2011-01-10 Fine Gael Claims To Have Been Hacked By Anonymous [Updates: 9]

In an odd turn of events, the Irish opposition party, Fine Gael, claims on its website that the site was hacked on the evening of January 9th by "a group calling itself the Anonymous group."

The statement goes on to link Anonymous to Wikileaks, in a move possibly betraying a lack of understanding of Anonymous. The statement follows.

From: Fine Gael Website





Why Fine Gael might have been targeted by Anonymous is as yet a mystery. Anonymous has reportedly been engaging in recent actions against government and private websites, but these actions are reported as having been DDOS attacks, which do not appropriately fall under the banner of "hacking." There is also little apparent reason in recent news why Anonymous would target an Irish political party.

A screengrab of the website is attached to this post.

Updates will be posted as they come.

Update 1
RTÉ News has posted a statement by Fine Gael elaborating on the above information.

Last night, we regret to report, the Fine Gael website was professionally hacked. The group that participated in this attack called themselves the Anonymous Group. This group has been associated with the Wikileaks investigation and attacks on companies such as Visa, MasterCard and Amazon. The attack occurred from 8.00pm to 12.00am last night.
We were alerted this morning that the Anonymous Group was able to secure the database of the information submitted by members of the public during the previous week. This affected just under 2,000 subscribers.
As a result we have now taken the necessary action to report this "hacking crime" to the proper authorities including the Data Protection Commissioner and the Gardaí. This morning the Party has emailed each of the individuals who submitted their comments and contact data (emails, IP addresses and mobile phone numbers) to the site to notify them of this event. We deeply regret any inconvenience that has been caused to them.

Update 2:
The hack appears to have comprised the replacement of the FG website with an Anonymous banner, making vague allegations of FG negligence, and the appropriation of the private log in details of visitors and contributors to the FG website.

Update 3:
Kevin Doyle, with the Evening Herald, tweeted the following:

Have confirmed - Data Protection Com has been informed that the details of nearly 4,000 people has been stolen by hackers on FG website.

Update 4:
A FG officeholder is reported as having claimed, in an RTÉ broadcast, that the FG site has been attacked by Wikileaks. The podcast is yet to be released, which might allow us to confirm this statement. At the very least, it seems indicative of a lack of understanding of the relationship between Anonymous and Wikileaks.

Update 5:
There are few data available to suggest that the present story is anything to do with Wikileaks, and much to recommend that conclusions are being jumped to. RTÉ reports that "hackers attacked [the website] removing the content and posting a message referring to censorship by the political party." But there is little to suggest in the actual message that censorship is the issue considered important by the Anonymous hackers. The message suggests that Fine Gael "takes no measures to protect you."

A more cautious explanation might see the attack as motivated to expose lax information security on the upgraded FG site, which, according to RTÉ, recently added web community features. The delivery of the requisitioned information by an unnamed party to an Evening Herald journalist would appear to substantiate this hypothesis. There is a good chance that the recent newsworthiness of the actions of Anonymous, and its misleading association with Wikileaks by the press, has led FG and the Irish broadcaster to infer more than is appropriate from the facts of the case.

Update 6:
On the other hand, a Belfast Telegraph article reports that the message was slightly different from that in the screengrab we sourced from the RTÉ website.

"Nothing is safe, you put your faith in this political party and they take no measures to protect you. They offer you free speech yet they censor your voice. Wake Up."

Still nothing there to suggest any reason to implicate Wikileaks support as a motive in this activity.

Update 7:
The Press Association is reporting that the FBI are now involved, because the site was hosted by a US company.

Update 8:
The FG official formerly mentioned (in Update 4) is Senator Pascal Donohue. Donohue was interviewed about the incident on the January 10th RTÉ Radio One O'Clock News. Donohue's statement reveals a troubling lack of awareness of the nature of Anonymous, the tenuousness of its reported links with Wikileaks, and the mechanics of hacking.

  • Donohue immediately mentioned links between Anonymous and Wikileaks, without qualifying these. "Our understanding is that some of the organizations that are associated with Wikileaks decided to attack our website."
  • He continually refers to Anonymous as "an outside presence."
  • He explicitly states that FG took every precaution necessary "and more" to ensure that the site was secure, a proposition which appears dubious, given that the hack appears to have had the intention of exposing lax security, and does not appear to have been a sophisticated operation.
  • Donohue insists that the attacks on Mastercard and Visa demonstrate that the "organization we're dealing with" are "very very sophisticated, and have an agenda of targeting political parties [which is a straightforward falsehood] and multinational companies." FG's possible responsibility for the incident(lax data security) is therefore mitigated by the abilities of Anon. This statement glosses over the fact that Anon is a decentralized swarm of internet users employing an idiot-proof piece of software (LOIC) to deny services on particular websites. This does not bely sophistication. Furthermore, this incident bears no resemblance to actions by Anonymous, and there has been no prior publicity about it from Anon's Twitter channels.
  • Donohue's imputation of political motives to the hackers is dubious, given that he neither appears to fully comprehend the political agenda of Anon's recent WL-related actions, nor has any idea why Anon might target FG in connection with WL. He merely appears certain that they did, and for "political reasons." This does not hold water.

It is becoming difficult to avoid the conclusion, in the absence of any hard evidence, and the predominance of ignorant statements about the matter, that the link between this incident and Wikileaks is the result of a perfect storm of inflated self-importance, overwhelming ignorance about Wikileaks, Anonymous and the technology and culture of hacking, and a propensity to jump to shrill conclusions. There appears to be a prima facie case in defamation against Donohue, if Wikileaks were disposed to pursue it. One must also conclude that the involvement of the FBI in this matter is a waste of U.S. tax payer's money.

2010-01-11: Update 9:
Forbes article on the matter introduces new information, mostly confirming the informed suspicions above. The article characterizes the attack as a "rogue attack." But it is probably more accurate to see it simply as using the Anon banner, but being unrelated, in organization and motive, to the WL-related Anon actions, since the Anon movement is not an organization in the proper sense.

  1. Anon sources involved in the WL-related actions claim the attack is not a WL-related Anon attack.
  2. FG website was not on any WL-related Anon target lists
  3. The attack does not include the Anon signature message
  4. The attack is not in the form that Anon typically employ.
  5. The hackers posted their aliases on the site during the hack. This is atypical of an Anon attack.
  6. Searches of Anon chatlogs demonstrate that persons using those aliases have been inactive in the Anon movement.
  7. Sources close to the investigation claim that at least one of the hackers was Irish. This contradicts (apparently baseless) assertions to the contrary by Fine Gael Senator Pascal Donohue.

The relevant portions of the article are quoted in the News Coverage section below. It is nearly certain at this stage that this story has nothing to do with Wikileaks.

News Coverage

RTÉ News
Irish national broadcaster reports that the private login details for the website, of just under 2000 people, were appropriated during the hack. Little information is provided on the alleged motive or of the reason Fine Gael linked the action to Wikileaks.

Fine Gael has confirmed that the contact details of just under 2,000 people were compromised in the attack on its website last night.
The party contacted the office of Data Protection Commissioner Billy Hawkes following the website attack, which is investigating.
It also contacted the Garda Computer Crime Unit in relation to the incident.The Fine Gael website was forced offline last night after hackers attacked it removing the content and posting a message referring to censorship by the political party.
Fine Gael rebranded its main website, finegael.ie, last week as finegael2011.com and invited members of the public to post comments and register their mobile numbers and email addresses to receive campaign messages.

RTÉ News: 2,000 affected in Fine Gael data breach

Silicon Republic
SR carries a story, claiming the number of compromised persons is as many as 4000.

The Data Protection Commissioner is investigating the attack on the Fine Gael website yesterday, after an Evening Herald journalist claimed he was sent data of nearly 4,000 users of the site after the hack occurred.

The Data Protection Commissioner said Fine Gael contacted him after their site was attacked by those using the "Anonymous" banner.

On Twitter, Kevin Doyle, an Evening Herald journalist claimed the commissioner was informed the data of nearly 4,000 users of the site was stolen by those who attacked it.

Silicon Republic: Nearly 4,000 users’ data possibly stolen in Fine Gael site hack

Forbes Jan 11th

But sources within Anonymous say the hack wasn’t their doing. Fine Gael has not been on the group’s recent target list, had not been discussed on its chat forums and the image used to deface Fine Gael’s web site (now taken down) does not include the group’s usual message: “We are Anonymous, we do not forgive, we do not forget.” A member of the group added that it would not collectively release the private data of members of the public, and typically would deface government Web pages to berate them about freedom of speech.

The message posted on Fine Gael’s site instead reads:

Nothing is safe, you put your faith in this political party and they take no measures to protect you.

They offer you free speech yet they censor your voice.


It also boasts that is “owned by Raepsauce and Palladium.” A search on Anonymous’ chat logs shows ‘Palladium’ only once this month saying “Hi,” and it appears the user took on a number of nicknames on the network.

The FBI is currently investigating the incident, along with Ireland’s police and the Data Protection Commission. American authorities are involved because Fine Gael’s Web site is hosted by the American IT company Rack Space. “We are confident that the police investigation will be successful,” said a spokesman for Fine Gael.

Two sources close to the situation said that at least one of the perpetrators was based in Ireland. According to TheJournal.ie, the malicious code was housed on a server in Samoa, under a domain registered anonymously.

Forbes: Rebel Member Of Anonymous Hacks Irish Opposition Party Site

Fine Gael.png145.07 KB
Anon.png124.6 KB

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer