Category Archives: Taipo

Rangi Kemara Remembers "15 October 2007 The Day the Raids Came"

Read the complete analysis of alleged Maori terrorism in the Urewera

This series of tweets posted by Rangi Kemara on 15th October 2015

The story of the paramilitary assault on the house and caravan at Manurewa where Rangi lived with the late Tuhoe Lambert and his whanau. An innovative and powerful use of Twitter to tell the story of his gunpoint arrest.

https://twitter.com/Te_Taipo/status/654341472561532928 …
https://www.hashfav.com/page/1015/1525

Rangi Kemara @Te_Taipo
@te_taipo15 October, 2007, The day the raids came. My recollections of that morning: Early morning, still dark. I’m awake

Rangi Kemara @Te_Taipo
@te_taipo Loud noises outside, cops yelling at neighbours, doesn’t sound good, remembers yesterday’s domestic dispute

Rangi Kemara @Te_Taipo
@te_taipo Im thinking, must’ve boiled over into something serious cuz theres a crap load of cops piling up outside

Rangi Kemara @Te_Taipo
@te_taipo Lots more vehicles, racing engines, squeeling tires, loud noise as front left fence is demolished

Rangi Kemara @Te_Taipo
@Te_Taipo_taipo I edge back curtains for better look, holy shit there’s fucking armed cops everywhere! W-T-F!!!

Rangi Kemara @Te_Taipo
@te_taipo Loud hailer: You in the caravan, come out with your hands up! This repeats. It occurs to me, I’m in a fucken caravan!

Rangi Kemara @Te_Taipo
@te_taipo I can see many gunmen up high on vehicles aiming down, this is a kill zone if I step into it…

Rangi Kemara @Te_Taipo
@te_taipo I step out to hear the shooter on point yell in quick succession “gun-gun-gun” meaning, I had a gun, shoot me dead…

Rangi Kemara @Te_Taipo
@te_taipo I yell back, “no gun, no gun, no gun!” Step out into the glow-worm lights of many assault rifle torches

Rangi Kemara @Te_Taipo
@te_taipo How many can I quickly count, 10, 15, 20, lost count, dam! Too many, my kung-fu will not save me.

Rangi Kemara @Te_Taipo
@te_taipo Loud hailer now screaming for me to raise my hands, 4 gunmen rush me, barrels to my head, all 4 sides???

Rangi Kemara @Te_Taipo
@te_taipo Thoughts cross my mind, who trained these idiots, I could bend over to touch my toes, crossfire, 4 dead cops

Rangi Kemara @Te_Taipo
@te_taipo Armed escort to the street, I can see fear in their eyes. One is yelling “dont look at me!!! Eyes Front!!!”

Rangi Kemara @Te_Taipo
@te_taipo That accent, fuck me he’s a Maori! Better work stories aye? Fucken lickplate!

Rangi Kemara @Te_Taipo
@te_taipo I can see plastic stock assault rifles, so my reply, “eyes front? or what???”

Rangi Kemara @Te_Taipo
@te_taipo Forced to the ground, plasticuffs, barrels against back of my head, frightened gunmen, the worst kind…

Rangi Kemara @Te_Taipo
@te_taipo 2nd wave of police soldiers head in to drag the whanau out in the main house. First out is Tuhoe Lambert.

Rangi Kemara @Te_Taipo
@te_taipo They’re lined up against the wall like a firing squad. Whaea Ada is yelling to the kids that it’s going to be ok.

Rangi Kemara @Te_Taipo
@te_taipo Cops yelling at her to shut the fuck up! She replies, “or what you going to do”. Keeps talking.

Rangi Kemara @Te_Taipo
@te_taipo They drag her across the road & try to force her into a vehicle unsuccessfully. Wahine toa! They give up.

Rangi Kemara @Te_Taipo
@te_taipo Kemara! Do you have any weapons on you, yeah, there’s a fucken 105 howitzer in my top pocket! Idiots!

Rangi Kemara @Te_Taipo
@te_taipo Tuhoe & I are lifted by the plasticuffed arms and dragged around the corner away from the whanau.

Rangi Kemara @Te_Taipo
@te_taipo Forced to ground again face down in water. Pissing down. STG gunman: “Kemara, where are the guns?”

Rangi Kemara @Te_Taipo
@te_taipo Me: “In car boot, my keys are in caravan right next to my fucken firearms license”

Rangi Kemara @Te_Taipo
@te_taipo STG Gunman: “Bullshit! you don’t have a license”, Me: “Pointless debate, go have a look for yourself”, he sends a runner.

Rangi Kemara @Te_Taipo
@te_taipo So we wait, face down for arresting detectives to arrive. Half hour, still nothing. Shit, I’m going to be so late for work.

Rangi Kemara @Te_Taipo
@te_taipo Finally hear the dullards voice, allowed to kneel facing the fence as Det Hamish McDonald formerly arrests me.

Rangi Kemara @Te_Taipo
@te_taipo Charged with what feels like 1.21 Gigacounts of unlawful possession of firearms, fuck, I’m sure they’ve found my license by now.

Rangi Kemara @Te_Taipo
@te_taipo Tells me he wants to talk to me about terrorism, I reply, na get me a lawyer. We’re off to Wiri cop shop for parakuihi.

Rangi Kemara @Te_Taipo
@te_taipo 15 October, 2007, the day the raids came.

Links: The Operation 8 Series

Government is Hiding the Truth Behind the Serco Debate

The State Operated Prisons are the Real Problem

The View from the Inside by Guest Blogger Te Rangikaiwhiria Kemara

On 15th October 2007 I was one of the eighteen political activists arrested in the Urewera Terrorism Raids, or Operation 8. While waiting for the laying of terrorism charges, we were detained in various remand prisons around the country. Some of us spent up to 28 days inside before being released on bail awaiting trial.

Four of us, the so called Urewera Four, eventually went to trial. Taame Iti and I were convicted and sentenced to 2 years and 6 months in prison, while Emily Bailey and Urs Signer were sentenced to 9 months home detention.  On the grounds of exceptional behaviour Taame and I were both released after serving about ten months. I spent that ten months in the state run Spring Hill Corrections Facility while Taame was shifted to Waikeria Prison.

What I want to discuss here is my experience in Spring Hill and to some extent in the remand prisons in relation to the current public outcry about the standard of the Serco private run prison because the Serco debate is diverting attention from the atrocious standard of management in state run prisons.

Firstly some terminology

For the sake of this discussion, I will refer to the Mt Eden prison as Auckland Central Remand Centre (ACRP or A-Crap as it was known to us), and the privately operated Mt Eden Prison as Mount Eden Corrections Facility (MECF). I spent about three weeks in each of these prisons, not long, about six weeks in total, but long enough to see what was going on.

A Remand Prison is a prison where either people awaiting trial, or convicted and awaiting sentencing are held.

Sentenced Prison – once sentencing is completed, remand prisoners are sent off to any one of this country’s dozen or so prisons to begin their sentence. I spent ten months in one of these prisons called Spring Hill at the northern side of Waikato.

Prison Violence

Prior to my time in prison, I held a some views on the role of prisons, and on prison reform. Many of these views remain, but a few have changed – smashed and discarded due to my experience as a guest of the state.

  • Prisons are the way they are because the public is largely uninvolved, and is not actually interested in what goes on inside.
  • Most of the general public don’t actually care about what happens to prisoners – they get what they deserve … unless violence is put in the public face, as in the recent Serco revelations.
  • The Justice System is determined by politicians who are keener to get re-elected than fixing up a dysfunctional prison system.
  • Many of the groups that do engage with the Justice System to advocate for adjustments to the way prisons are run, are often self-serving and/or ideologically driven (i.e. Sensible Sentencing)

Prison violence has been around ever since there was a) violence, and b) prisons. These are the sources of violence that were observable during my time inside (from least to worst):

  1. Gang recruitment and on-going training (UV)
  2. Prison justice (UV)
  3. Understaffing (AV)
  4. Overcrowding (AV)

I also separate these into two categories in terms of what I believe prisons can do to stop violence – (AV) avoidable violence and (UV) unavoidable violence.

Unavoidable Violence. So for example, while there are ways for a society to mitigate the conditions that cause the proliferation of gangs and the black economy, for example through a fairer society and by undoing some of the prohibitions, these things cannot be solved by a prison system, so they constitute unavoidable violence (UV).

Gang Recruitment and on-going training (UV)

People might be surprised that I list this as the least of the sources of violence.  Firstly it is unavoidable violence that comes part and parcel with the society that generated the disparities that lead to the emergence and propagation of gangs.

While societies continue to create the conditions for street gangs, prisons will only perpetuate their longevity and ongoing recruitment. I saw this with my own eyes, to some extent in ACRP/MECF and in full bloom in Spring Hill Corrections Facility (SHCF).

In order for gangs to survive the onslaught of targeted policing decimating their numbers at large, they use your prison system and your tax money to recruit and train the next intake of manufacturers, wholesalers, distributors and security (foot soldiers). The gangs regenerate themselves inside the prisons.

Whether by organised fight clubs to train foot soldiers to do the muscle work, or the more common method of one on one mentoring, your tax dollar is being put to good use by gangs for their objectives. Corrections in its history in this country has never been able to prevent this from occurring, whether under National or Labour, in either private or state run prisons.

This type of daily violence is what I would call Jail.

In prison it is normal, and works in some totally fucked way to make prison very uncomfortable for many, discouraging them from ever wanting to be there again. While I am not advocating for it, this is certainly one of the residuals from this constant level of physical biffo that goes on daily.

In most instances though, gang violence via recruiting and training was isolated to potential gang members, and to hardening the psyche of their current members while awaiting their inevitable release.

Prison Justice

People joke about it all the time. Yunno, ‘ha ha ha don’t slip on the soap’, in reference to the general public’s view of what is prison justice, i.e how easy it is to get raped in prison. But prison justice is a real component of all prisons around the world. And prison justice is no laughing matter. Prison justice = violence.

In this country it shows itself in that almost all child molesters end up in the segregated wings (Segs). As soon as it becomes known that someone is incarcerated for child related crimes, they are summarily beaten and that gives them grounds to complain and therefore be reassigned to Segs.

The general public are in two groups on this issue: Group 1 – those who have no clue and don’t really care anyway, and Group 2 – those that know and think it’s acceptable. So to some extent society tolerates prison violence. I myself also tolerated this without question when I saw it in prison.

Other ways prison justice is meted out though are not so palatable.

Prisoners who rat out one another or take a deal in some form or other, are also given the same treatment. Prisons actively encourage narking, so this form of violence is very common.

There is a third type of prison justice, and it is not well known until you have seen it or experienced it with your own eyes, and that is if a prisoner is rich, they will be tapped in every way shape or form for their resources. For the rich this is of course not justice, but to poorer prisoners who have no financial support outside of prison this is their form of prison justice to get one back on rich pricks.

Under staffing

Contrary to the popular misconception prison guards, or ‘Screws’ as they are known inside, cannot be everywhere all the time. This easily allows for what people saw in the so called ‘fight club’ videos that made sensational headlines in recent news.

These mock and semi controlled fights are usually over and done in a matter of minutes, the time it takes for the screws to do their rounds and come back around again. Sure some of the screws turn a blind eye, but mostly it’s just vigilant prisoners who learn the routines of these under staffed prisons.

Spring Hill prison is chronically understaffed by comparison to ACRP & MECF at Mt Eden, by a country mile!

This is in part due to overcrowding of prisons intended to have x amount of staff per y amount of prisoners. Most of the under staffing related violence rears its head during school holiday periods when prison staffing run at a skeleton level.

The only way Spring Hill prison coped with this during my time there was to employ long lockdown hours when staffing levels were low. In many wings this meant 23 hours a day locked down, and one hour outside. For lower security units this meant 20 hours locked down and 4 hours outside. Adding to the stress of these long lockdowns are the number one cause of violence in Spring Hill, and that being the following…

Overcrowding

Spring Hill Corrections Facility was built by the Labour Government and completed in 2007 to house 650 sentenced prisoners. Its initial focus was on Pacific Island prisoners, hence it has a Pacific Island focus unit called Vaka, and a Pacific Island church.

With the change of the incoming National government in 2008, the government then embarked on putting more people in prison, 1000’s more than they had bed spaces for. The then Minister of Justice Judith Collins concocted this grand idea of replacing the single bed cells in Spring Hill (and other prisons to some extent) with bunk beds. I bet Collins thought this was a clever cost saving idea, but it however led to a massive and fatal rise in violence. Every prisoner I ever spoke to pointed without hesitation directly back to that one event as the principle catalyst – deliberate over crowding.

Spring Hill now has 1050 prisoners inside cells in facilities designed to be uncomfortable for 650 prisoners. This results directly in a new level of violence that is not isolated to the world of gangs and their training regime. Everyone is susceptible to the violence that ensues from Collins’ intentional overcrowding.

Whether waiting for the one unit telephone, or microwaves, or the two unit washing machines, the result is a daily high level of anxiety that is far above and beyond the intended stress levels prisoners were meant to be under while incarcerated. After weeks of these extended lockdowns, Spring Hill turns into a sort of war zone that makes those so called fight club videos look like child’s play.

In fact, for me, both Serco’s ACRP and MECF were holiday camps compared to the violence I saw daily in Spring Hill.

You have one hour outside, there are 88 of you in a unit, you have a pile of clothes that need washing, there’s two washing machines, which some of the time, at least one of them is broken. There are usually about 1 or 2 working microwaves if you want to cook some soup or porridge, and there is a single telephone for you to call loved ones. The 88 of you have one hour to bang your way to the front of the line to get your washing done.

Sound like fun?

Then once that one hour is over, you are back in your cell with another grown man for the next 23 hours, eating, showering and shitting together (the toilet is in your cell). This is the cause of the other overcrowding related violence where prisoners just get sick of seeing each other’s faces for 20-23 hours a day, and after a week or so of this even the best of mates are ready to scratch each other’s eyes out.

Further exacerbating this are weather conditions.

Spring Hill cells are not insulated and are mostly what you would call outside cells. So in winter temperatures drop to zero in cells overnight, and rise above 30 degrees during the day, over 40 degrees if the prison is on lockdown with 2 persons in a cell.

The air intake in each cell and air extraction were designed for a single prisoner in a cell where most of the daytime they would be outside. During summer’s long lockdowns we would be clawing at the air intake for fresh cooler air until temperatures dropped to a sleepable level at about 2am in the morning.

Winter was just as bad where the only place you could keep warm was on the floor in cells where the floor warmers actually worked. About half didn’t work so huddling under layers of clothes and blankets was the order of the day.

Overcrowding is also the cause of a lot of the medical mistreatment in Spring Hill. The medical centres are under staffed and struggling to cope with the extra 400 prisoners. Added to this is an attitude amongst some of the medical staff that providing crap medical is part of your punishment. This attitude extends to doctors as well who if they tried to pull that shit anywhere else would be had up for malpractice.

Medical do not attribute the stress they encounter in prisoners to overcrowding, but instead become immune to it, showing no concern for prisoners who sometimes have to wait for up to 3 months before receiving medical assistance. This leads to prisoners with preventable health issues ending up in hospitals with chronic health issues.

One such case was a young man in my unit who had breathing issues. His cell mate pressed the emergency button at about 2am to report this, and medical staff arrived at about 7am (as in, when they start in the morning) to find him in very bad shape.  He was taken away, like the others, in an ambulance.

He spent a few weeks in hospital then back into high risk/admin then back to our unit. The prison knew there had been a fuck up with him, so to buy his silence they offered him a room in the prison’s self-care unit. He took the deal, not realising that this broke an unspoken prison rule about taking prison deals. Prison justice kicked in and he was summarily beaten black and blue in self-care.

This is how overcrowding turned a simple asthma attack into black eyes and broken ribs. This was not the only case like this.

Life in these double bunked prison cells was so shit that some preferred to spend as much time as they could in the prison’s solitary confinement unit, or ‘The Pound’ as it is called, not because the pound is an easy place to spend your time, but rather because at least there during the long lock downs around the prison, you could have your own room, and did not have to endure the shit soaked air of another person’s excrement.

Now consider the conditions for which a prisoner is sent to the pound, this usually entails committing a serious violent action. Bash up a prisoner, knock out a screw, any form of violence will get you a spot in the pound. Because of this, the pound was usually full, and some of these prisoners ended up doing their pound time in their own double bunked cells.

From my talks with the long term prisoners in my unit, it was their opinion that the murder of one of Spring Hills prison guards in 2010 came from the extreme stress caused by these conditions.

There is no real means for prisoners to get the message out to the general public. They are forbidden internally from talking to journalists. The internal process of escalating these issues is nothing short of a whitewash and cover-up, and prisoners WILL experience prejudice for putting in official complaints.

For this reason, some prisoners in units higher up the hill from where I was began planning in January 2013 what is now known as the Spring Hill Riot which took place later that year. There haven’t been many full blown riots in NZ prisons. A couple of riots in the 1960s, one in 2004, and the one at Spring Hill in 2013.

Typically the cover up system kicked in with the then minister immediately calling it gang related, and the final report whitewashed the riot as being frivolous. But let me be clear, the initial report that this was gang related, and the final report putting the riot down to home-made alcohol was a total, utter, whitewash.

The intention of that riot was to raise the issue of overcrowding I have detailed, and a recent UN report confirmed.

This is the number one issue prisoners have in Spring Hill, it is the only issue they want fixed (even though I will provide what I believe are fixes for all of the above except prison justice), and I promised them that when I had completed my parole period, I would get this message out to you all.

Preventing Violence in Spring Hill and Other Prisons via the Justice System

Some of the violence is an inevitable part of being in prison. Prison Justice for example is case and point. There is not much that I can think of that can be done to reduce this. That aside lets tackle the other 3 issues I listed.

Gang recruitment and on-going training

A gang or club needs new members, and current members need up-skilling. What is no use to these clubs are members who receive prison sentences that exceed the sentences of trainers. These prisoners are looked upon as potential trainers, but they themselves are ignored in the training and recruiting.

Clubs are interested in new prisoners and prisoners with short sentences. Simply put, cut off the supply of this category of prisoner and you will severely impact on the gang related violence and regeneration using your tax dollars.

You won’t end gangs, because society, financial/ racial disparities, capitalism … creates that.

How to cut off the supply?

Well, two ways come to mind. Firstly, many of those poor and working class prisoners who are sentenced to short terms, especially the Maori prisoners, would probably not be in prison if they had proper representation. The government needs to provide a service for free to these and all prisoners actually, to have their cases reviewed with real representation, I’m talking Queens Council or similar level representational reviews.

From my own observation of the cases of the 88 men in the unit, I estimated that about 25% of them were wrongly imprisoned. Cases like cannabis possession – growing, driving without a license and more. Frivolous shit that should have resulted in a non-custodial sentence. These people should not be in a prison that subjects them to the onslaught of violence caused by gang recruiting, understaffing and overcrowding.

In this measure alone, you would see a massive drop in numbers of Maori prisoners in prison as well.

Secondly, find a non-custodial method of sentencing people who have been sentenced to 3 years or less for their crimes. If you take these people away from prison and successfully rehabilitate them without incarceration, then you cut the supply. No supply equals the end of the gang training regime on your tax dollars.

Under staffing (AV)

Self-explanatory. Provide a staffing level that meets the requirements and expectations the general public have for prisoner security in prisons.

Simple – up the staffing levels (and reduce the prison population).

Over-crowding (AV)

With 25% of your prison population now back out on the street due to the earlier discussed measures, you can then undo what National did to prisons around the country without even having to build another fucking prison. In fact you could take a bulldozer to at least one of the prisons by my estimate, as well as the following:

  • Single cells for all prisoners (get rid of the bunks!)
  • One telephone per unit for every 10 prisoners (imagine living in a house with 88 people and one phone)
  • Employ real medical staff rather than prison guards that know how to hand out pills

A note on Private Prisons

My one issue with Serco is that it is profiteering from misery. This in my view is almost as morally corrupt as purposeful overcrowding by government as a means of cost saving.

Summary

The UN Committee Against Torture actually identified these three areas I addressed in its latest report to the New Zealand Government, which the current minister of Corrections has soundly rejected.

Among other things, the report identified overcrowding, inadequate health services and over-representation of Maori in prisons.

Now you all have a better idea that all of that is true and have some ideas of how to fix this without building any new prisons.

These measures only address what the Justice System and Corrections can do to fix this issue.

You will always have high levels of crime and gangs while your society is so unfair to the less fortunate.

Get over it or do something about it.

Your call…

Te Rangikaiwhiria Kemara
Former political prisoner of Spring Hill Corrections Facility

My Analysis of the Rawshark Hack of Cameron Slater’s Communications

By Guest Blogger @Te_Taipo

What I want to discuss here is the attack on the WhaleOil communications network which resulted in a large cache of emails and attachments becoming the centrepiece of Nicky Hager’s book Dirty Politics.

I hope that you the readers, bloggers and users of online services will learn from the mistakes Cameron Slater made, and harden your web applications to minimise the chances of this happening to you.

I will also try to keep this as non-techie and non-geeky as possible …

Background

In January/February 2014 WhaleOil was hacked sometime after he posted a blog post with the headline Feral dies in Greymouth, did world a favour. We were later to find out that the hack was carried out by someone using the pseudonym Rawshark. What do we know about Rawshark from a technical perspective? He or she:

  • was very competent at secure, anonymous and private communications;
  • was very competent at protecting metadata that could lead to his or her identity being discovered;
  • understands the importance of good compartmentalisation of communications; and
  • does not show off, no hacking groups, no fanfare, just in and out.

The hack occurred around the same time that Slater’s website “Whale Oil Beef Hooked” was allegedly taken down by a denial-of-service (DoS) attack. It is not known if Rawshark carried out the alleged DoS attack, or if it was another group, or even if the attack took place, for it could well have been Slater taking his website down to fix it after being hacked by Rawshark. But for now we can only go by media reports that the site was indeed DoS attacked, and that Rawshark was somehow associated with it in some form.

According to Nicky Hager in his book Dirty Politics, some weeks after the hack Hager received an 8 gigabyte USB stick in the mail containing thousands of pages of emails hacked from Slater’s “website”. We have no clue about the extent of the data that came into Hager’s possession, but from all accounts, most of the leaked information was in the form of emails and file attachments, chat logs from GMAIL, and private chats from Facebook.

We do not know if there was other material in the leak, for example from Slater’s home or office computer, or to what extent his infrastructure was invaded. The only option then to form an analysis at any level is to go with what is publicly available and come to tentative conclusions by way of deduction.

The Herald has seen email records which appear to cover 2009 through to 2014

So if we start from the position that the bulk of the information was taken from Slater’s GMAIL account, and ‘possibly’ from his Facebook account, we can then start to discount a few of the possible attack vectors an attacker would use to pull off such an attack.

His Home or Office Computer as the Source of Documents

Firstly we should talk about the culture of bloggers to get a better idea about where potential repositories of private data might be stored. A good attacker would do this mental exercise before mounting any such attack.

Bloggers are not necessarily security experts when it comes to using the internet in a secure manner. Some security experts for all their talk are also crap at this. But what you will find with most bloggers are drafts of documents they might be working on. Drafts are stored on their home or office computers in Word docs, pdfs, and other formats; and drafts are on the website content management systems (CMS) they use, ready to go live (be published) at the appropriate time.

XSS Attack?

Well resourced attackers can take aim at their targets while they are surfing websites that do not enforce HTTPS. This can allow them to inject web browser exploits onto a user’s computer and essentially take over the computer by installing their stuff into hard drives and into the computer’s BIOS.

My guess is that Cameron Slater’s home or office computer at that time would have been a treasure trove of gathered dirt far beyond what was revealed in Nicky Hager’s book Dirty Politics.

However there do not appear to be any local hard drive sourced disclosures in the released material either from Nicky Hager in Dirty Politics or from Rawshark via the @whaledump and @whaledump2 Twitter accounts. The releases are all chat logs, emails and attachments, and drafts of press releases in emails and attachments etc.

For an example of this, check out the @hackingteam hack in which attackers appear to have snatched what appears to be ab entire cache of their network fileserver via a hack of their webserver.

An attacker would typically get their hands on hundreds of gigabytes of info, and not just emails, attachments and chats from online services.

So we can tentatively rule out a phishing attack or XSS attack on a home or office computer …

Smart Phone Hacked?

We also do not see in the released material any cellphone messages from a phone’s text repository. A lost or stolen smartphone is a treasure trove for an attacker because of the widespread habit of having GMAIL accounts, chats, Facebook, Twitter and more all logged in on smart phones purely for the convenience of it all.

Surely with all the text messaging between Slater, Collins and Key we would have seen those come to light. Yet the only text messages we see following the Rawshark disclosures are from non-Rawshark sources.

Now this could mean that Hager chose not to release this material, but of all the material released, there appears to be not one single document that originated from Slater’s home or office computer and not one cellphone text message. We will never know, but the conclusion I come to is that it is most likely that this attack was not aimed at his home or office computer or at his cellphone, but rather was restricted to wherever it was he stored his emails. 

GMAIL Email Repository

GMAIL is a web based email service that used to actively encourage its users to never delete their emails …

A user can also forward a copy of their emails in their GMAIL account to any of a range of other email accounts. In fact a user could forward all emails and never store any in their actual GMAIL account.

So we should not just assume that an attacker broke into Slater’s GMAIL account, even though this appears to be the likely entry point.

So how does an attacker break into someone’s GMAIL account?

There are some really easy ways, and some really hard ways.

The easiest first, in which the target (in this case Slater) has left his GMAIL account logged in on someone else’s computer (we will call that person Attacker/Friend or AF). AF would then have access to that GMAIL account. Even if Slater had logged out of his GMAIL account on AF’s computer, if AF had had the ‘Save Passwords’ feature enabled in his or her web browser, AF could then re-log back into that GMAIL account and siphon off all the emails. And using the most extreme method, AF could use a keylogger to record the username and password as Slater typed them and then later gain access.

This would be a rookie mistake on the part of Slater. Even though I do not rate his security precautions at that time as being anything of substance, this attack method is also rather opportunistic and not at all common when an attacker has decided to directly target someone, as it appears was the case with Rawshark.

How about breaking into a GMAIL login, can that be done?

Password Cracking

Password cracking in GMAIL is difficult because of the flood controls GMAIL uses. Even if Slater used a rather easy to guess password, it would not be easy to break it using the GMAIL login form.

Slater would had to have used a really obvious password like Wh@l3oil for it to be possible for an attacker to guess a password without employing a password cracking rig … but of course this is quite a common type of password structure for most security unaware users of the internet.

After all, bloggers are often just average internet users who happen to be bloggers.

Often it takes an attack like this one before web administrators realise that it is not enough just to know how to administer a content management system, and that in fact you need to learn some security basics as well.

But I am going to tentatively rule out a super easy to guess password…for now, ’cause, well, that would just be too sad … 

Password Reset ‘Feature’

Another possible way into a GMAIL account is through the password reset feature. Even if you enter fake information into this feature, GMAIL has on the odd occasion, emailed a password reset to an attacker’s designated email account, thus allowing them to take over a target’s GMAIL account.

Password reset attacks are not stealth attacks, are rather hit and miss, and this method does not fit the modus operandi of Rawshark who appears to be someone who knows how to research and take down her or his target without them seeing the attack coming.

Remote Exploits

Then there are these little devils called 0days. You can buy them on the so called {{{Darkweb}}}. They are exploits of vulnerabilities found in popular web services that have not been disclosed to the web service developers, and therefore remain unfixed. I do not get the sense that this was how this attack went down, but let’s look at an example. Let’s say someone discovered a way to circumvent GMAIL’s login CAPTCHA (those letters and numbers you have to enter when you get your password wrong), and instead of notifying Google, they could then go to one of these Darkweb sites and sell their knowledge to the highest buyer. An attacker could then use this 0day to password crack easy to break passwords because there would be no flood controls to prevent this.

But again, I do not see this as the approach that Rawshark took, with nothing more than a gut feeling more than any evidence pointing to this conclusion.

Jeremy Hammond Level Attacker

Lastly there is this being called an extremely talented IT exponent. The world is now gifted with a few of these individuals. In my books Jeremy Hammond is one of these people, there are more. Love him or hate him, Hammond was one of the more talented computer attackers I have ever read about – Rawshark could well be such a character.

It is possible although not probable that Rawshark, using her or his own pure talent, found a way in through GMAIL’s security into Slater’s email accounts without the assistance of social trickery or by tricking GMAIL’s password reset procedure. It is a rare thing, but it has happened before.

What other ways are there to get into the repository of emails?

Conveniently enough a GMAIL user can forward all their emails to another email account. I for example have my old GMAIL email forwarded to my Riseup email. So a successful attack on my Riseup email account would net an attacker both sets of emails.

In Slater’s case we do not know if he used any other emails but we do know that he owns a web space where his website was hosted. He also has a domain name and with that we can assume like so many other bloggers at that time, that he had his website hosted on a shared hosting platform that gave out free email accounts in his domain name. For example, if you own the domain name whaleoil.co.nz then it is a trivial matter to set up an email address like support@whaleoil.co.nz.

These shared webspace services also allow for emails to be held in an account on the webserver, so it is possible (but not probable) for Slater to forward a copy of his GMAILs to one of these email accounts as a backup or for whatever reason he deemed necessary.

Unlike breaking into GMAIL, it is much much easier for an attacker to break into a shared webspace.

On a number of occasions people that have dealt directly with Rawshark have referred to the attack as being an attack on Slater’s website although this could well be misdirection.

So this is one potential set of conditions where an attacker, aiming to break into a website for nefarious purposes, cracks the control panel login, and then has access to not only all the website files, but also to the email accounts which may have been preconfigured within the control panel. Then upon digging around , they find Solomon’s Mines of dirt in an email account.

This … is … possible, and happens thousands of times a day on the internet.

So how does an attacker break into a web space, or “website”?

Well the most common method is via insecure code within a website.

Bloggers like Slater use precompiled blog scripts like Drupal, WordPress, Joomla, phpBB or vBulletin. These content management systems (CMS) often have security weaknesses or vulnerabilities that an attacker can exploit between the time the weakness is made known and the time when a blogger/user updates their CMS.

All of the above allow users to add plugins/addons which some of whom have file upload ‘features’ that are incorrectly coded. Even the core CMS itself could also have a vulnerable file upload feature as has been the case.

The attacker using free tools like Joomscan, WPScan, etc, can poke around, find and exploit one of these weaknesses or vulnerabilities and upload a file called a shell which allows them to get full access not just to the website and other websites on a shared webserver, but also to the webserver itself.

An attacker can also get access to your website files via rather simple misconfigurations of webservers that allow them for example to view the contents of a backup directory which contains website database backups.

Slater himself is alleged to have made such an attack on the Labour Party website via a misconfiguration. In that case it was a missing default index file and a misconfigured Apache <Directory> directive setting causing the server to issue a directory listing and allowing the attacker to see all the files in the website directories, and download website and database backups.

By exploiting these vulnerabilities an attacker can get access to at least the database, and in some cases, the login credentials for the CMS.

But so what, that does not get us any emails.

Well yes and no.

We should return again to blogger culture, and common password culture or the lack of it, on the internet. As I said earlier, bloggers are often average internet users who just happen to also have a blog.

Most people know one really good password. And they use that password everywhere – their email accounts, Windows login, Twitter, Facebook, etc . There is a good chance that people reading this themselves use one hard password for everything. It is unbelievably common.

An attacker would assume this, so it would go without saying that if the attacker has been able to bypass security on a website she or he would get access to at least the database password. In the afore-mentioned CMSs the database password can be found unencrypted in the configuration files. The attacker would then try this password on everything, from the CPANEL control panel login, to the CMS admin login, and even to the target’s GMAIL and social media accounts.

It really would not surprise me if this is how the attack went down … attackers will poke around in your stuff using a wide variety of tools and a good nose for misconfigurations, and most of the time  there are always misconfigurations, out of date applications, badly coded addons and more.

Then Things Just Get Worse.

Symlink Bypass Attack

Even with the best security in place, if a blogger or anyone else uses a shared webspace service to host a website that site will probably be vulnerable to what is called a Symlink Bypass Attack. This can be launched from any website hosted on a shared webserver onto any other website hosted on the same server. An attacker for example could register their own website on the same webserver as the target’s website, and thereby gain access.

As an aside, try to avoid shared web services for this reason alone. This attack is still viable even today. Use a dedicated server or at least a VPS … to increase your security.

Via a Symlink Bypass Attack Rawshark would have eventually gained access to the blog admin logins, passwords, database password, database content and even into any active email accounts in the control panel (especially if GMAILs had been redirected into one of these accounts). In fact successful Symlink Bypass Attacks often give the attacker access to even the entire webserver.

Passwords are often stored in databases in the form of a cryptographic hash of the password. If these are not correctly salted, then an attacker can brute force these hashes to find the original passwords. In many cases an administrators easy to guess, short password could be brute forced from the database hashes in a matter of minutes. Then the attacker would now have the raw database password, and an admin user’s password to try out against your other webservices.

If the lazy admin had used one or two passwords for everything Rawshark would have then also had access to Slater’s GMAIL account.

End of Game …

Now, originally I thought this web based attack was unlikely for the following reason. Most attackers that I have witnessed in the past, who had access to their target’s administration login, have defaced the websites homepage with some smart arsed, usually lowercase, uppercase jumbled message.

d3f@c3d bY k0mp3r5t0mp3r

This appears not to have happened in the WhaleOil hack, and that to me was a clue that perhaps the attack did not originate from the website, or there was something really peculiar about this attacker that was outside the norm, or both.

Then something weird happened during the @Whaledump2 disclosures on Twitter that changed my mind a little on that.

Rawshark, or some associate, was posting disclosures on Twitter following the release of Nicky Hager’s book. A court judge ruled that Rawshark should stop disclosing Slater’s private information, and to my utter amazement Rawshark complied. On the day of the ruling Rawshark’s Twitter account ceased posting, and that was that.

See the Radio New Zealand report here.

That was an infosec moment for me. For one thing, for my own amusement I had a list of possible suspects as to who Rawshark could be, but because of this reaction by Rawshark, that list got ripped up.

Why? Well because I do not know or know of ANYONE in that position, using the best methods of anonymity and privacy, who would not have told that judge where to stick the ruling! It occurred to me that who we were dealing with here was a serially good normally law abiding person.

But we are not here to discuss the potential identity of Rawshark, but rather to look at the potential methods used to capture the email and chat repositories of one Cameron Slater. But in those clues alone, my deductions lead me to believe that access to the emails may not have originated from a direct attack on Slater’s website.

So, if you have managed to make it this far, we have these three possibilities:

  • Attacker Friend (AF) who goes feral on Slater and hands Hager the cache;
  • Hit and miss, or gifted attack on GMAIL itself to get access to GMAIL emails; or
  • Attack on the website of a lazy admin where one password is used for both web stuff and emails.

What about the Facebook conversations?

Facebook like any other social media service, depends on the user owning the email account attached to the username. Unless the user has activated 2-factor authentication, an attacker who has control of the primary email account of the target can trigger a password reset on, for instance, a Facebook account and take over a target’s account for a brief time until Facebook is notified.

This is of course a very visible attack and Slater would have seen that coming and possibly stopped it from happening.

Facebook also allows for third party applications, many of which at that time were very insecure. It might have been possible for an attacker to exploit Slater’s Facebook account if he used one of the many vulnerable applications available to Facebook users.

But we need to also take into account the possibility that Slater used one password for all, so if an attacker had guessed the password to the GMAIL account, for example whal3oil or some other variant, then the attacker could have easily gotten into all of his stuff without being seen, and that to me is the clincher.

Summary

As it stands I am still not totally convinced about how Rawshark was able to gather Slater’s communications. What you see above are strong suspicions that do not pass the test in my view for me to form a solid conclusion without more information from either Rawshark or the journalists that interacted with him, or from Slater himself. None of those are likely to be forthcoming, nor should they be.

I said earlier “But I am going to tentatively rule out a super easy to guess password…for now, ’cause, well, that would just be too sad … “

But if Slater was using a master password for everything, then you now know with some certainty the various ways Rawshark could have obtained it. My best guess is that this is a master password issue and that Slater most likely used a really crappy password for his email, and social media, and that Rawshark simply guessed.

…and that really would just be too sad…

A word on Rawshark: Will the police catch Rawshark? Probably not. Most attackers do their attacks via another infected webspace, or VPS, and almost always over Tor.

Tips for Better Blog Security Check List

If you run a political service of any sort online, you may attract the ire of someone who disagrees with you. In Slater’s case he often offends people deliberately or otherwise. It would seem that he did not properly look after his security so that he could talk with impunity the big talk; and someone took offence and took his world apart.

Even if you are not a total prick online…it pays to use the best security methods available, that actually do not cost you the world, but do however take a little time to accomplish.

  1. Memorise at least two 7 word pass phrases using Diceware
  2.  Use a password manager (KeePass/KeePassX, Encryptr) for all your passwords. Use one of these 7 word pass phrases to lock the manager.
  3. Use the other as a pass phrase for your primary email account
  4. Using the password manager, generate a unique password of at least a 128bit password for EVERY web service you use (social media sites, email accounts, web admin logins, banking logins etc). When you use a password manager you are then able to use passwords that are the maximum length allowed. For example, I have tested Twitter passwords as long as 165 characters long.
  5. Host your website on a VPS or dedicated server and NEVER on shared web hosting.
  6. Install an SSL/TLS certificate on your website!
  7. Use 2-factor authentication on your web based services such as email and social media
  8. If you use WordPress, add Pareto Security plugin (since I wrote it), Wordfence and (if you do not have an SSL/TSL certificate) Chap Secure Login
  9. Keep all your web applications and plugins up to date
  10. Make sure there are no publicly accessible backups of your website
  11. Use as few plugins as necessary
  12. Install HTTPS Everywhere and NoScript Security Suite on your web browsers
  13. Encrypt and lock your cellphone.
  14. Encrypt your computer hard drive or use Veracrypt to create encrypted containers to store your files in
  15. Ditch GMAIL and go with secure email services such as Protonmail, Tutanota, and Openmailbox.
  16. For the more security conscious/tech advanced, use TAILS, Whonix or at the very least TorBrowser, as your means of accessing the internet

Finally…

Chur

Kaati noa ra,

@te_taipo