This site uses cookies to improve your experience and to provide services and advertising. By continuing to browse, you agree to the use of cookies described in our Cookies Policy. You may change your settings at any time but this may impact on the functionality of the site. To learn more see our Cookies Policy.
OK
Dublin: 8 °C Tuesday 11 December, 2018
Advertisement

2,000 users’ details taken in Fine Gael website breach

The party confirms that 2,000 details had their emails, mobiles and IP addresses taken, as the FBI is called in to investigate.

Updated, 19.55

FINE GAEL has emailed visitors to its website, advising them that their personal details were accessed, and may have been copied, by the Anonymous ‘hacktivist’ group that breached its site last night.

The party’s new website - launched just last Tuesday – was last night breached by two members of the collective, who manipulated the site’s commenting feature into displaying an Anonymous-branded holding page telling users that Fine Gael had “taken no measures to protect you”.

The FBI has been called in to investigate the breach by the US hosting firm ElectionMail, which hosted the site.

This morning, as the Data Protection Commissioner indicated he was investigating the breach, the party wrote to the website’s visitors – who were invited to give their names, email addresses, constituency details and phone numbers when they left comments – to inform them of the attack.

In an email seen by TheJournal.ie, the party said its site had been “professionally hacked” between the hours of 8pm and 12am last night.

The email read:

We were alerted this morning that the Anonymous Group was able to secure the database of the information submitted by you during the previous week…

As a result we have now taken the necessary action to report this “hacking crime” to the proper authorities including the Data Protection Commissioner and the Gardai.

This lunchtime the party said that around 2,000 users had seen their details – as well as their unique IP addresses – accessed; the Evening Herald had earlier reported that almost 4,000 comments have been left, but the Herald’s Kevin Doyle has since tweeted that a number of the comments were left by repeat visitors, thus reducing the overall number of persons affected.

Proving that Fine Gael had been selectively censoring messages submitted by users to the site, Anonymous provided Doyle with a copy of the data collected – data which included the details of Green Party TD Paul Gogarty, who had left a comment on the site.

The Herald also quotes a statement from Anonymous which describes Fine Gael as “a bunch of lying, deceitful men” and added that “all you people are interested in is your own back pocket”.

‘Not terribly complicated’

An online security analyst, who asked to remain unnamed, told TheJournal.ie that the attack was likely the work of what are called ‘script kiddies’, utilising a technique known as a ‘cross site scripting’ attack.

Such attacks, the analyst said, are “not terribly complicated” and are “usually easily defended against”.

At the time of writing, the website remained offline, with a holding page advising visitors that the site would remain unavailable “while we follow-up [sic] with the appropriate authorities to resolve this matter”.

The party’s traditional website, which had remained active at www.finegael.org while the temporary campaign website was active, has also been removed, and also redirects visitors to the notice about the Anonymous attack.

Overnight, the site had been taken down fully, and then replaced with a holding page assuring users that “the integrity of all the data collected” was “still intact, and was not accessed at any point by this outside entity”. Screengrabs of the site at various stages overnight have been posted on politics.ie and on the blog of Michele Neylon.

Anonymous is more widely known for its campaigns against the Church of Scientology, and more recently for having attacked the websites of companies like Visa, Mastercard and Paypal over those sites’ withdrawal of services to WikiLeaks.

Last week the site had come under further scrutiny when it was revealed that it was hosted in Miami, meaning that no political party in the Dáil had its main website hosted within Ireland.

The foreign-based hosting service had also raised concerns in the blogosphere about the Party’s compliance with the Data Protection Acts, and whether their transfer of personal data to a host outside of the EU was being done on a compliant legal basis

As a result, late last week the site was updated to include an opt-out where users could stop the party from retaining their details.

This afternoon Fine Gael senator Paschal Donohoe told RTÉ Radio’s News at One that the party “regretted” the security breach, but that the   website had fallen victim to a “formidable” outside presence.

Donohoe said the website had been hosted in the United States “for reasons in relation to bandwidth access, and also cost”.

Additional reporting by Susan Ryan.

  • Share on Facebook
  • Email this article
  •  

About the author:

Gavan Reilly

Read next:

COMMENTS (2)