unclesmrgol on March 12, 2009 at 1:43 AM

No e-mails from anyone. I heard about it here.

From http://www.twincities.com/allheadlines/ci_11891772

Former Sen. Norm Coleman’s campaign didn’t do enough to protect donors’ confidential information, and Wednesday that lapse came home to roost as more than 4,700 partial credit card numbers were posted on the Internet.

As data-privacy and security experts criticized the campaign’s handling of a confidential donor database, the Republican and his aides suggested partisan motives — and told donors they should cancel their credit cards. [...]

As recently as late January, databases of thousands of Coleman’s donors and assorted contacts sat on a public portion of the campaign’s Web site. They were not password-protected, so a Minneapolis consultant was able to find them by essentially surfing the Web. And the credit card numbers weren’t encrypted — a violation of credit card industry standards, according to several experts.

Kelly McShane, whose job is to secure information in the banking industry, said he learned that the last four digits of his American Express card — and the four-digit security code used to verify the card — were posted online when a reporter e-mailed him.

“I’m in IT security for a bank, and I can tell you that this is so … irresponsible that I can’t believe it,” said McShane, who had donated $100 to the campaign online.

The Coleman campaign is a victim

They were the target but their donors are the victim.

Coleman is guilty of not putting up the effort to properly secure the information. There is no way that this private information should be hacked if the campaign invested in a properly secured network and disciplined use of the donor database.

Odds are someone had it on an unsecured Windows station off the server or even off the network. A lot of “hacking” is actually just taking advantage of lazy, careless saps working for your target organization. Coleman’s campaign should be held liable by their donors in the event of any real loss.

first it was supporters of prop 8 and now its supporters of norm coleman . Can we take the people who do this out into the woods and leave them chained to a tree for the wolves to eat.

Mojack420 on March 11, 2009 at 4:06 PM

I am pretty sure wolves don’t eat carrion, however, you could dip them in honey and stake them out on an ant hill.

Lily on March 11, 2009 at 7:07 PM

.
If I remember the Quote from Time Spike by Eric Flint and Marilyn Kosmatka correctly “the scent indicated that the prey had the most highly sought after commodity of prey, it was already dead.
.
But either way I think it would constitute crulty to animals.

That said, the Coleman campaign is very much in the wrong on one point: they should have notified the people in their database promptly when the information was compromised. I understand they were in the middle of a nasty recount, but notification is in fact required by law.

tom on March 11, 2009 at 4:08 PM

Did they know? They were unsure how deep the hack went, and, if they are truthful, the FBI told them everything was copasetic. I doubt the Coleman campaign was running their own merchant software — that’s normally a function you hire out, and your server proxies to the provider. My guess is that either somewhere on Coleman’s servers were keys used to access the merchant account, or the keys were not strong keys and the hackers guessed. In any case, the materials the hackers got were almost certainly not on Coleman’s server(s).

I have a feeling that this information which attacks many private individuals goes way beyond the “government secrets” stuff for which wikileaks had been noted. I feel the same way about wikileaks now as I feel about the guys who out zero-day exploits — pompous low-life scum. I was a minor fan of wikileaks, but no more.

Marxist Party Mantra. . .

Sounds like they did their due diligence and the Coleman campaign did NOT.

I would say that whomever is responsible for not making this public immediately on the Coleman campaign should be summarily dismissed. I just hope it wasn’t Coleman himself, but rather some staffer that boned this one.

wearyman on March 11, 2009 at 6:09 PM

They are the criminals, They are not wearing “white hats” in this matter. The Coleman campaign is a victim, as is every person whose card was put up.

For those of you here who have had to cancel your cards, is “wearyman” right — did you get any notification from Wikileaks before they put up your data?

Here’s the guys to sue:

Domain ID: D130035267-LROR
Domain Name: WIKILEAKS.ORG
Created On: 04-Oct-2006 05: 54: 19 UTC
Last Updated On: 04-Oct-2008 18: 37: 51 UTC
Expiration Date: 04-Oct-2018 05: 54: 19 UTC
Sponsoring Registrar: Dynadot LLC (R1266-LROR)
Status: CLIENT TRANSFER PROHIBITED
Registrant ID: CP-13000
Registrant Name: John Shipton c/o Dynadot Privacy
Registrant Street1: PO Box 701
Registrant Street2:
Registrant Street3:
Registrant City: San Mateo
Registrant State/Province: CA
Registrant Postal Code: 94401
Registrant Country: US
Registrant Phone: 1.6505851961
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email: privacy@dynadot.com

The server is in sweden, but the guys running the “privacy cover” are local registrars, and own the domain name. “Deep pockets” apply here, as does RICO.

Coleman supporters’ private info likely breached Norm Coleman……

first it was supporters of prop 8 and now its supporters of norm coleman . Can we take the people who do this out into the woods and leave them chained to a tree for the wolves to eat.

Mojack420 on March 11, 2009 at 4:06 PM

I am pretty sure wolves don’t eat carrion, however, you could dip them in honey and stake them out on an ant hill.

In January, an event occurred that made us fearful that our firewalls might have been breached. We contacted federal authorities at that time, and they reviewed logs from the server in question as well
as additional firewall logs. They indicated that, after reviewing those logs, they did not find evidence that our database was downloaded by any unauthorized party.

Let me be very clear:? At this point, we don’t know if last evening’s email is a political dirty trick or what the objective is of the person who sent the email. What we do know, however, is that there is a strong likelihood that these individuals have found a way to breach private and confidential information. But because of this uncertainty, and out of an abundance of caution, we have begun contacting our supporters to provide them with as much information as we currently have available.

And yes, I STILL attack Wikileaks for publishing the private information of donors as part of a political attack.

At least when they catch Coleman’s hacker he will be punished for his crimes; because America, unlike Vietnam is……

Oh, Wait….
Nevermind.

HERE is the article on Wikileaks.

From the article:

(emphasis mine)

On Tuesday 10th and early Wednesday 11th of March 2009, WikiLeaks informed the supporters listed in Norm Coleman’s database about the security breach and that the information will be released online.

As with other cases of mass disclosure, like the BNP membership list, WikiLeaks is sending out notifications to victims of security breaches to ensure they become aware of the leak and can act up on it.

While Norm Coleman and his campaign team were aware of the breach back in January, and the lists had circulated for months on the Internet and various file-sharing portals, they decided not to inform their supporters, which while being plain disrespectful, also violates Minnesota Statute 325E.61.

Sounds like they did their due diligence and the Coleman campaign did NOT.

I would say that whomever is responsible for not making this public immediately on the Coleman campaign should be summarily dismissed. I just hope it wasn’t Coleman himself, but rather some staffer that boned this one.

Oh, wait! We already started that last November!

Dr. ZhivBlago on March 11, 2009 at 5:22 PM

The real question here is if the terrorist-supporter AG is going to pursue this as a federal crime or not. At a minimum, it impedes the election process.

Sadly, with the filthy liar in the White House, there is no such thing a criminal if the ends justify the means.

first it was supporters of prop 8 and now its supporters of norm coleman . Can we take the people who do this out into the woods and leave them chained to a tree for the wolves to eat.

Mojack420 on March 11, 2009 at 4:06 PM

What have you got against the poor wolves that you want to poison them?

trusted media liaison

????????

since when is wiki a “trusted” media source,trusted by whom?