Treasury claims someone made over 2000 attempts to hack into its website, targeting similar information to that National released; National says it hasn't done anything wrong and accuses the Govt of trying to smear it

Treasury claims someone made over 2000 attempts to hack into its website, targeting similar information to that National released; National says it hasn't done anything wrong and accuses the Govt of trying to smear it
National's Paula Bennett, Simon Bridges, Amy Adams

National Party Leader Simon Bridges denies hacking, “under any definition of the word”, was behind the Budget information released by his party on Tuesday.

Meanwhile Treasury Secretary Gabriel Makhlouf has gone to the Police, as he claims someone made over 2000 attempts to hack Treasury’s website from midday Sunday until Treasury made moves to bolt its systems down on Tuesday afternoon.

Makhlouf told RNZ’s Morning Report the Budget 2019 information accessed by the alleged hack was similar to that National drip-fed to media on Tuesday.

He wouldn’t go so far as to accusing National of hacking Treasury’s website, saying he had “no evidence” the information National released and the alleged hack were related.

Bridges refused to clear the air by saying where National got its information from.

He accused Finance Minister Grant Robertson of “lying”, trying to “gag” National, and undertaking a “smear” campaign against the party.

Bridges pointed out attempts to hack big organisations were common. Challenged on whether he was essentially saying Treasury and the Government were involved in a political conspiracy, he said he wouldn’t go that far.

The information National released included figures supposedly showing how funding would be allocated across 20 areas, including defence, heath and foreign affairs, in 2019/20.

It also claimed it had been leaked the Government’s 2019 legislation programme.

Robertson on Tuesday night said he had asked National to stop releasing information ahead of Thursday’s Budget. He said some of the information it had released was accurate.

Bridges on Wednesday said he didn’t intend to release more information.

We welcome your help to improve our coverage of this issue. Any examples or experiences to relate? Any links to other news, data or research to shed more light on this? Any insight or views on what might happen next or what should happen next? Any errors to correct?

We welcome your comments below. If you are not already registered, please register to comment.

Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.

41 Comments

Comment Filter

Highlight new comments in the last hr(s).

I ‘spy’ with my little eye something beginning with ‘C’.

Yes. Best thing National could do to squash that suspicion would be to come clean on where they got the information. One only protects ones sources if one intends to use them again - which is an underhanded dirty politics sort of democracy. Given the hangover issues National already has with the ongoing investigation by the Police into the JLR allegations of cash for candidacy - a good leader would crack down hard on this kind of skulduggery. Thing is, if your suspicion is correct, we'll likely never be told - a bit like the Anne Marie Brady information theft. Both sides are beholden - quite sad for our democracy.

I was going to say, ‘Criminality’ or perhaps ‘Corruption’

Mr Bridges did not act in the interests of the Country when he released this data. He should have got the police involved himself and simultaneously reported the breach to the government.

You mean did not act in the interests of the Coalition spin machine, which is something entirely different from the interests of the country. It is very much in the interests of the country, taxpayers, and voters to have the data released so that we may better judge the performance of the coalition without it being filtered through their spin apparatus.

A bit like that time when Simon Bridge's expense claims were leaked early.

exactly

Coaliton Coverup? Carelessness? Cockup? Clumsiness?

Does it rhyme with "stunt"?

11
up

A picture tells a 1000 words, just take a look at their attitude. I have decided I cannot vote for either National or Labour next election. The major parties have lost the plot and are only interested in themselves and are doing nothing to improve the life of the average New Zealander.

Only thing missing is a toothbrush moustache or two

Simon playing the political pied piper and the media following him in suit.

All political media circus noise. Let the budget announcement be underwhelming and flaccid and get on with the job.

Parliament/Treasury leakes like a sieve .. no need for Chinese spies in the Labour party.

10
up

Nobodies asking the fundamental question , regardless of how He "came by" the information , should he have made it public?. I thought there was at least a gentleman's agreement to do not do so until the reading of the budget .

12
up

Around the world there is a movement which seeks to move away from GDP as a headline economic measure and to something like GPI or other well-being type of measure, particularly one that 'counts' environmental exploitation/damage. My thought is that there is a lot of resistance to this type of shift in economic management by any number of ptb. Given this NZ budget was getting a lot of int'l attention, it is quite plausible that some entity/(ies) wanted to introduce a spoiler, and the National party unfortunately might have proved to be the perfect patsy.

Rumour is that the coalition will announce gold star, hug-heart, frowny face, rainbow unicorn achievement in the budget tomorrow!! (as assessed by Treasury's newly established well-being yogic meditation circle). There are already more than enough performance indicating metrics available to assess performance in anything of interest in NZ governance. Attempts by coalition to muddy the waters and hide their failures and economic deterioration under their leadership by boosting 'alternative' feelz performance assessments is as dishonest as getting students to grade their own work.

I suppose we should stay with the "pull yourself together" form of mental health help.
And its time we understood that dental health is no longer taken care of at 21 with a set of false teeth, because that is where the current state of affairs with that emanates from as well. They will probably not be able to do all they would like because not enough of us accept such things.

12
up

Exactly right. On being given the information Mr Bridges should have gone to government and said. ‘We have a security problem and this information has been leaked’
What did he do? He acted like a schoolboy and told all the kids in the playground. Okay so this is a budget release, which is market sensitive data that people could use to their advantage financially. However, what if it had National security implications?

that is the interesting point what if someone could have used this information to make money on the market would that be classed as inside info now he has made it public bedore it has been released

Someone should have done that with a certain party's emails too, but instead they wrote a book about it and Labour happily played that political card for all it was worth.

There's no gentleman in the politics. Self serving and self caring entitled parasites

The flawed and unsustainable political system produced these childish politicians.

Yeah, we don't quite measure up internationally, we realise that.

We just have the gang of flaw.

Way better than the other gang.
https://www.youtube.com/watch?v=kLx5VeUrHjU

Yeah but at least we don't have to enshrine "Xi Thought" in our constitution (if we had one). It might be a good idea if he had some thought that was worth reflecting on before judging himself so important.

Simon Bridges is playing politics like he should have been doing from the start. Putting the boot into Treasury and the Finance Minister is the right way to go. It's a dirty tactic to claim that Bridges or National are somehow "hacking"by a Hollywood definition, Treasury has lied about the origin of the information.

In terms of what is right for the country neither National or Labour have much to offer as they are essentially the same party, one is a bit more caring than the other but that's it. We need some better political options, some that are based on facts rather than gibberish would be a start.

I assume you mean the 'caring' coalition that have left country poorer, with less tax dollars for social programs, more people on welfare, worse health sector performance, higher poverty stats and wasted 5+billion on low quality spending programs that produce almost no benefit to the country. How is that "more caring" Results are what matters, not good intentions.

Yeah but JK made a 10 million tax free profit selling his house to a supposedly 3% minority of buyers. Lucky huh! Think of all the trickle down benefit to NZers from that windfall...

The billion tree landed gentry windfall trickle down scheme is much more effective.

Regardless of how National obtained the details I think they have gone about it the wrong way. I think they should have:

1, taken the opportunity to truly attack and pull apart the budget when officially released. Calling it a Winston Budget upon release would have been much more effective than now... that title has been lost already.

2, Advise Robertson that some or all of the details are in the public domain and given its sensitivity needs to release the budget immediately. Then advise every media outlet of their advice to Robertson. It would have conveyed an air of an experienced hand guiding the completely incompetent government on how to manage their own affairs. The CoL would have been scrambling and no doubt completely unprepared (as would markets and media) to cover a budget that had to be released early.

I agree it doesn't look good for the Government... I just think National could have got a lot more mileage out of this.

There's no real strategy considering what would have the most impact with the release of information, but I expect stupid flailing attacks from the major parties.

Has it been forgotten what an unfortunate own goal was scored by National with the “leak” of WP’s pension stuff? Echoes of that in this one. Yes the correct thing would have been to refer the matter in its entirety, to the correct authority. It just might be,that Mr Bridges and others, now have their faces in front of a high velocity egg dispensing machine.

I think that whole invasion of privacy and various illegal activities by whoever was involved was expertly carried out, by a clown. I'm quite entertained by the Finance Minister being put on the back foot and the Prime Minister desperately making denials. It's starting to look like Treasury tried to cover up their failures and it's blown up into a big drama which will put them on the spot.

In additional I would like to remind you of Simon Bridges own goal with respect to information leaking from inside his own party when he demanded an investigation only to be embarrassed by the outcome.

Not sure where you get 'own goal from' as it is clear that Bridges did exactly the right thing in chasing down that leak at significant political cost as it ultimately rinsed a particularly nasty individual out of their party. I'd also note that Mallard working to stymie that investigation seems to set a standard for the current budget leak investigation in terms of cooperation from National.

someone at Treasury caught using the ole password1234 ... And yet I heard Secretary Gabriel Makhlouf on the radio this morning saying it was a sophisticated attack. Nice one

There speculation that someone used a webcrawler to find documents on the Treasury website. That's not a hack. They would have found documents that were not restricted from publication. If this is correct then the real problem is that Treasury put the budget on a public facing server instead of keeping it on internal servers until it was ready for publication. A very sloppy security practice that is prone to failure.

Yes, just because the URL was not made public, does not mean that it cannot be guessed. And if not otherwise protected, it's there in the public domain, literally. Amateur hour stuff.....

If this is what's happened then this is a serious failure by Treasury.

2000 attempts in a week, a month, a year ? Without more context, this is meaningless to a degree.
Regardless, hackers try to break into any website 24/7/365 so nothing new here.
Noting however that the Qualys TLS test on their public website passed with an A+ and they also use HTTP/2.
https://www.ssllabs.com/ssltest/index.html
So obviously whoever designed and implemented that component of the treasury public facing website did an excellent job.

How many attempts in a normal day/week would also be relevant info. Might usually be 5000.

Every time the nats try to pull the leaked information bombshell gambit it explodes in their faces. You'd think they'd have learned by now.

Yes, it seems it's only a strategy that can be used against them apparently.