will cry if it doesnt go their way. thats what they do rather than accept it and learn from it.

  • Pingback: Offensive depends on viewpoint « Homepaddock()

  • lulu

    The Standard is running the line that this has all “blown up in National’s face”. They have excitedly reported that “the truth is coming out about National’s taking of data from a Labour web site” . They can’t be that confident about their position. They declined to accept this comment from me:

    Nothing has blown up in National’s face. It doesn’t matter how the information came to light as long as nothing illegal took place. All that has happened here is that Labour has been exposed as slack with security, ineffectual with fund raising and hypocritical about releasing private information.

  • meridian

    I have no idea what data they had on there – i guess we will see that and if its interesting or not. But this video alone must embarrass the hell out of them alone. If only for a 1kb index.htm page saying – under construction – or whatever – all this pain .

    Really inept.

  • davidw

    Interesting the folder titled “pansy” – that wouldn’t have been the dirty tricks programme against Pansy Wong would it? I’m no cheerleader for that lady put she was rather hounded out of office.

  • adolffiinkensein


    Perhaps it’s the Carter dossier?

  • liberty

    Labours stuff up needs a name

  • johnqpublic

    Donorgate? or perhaps Securitygate.

  • davidw

    Nah Adolf, that would be something that straight heterosexuals like you and me might do. The red team has had all that straight shit kicked completely out of them from hooker to fullback

  • putitaway


  • No “gates” lads, but it already has a name; WhaleLeaks

  • Pingback: Whale Oil Downloads Labour Donation Records, Email Addresses From Insecure Site()