Media begins countering claim that Coleman site was hacked
Thursday, March 12, 2009 at 11:20 am
- 11 Comments
There’s a divide opening in how the media is covering the story of Norm Coleman’s vulnerable donor database: Some outlets blame shoddy security practices by the campaign, others blame “hackers.” The latter group — which includes Politico, MinnPost and right-wing blog Power Line, among others — echoes the campaign’s assertion that the exposure of donors’ credit card numbers and personal details is a politically motivated act. But as we reported yesterday, it wasn’t hacking at all, according to IT professionals, and news outlets like the Pioneer Press and Minnesota Public Radio (MPR) are countering the “hacker” meme.
This morning in the Pioneer Press, Dave Orrick contrasts Coleman’s statement that the Jan. 28 breach was an “attack on this campaign” with quotes from Web and banking experts who blame the campaign. Banking security professional Kelly McShane, who sent $100 Coleman’s way, called the breach “so irresponsible that I can’t believe it.” (Contacted by MnIndy’s Chris Steller yesterday, McShane said she felt “extreme anger” at having her personal data revealed by the campaign.) Eric Schultze, chief technology officer for Roseville’s Shavlik Technologies, faulted the campaign for not encrypting the credit card numbers, adding that credit industry standards dictate that credit card information never be on the same server as a Web site. He called the failure to encrypt card info “a big ‘oops’ on the part of the Web site administrator … I’d be surprised if that person still had a job.”
MPR’s Mark Zdechlik interviewed Adria Richards, an IT professional who weighed in at MnIndy on the security flaws she found back in January, who said she didn’t hack into the site. She echoed Schultze’s sentiments about the error of storing sensitive data on the web server: “It’s like putting your filing cabinet outside of your house.“
11 Comments
Comment posted March 12, 2009 @ 11:57 am
Just one point, but I think a big one to countering the charge that Wikileaks revealed the credit card numbers: I looked to see just what was in the spreadsheet Wikileaks posted, and they ahd the last four digits of card numbers and security codes, but they didn’t post the whole numbers. There’s still no evidence anyone intending to steal credit card numbers got a hold of them or that if they did, they got them from Wikileaks, Franken, or the DFL.
Comment posted March 12, 2009 @ 1:20 pm
Eric, read the wikileaks article in it’s entirety. You will see that they point to fully unencrypted card numbers which are stored in one of the database tables.
Comment posted March 12, 2009 @ 2:08 pm
Let’s be honest for a change and call a spade a spade:
If you support Franken then the site was not hacked.
If you support Coleman it was.
Either way, someone did something unethical by posting donors personal information on line. That in no way can be disputed. Who ever did this is misguided. The “open door” explanation doesn’t justify criminal and immoral behavior. If I find out who posted the information I am going to punch him/her in the face.
Comment posted March 12, 2009 @ 3:14 pm
RTFA, I looked again at both articles they’ve posted, and the linked spreadsheets. I was right, Wikileaks did not post full numbers.
Pingback posted March 12, 2009 @ 6:27 pm
[...] MN: Media begins countering claim that Coleman site was hacked http://minnesotaindepend…-coleman-site-was-hacked [...]
Comment posted March 12, 2009 @ 8:40 pm
@justsayin When I see you outside, I’m gonna punch you in the nose. Full up sick of your angry, baseless attacks. Once again, the purposefully misinformed justsayin manages to spread a lie. The credit card info was left in a public place. The onus is on Coleman who cannot even be responsible with donors privacy. Coleman can’t betrusted to run anything, much less a senate office. Good thing its good riddance to our shameless, spiteful exsenator.
Comment posted March 12, 2009 @ 11:29 pm
just sayin: “Either way, someone did something unethical by posting donors personal information on line.” Yes, agreed, and that someone has been clearly documented as Coleman and his staff running an online ecommerce web site in an unprofessional, unethical, and potentially illegal manner by placing private information in an unprotected state on the public web.
The rub is that Coleman appears to have tried to cover this up, and that is why Coleman SUPPORTERS are upset about it, which is not some left-wing conspiracy. Adria Richards and Wikileaks tried to get Coleman to take responsibility for the problem, which means they acted responsibly.
Further, that does not take away our rights to dislike the former Senator for his policies, and to disagree with his claim against a legally valid election recount result that already went to the Minnesota Supreme Court. We are proud to be Americans! Deal with it.
Comment posted March 13, 2009 @ 9:34 am
Boy, if I ever discover that someone has left secret data in plain view I’m not going to say anything. I’ll leave it there for real criminals to find and exploit. I wouldn’t want to be accused of looking at something I shouldn’t be looking at.
Comment posted March 13, 2009 @ 9:42 am
Coleman’s mistaken was stupid but unintentional. One of your friends posted private credit card information on a site with deliberate criminal intent. They are your friends, right? I mean you sound pleased by their actions.
Pingback posted March 13, 2009 @ 10:14 am
[...] donor database story, ably reported by the Minnesota Independent in January and now, some are ignoring plain facts: the Coleman site was not hacked; the Coleman campaign carelessly put donors’ credit card [...]
Pingback posted March 13, 2009 @ 3:43 pm
[...] debate raged on Thursday over whether the campaign was the victim of hackers or its own carelessness. As MinnPost points [...]
RSS feed for comments on this post.
Sorry, the comment form is closed at this time.
