Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

2,000 users’ details taken in Fine Gael website breach

The party confirms that 2,000 details had their emails, mobiles and IP addresses taken, as the FBI is called in to investigate.

Updated, 19.55

FINE GAEL has emailed visitors to its website, advising them that their personal details were accessed, and may have been copied, by the Anonymous ‘hacktivist’ group that breached its site last night.

The party’s new website - launched just last Tuesday – was last night breached by two members of the collective, who manipulated the site’s commenting feature into displaying an Anonymous-branded holding page telling users that Fine Gael had “taken no measures to protect you”.

The FBI has been called in to investigate the breach by the US hosting firm ElectionMail, which hosted the site.

This morning, as the Data Protection Commissioner indicated he was investigating the breach, the party wrote to the website’s visitors – who were invited to give their names, email addresses, constituency details and phone numbers when they left comments – to inform them of the attack.

In an email seen by TheJournal.ie, the party said its site had been “professionally hacked” between the hours of 8pm and 12am last night.

The email read:

We were alerted this morning that the Anonymous Group was able to secure the database of the information submitted by you during the previous week…

As a result we have now taken the necessary action to report this “hacking crime” to the proper authorities including the Data Protection Commissioner and the Gardai.

This lunchtime the party said that around 2,000 users had seen their details – as well as their unique IP addresses – accessed; the Evening Herald had earlier reported that almost 4,000 comments have been left, but the Herald’s Kevin Doyle has since tweeted that a number of the comments were left by repeat visitors, thus reducing the overall number of persons affected.

Proving that Fine Gael had been selectively censoring messages submitted by users to the site, Anonymous provided Doyle with a copy of the data collected – data which included the details of Green Party TD Paul Gogarty, who had left a comment on the site.

The Herald also quotes a statement from Anonymous which describes Fine Gael as “a bunch of lying, deceitful men” and added that “all you people are interested in is your own back pocket”.

‘Not terribly complicated’

An online security analyst, who asked to remain unnamed, told TheJournal.ie that the attack was likely the work of what are called ‘script kiddies’, utilising a technique known as a ‘cross site scripting’ attack.

Such attacks, the analyst said, are “not terribly complicated” and are “usually easily defended against”.

At the time of writing, the website remained offline, with a holding page advising visitors that the site would remain unavailable “while we follow-up [sic] with the appropriate authorities to resolve this matter”.

The party’s traditional website, which had remained active at www.finegael.org while the temporary campaign website was active, has also been removed, and also redirects visitors to the notice about the Anonymous attack.

Overnight, the site had been taken down fully, and then replaced with a holding page assuring users that “the integrity of all the data collected” was “still intact, and was not accessed at any point by this outside entity”. Screengrabs of the site at various stages overnight have been posted on politics.ie and on the blog of Michele Neylon.

Anonymous is more widely known for its campaigns against the Church of Scientology, and more recently for having attacked the websites of companies like Visa, Mastercard and Paypal over those sites’ withdrawal of services to WikiLeaks.

Last week the site had come under further scrutiny when it was revealed that it was hosted in Miami, meaning that no political party in the Dáil had its main website hosted within Ireland.

The foreign-based hosting service had also raised concerns in the blogosphere about the Party’s compliance with the Data Protection Acts, and whether their transfer of personal data to a host outside of the EU was being done on a compliant legal basis

As a result, late last week the site was updated to include an opt-out where users could stop the party from retaining their details.

This afternoon Fine Gael senator Paschal Donohoe told RTÉ Radio’s News at One that the party “regretted” the security breach, but that the   website had fallen victim to a “formidable” outside presence.

Donohoe said the website had been hosted in the United States “for reasons in relation to bandwidth access, and also cost”.

Additional reporting by Susan Ryan.

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds