GCSB tried to stop Treasury hack claim

NZ Herald: GCSB tried to stop Treasury boss Gabriel Makhlouf from saying website, Budget had been ‘hacked’

Political reporter Derek Cheng has uncovered new details of the hours leading up to Treasury boss Gabriel Makhlouf’s claims that his department’s website had been hacked for Budget details.

The Government’s spy agency made urgent calls to the Beehive before Makhlouf’s public statement – we reveal today what they told at least one senior Government Minister.

The new details come as Makhlouf faces a State Services Commission investigation over the way he handled claims the website had been hacked. It later transpired that Budget details could be uncovered using the Treasury’s search engine.

Matthew Hooton:

Could it have been little more than Makhlouf’s understanding (or misunderstanding) of what ‘hack’ meant?

Hack: “gain unauthorized access to data in a system or computer.”

Was whoever searched like crazy through the weekend authorised to do that? Was Simon Bridges and National authorised to release budget details two days early?

Authorise: “give official permission for or approval to (an undertaking or agent)”

Hgas: “who gives a stuff?”

Next Post
Leave a comment

11 Comments

  1. NOEL

     /  7th June 2019

    Hmmm wonder who isolated the IP to a taxpayers computer using taxpayer time?

    Reply
  2. Blazer

     /  7th June 2019

    as if Hooten offers anything more than biased speculation.

    Reply
  3. Well, either Makhlouf is a fool or he was ordered to lie to police. Seems to be a big deal to me.

    Reply
    • Alan Wilkinson

       /  7th June 2019

      Has to be the former surely. Unless he has evidence of the latter his career is ending.

      Reply
    • duperez

       /  7th June 2019

      The biggest deal is that speculation and suspicion become currency. Not for the sake of truth but for political mischief making and the parading go biases.

      Reply
  4. Duker

     /  7th June 2019

    On Tuesday evening a Treasury staff member described the incident to an NCSC responder and asked if this was a matter for the NCSC or Police.
    “Given the incident did not involve a compromise of the Treasury computer network and was therefore not the type of incident the NCSC would normally respond to it was recommended that the matter be referred to Police for their assessment.
    https://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=12238049

    So referring to Police – for whether a crime was committed -was OK It was 24 hrs later the Police replied.
    ‘The police informed Makhlouf on Wednesday evening that Treasury had not been subject to an unlawful hack. He informed Robertson that night and issued a press statement to that effect at 5am on Budget day, May 30.”
    This is the part of story that Hooton and his offsider Thomas at Exceltium have left out deliberately
    Storm in a teacup.
    Especially since we remember the police response to Keys claim of being ‘bugged’ during the Tea Tapes incident . They were quick to get a search warrant but of course it wasnt a bugging operation ( the microphone was wrapped in a covering and sitting on top of the table in plain site , not disguised as a tea spoon!)

    Reply
  5. Duker

     /  7th June 2019

    Examples of Microsoft flaws in its web browser which Treasury could have though were being used for ‘2000 targeted enquiries’
    https://www.slashgear.com/microsoft-urges-internet-explorer-upgrade-over-flaw-google-spotted-20558716/

    The flaw is described as a remote code execution vulnerability in how Internet Explorer’s scripting engine deals with objects in memory. “The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” Microsoft explains. “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.”

    Current user means any computer using their website ( as thats how Internet Explorer is used ,to acess websites)
    Im sure there have been many many other flaws in IE

    There could have been a security problem on Microsoft software that hosts the website, that was giving some one logged on more access then thought.
    At that time Bridges hadnt released his methods , and was being very cagey until the Police said it wasnt ‘unlawful’ -there still is a chance that is the case of using a computer for gain, with intent and knowing the information was confidential. In reality it was ‘we arent going to bother’ – compare with how quickly they jumped when Key claimed he had been ‘bugged’ in a coffee shop talking to Banks with hordes of media present.

    Reply
  6. Duker

     /  7th June 2019

    Tired of NOT seeing NZ Herald stories that are worthwhile?
    https://chrome.google.com/webstore/search/%20NZ%20herald%20fixer?hl=en
    A Fixer , who would have guessed

    These arent hacks , as of course they only alter data on your own computer that NZH sends to you anyway.

    Reply
  7. Beltway is meaningless in NZ; it relates to American politics and not ours.

    Some people seem to think that NZ is part of the US.

    Reply
  8. david in aus

     /  7th June 2019

    I can imagine the questions for the next election: “Jacinda in the last election campaign you said it was possible to be a politician and not lie. How do explain the deliberate lies propagated by your government?”

    Is your government just good at talking and not doing?

    Reply
    • Duker

       /  7th June 2019

      Did you not read this part
      “its was recommended that the matter be referred to Police for their assessment.”

      Which they did. As of course GCSB aren’t an investigation agency for computer crime.

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s