Skip to content

My God: Newshub reports – Cyber experts not convinced Treasury was hacked


Did the sun rise this morning?

Have I been transported to an alternate reality? The following is a news report from an unlikely source. It is not a Gower hit piece on National, but some facts on the claimed ‘hack’ of NZ Budget material.

Jamie Ensor at Newshub

Claims that the National Party released hacked Budget information on Tuesday are likely to be incorrect, according to cybersecurity experts.

The debunking of the Robertson and Treasury claims was comprehensive

But cyber-security experts from Darkscope, a Kiwi organisation with expertise in artificial intelligence, suggest any claim that National received information as the result of the Treasury being hacked was likely incorrect.

“Claims from the head of Treasury, Gabriel Makhlouf, that 2000 attempts in 48 hours as proof that their systems were hacked clearly shows their lack of cyber security awareness,” a statement from Darkscope said.

“There are nearly one billion website breach attempts blocked every day across the world – it is far more common than most people expect. The 1000 attempts per day is simply ‘white noise’ on the Treasury site.”

Oh dear, that is not good for the regime

In fact as the story progresses it gets worse for the regime

“An attack rate of 1000 attempts in a day is at the very light end of the spectrum.”

While there are different types of attacks, of varying complexity, Newshub found last year that the Bay of Plenty District Health Board fielded up to 864,000 potential cyber attacks every day.

On Wednesday, Bridges said as a former Minister in charge of cyber security issues, “there are things going on every day”.

“Frankly if you went six months ago and you had a look around Treasury, there would be actors from all over the place trying to hack the Treasury.”

Joerg Buss, Darkscope’s technical director, told Newshub that it would normally take hundreds of thousands of attempts to get through a website’s layers of protections.

Buss said there were two likely scenarios of how the hacker got the information.

It could have been that the hacker quickly got through weak protection fields – which was unlikely for the Treasury – or a case of human error.

“A more likely scenario is that someone used a spider or crawler program to find ‘hidden’ content in the Treasury website (which is not considered a cyber-attack) and may have found the Budget 2019 files which were not protected properly at that stage.”

Some online have posted images of Treasury webpages providing links to 2019 Budget information which led to a “403 error”. That can suggest that information is present, but it is not public – at least anymore.

That ties in with my earlier post.

My current view a total cluster**** which the regime is trying, badly, to close down.

In fact the government spin is making matters worse.

  1. 30/05/2019 10:53

    Adam, I see a parallel here with what happened with Australia’s first attempt at an online Census.

    The system crashed. Why no one expected it, I’ll never know. But the story put out at once was there was a hack, a Distributed Denial of Service (DDoS) attack.

    Well guess what? On Census night, 5 million Australians tried to log on to a single server at the same time. That is what a DDoS looks like, except this time it was simply people trying to use the system as intended.

    So, rather that admit human error, admit that “We got it wrong”, it is easier to blame Russia (USA), China (Australia) or the troll under the (Simon) Bridges (NZ).

    Once anything is on a web server, it will be discoverable, even if you have set a publish time, used a password, or even a paywall. What Man creates, Man can also circumvent.

    Remember Stuxnet? It was unleashed on Iran’s nuclear capabilities in a joint Israel/USA attack. Problem with using viruses and worms is that once they are detected, your enemy can then decode the code, repurpose the worm, and send it back your way.



  1. NZ Budget ‘Hack’: How Robertson traduced National and Bridges and what happened then | The Inquiring Mind

Comments are closed.

%d bloggers like this: