The Martyrdom of Norm
“It is obviously an attack on this campaign. But beyond that just in terms of the campaign and the effort we’re involved in — a very expensive legal proceeding — online fundraising is a very critical element of that,” said Coleman. “Clearly the theft of this information, the publication of this information seriously undermines that.”
Norm Coleman just doesn’t get it.
The above quote, spoken in ponderous tones, is what I woke up to this morning on the radio. Ick. Completely aside from the fact that I don’t particularly want to listen to the guy whose drawn-out challenge to the senate recount is costing me representation in Congress, this is completely missing the meat of the matter.
Let’s start off with what Coleman’s campaign would like you to believe about the situation.
Last evening, we began receiving emails and phone calls from donors – and non-donors – who reported receiving messages from an email address: firstname.lastname@example.org stating that they possessed information about that individual and were threatening to post that information online.
Wikileaks was threatening to post the information? Well not exactly:
Your name, address and other details appear on a membership list leaked to us from the Norm Coleman Senate campaign.
If you have contributed financially to the Coleman campaign there are additional details.
We understand that Norm Coleman became aware of the leak in January.
The information has been passed around out of public view.
We have sent you this note as a curtesy (sic.) in case Norm Coleman has not contacted you previously.
We have not released the material yet, but may do so within the next few days.
Wikileaks was informing people that the information was already being circulated and was about to become more easily available. They sent a follow-up for clarity:
Following our earlier email over the Coleman leak, we have discovered that all on-line Coleman contributors had their full credit card details released onto the Internet on 28 of Jan, 2009 by Coleman’s staff.
Senator Coleman was made aware of this yet elected not to inform supporters in violation of Minnesota Statute 325E.61:
We provide proof of here (Windows Excel spreadsheet), which if you are a contributor will provide the last 4 digits of your Credit card and the security numbers on the back. Please check:
Since the database has been floating around the internet, we suggest you call your bank and cancel the card.
However if you are one of our supporters and appreciate this warning don’t forget to donate to Wikileaks (Sunshine Press) first!
Yes, it all sounds so terribly threatening, doesn’t it? Not that this is good, by any means, but since when is it a threat to say, “Someone’s been talking about you behind your back. Your friends know but haven’t told you. Here’s some advance notice that it’s all about to go public”?
But if it’s not a threat, what else might it be, Norm?
Let me be very clear: At this point, we don’t know if last evening’s email is a political dirty trick or what the objective is of the person who sent the email. What we do know, however, is that there is a strong likelihood that these individuals have found a way to breach private and confidential information. But because of this uncertainty, and out of an abundance of caution, we have begun contacting our supporters to provide them with as much information as we currently have available.
Does having data emailed to you count as breaching private and confidential information? How about finding it in a freely accessible database?
At the end of January, Politics in Minnesota put together a good rundown of the web server “crash” of Coleman’s site and the security issues uncovered at the time. This is the January 28th event referred to by Wikileaks. Among those security issues: the ability to create a new admin password and a 205 megabyte database available for download. Here’s a video from the person who found it explaining just how easy it was.
No worries, though. Coleman’s campaign explains why the release of this information must be the work of big meanies out to get Coleman instead of being due to the campaign’s technological incompetence.
Fritz Knaak from the Coleman campaign says in response to numerous blogs earlier this year, law enforcement agencies, including the Secret Service, thoroughly checked the campaign’s computers. Knaak says the officials determined there had been no unauthorized data downloads.
“That response by the campaign makes no sense,” said computer security expert Bruce Schneier.
Schneier says no one can legitimately make such a data security claim.
“There’s no way that anyone can go through the network and say definitively that nobody accessed the data. That’s just ridiculous,” said Schneier. “So either they misunderstood what the feds told them, or they’re just lying to the press.”
Not that the Coleman campaign ever does anything but get along with perfectly with the press.
There’s more than force of habit going on in Norm’s current attempt to claim victim status, though. He’s got a really good reason this time: it might just keep people from focusing on the actual victims–his contributors. And who victimized them? Not Wikileaks.
Although the Coleman database contains full credit card numbers, security numbers and all personal necessary details needed to make a transaction. Wikileaks did not release these. Wikileaks released the last 4 digits and the security numbers only, and then only after notifying those concerned[.]
Wikileaks is happy to point to the culprit, though.
The idea behind “back of the card” security numbers is that they are never to be stored but only used to authenticate the transaction at the time it is made.
The Coleman Campaign stored “back of the card” security numbers for donors. This is both illegal under Minnesota law, which requires their destruction within 48 hours, and a breach of the contract credit card companies demand.
Minnesota Law H.F. 1758
The Star Tribune points out another little problem with the situation, a problem Wikileaks had alluded to in their email.
Norm Coleman campaign officials didn’t notify contributors after their database was briefly opened in January because no significant information had been downloaded and they didn’t want to unnecessarily chill fundraising efforts, a Coleman lawyer said Thursday.
But the campaign may have broken a state law that requires prompt disclosure of a security breach, a law professor said.
That’s right. The campaign didn’t want to tell people how bad their security arrangements had been shown to be because they might get less money if they did. Forget the nearly 5,000 people whose credit card information was floating around behind the scenes on the internet. Norm’s fundraising was at stake.
He is, after all, the victim here.
I’m still waiting for Coleman to realize that he’s being victimized by the Strib as well. Their article noted that although the information about the security breach was available in January, “the story remained in the blogosphere until Wikileaks posted the data this week.”
Let me guess, Norm. That’s part of a big conspiracy among the liberal media to drive conservative readers to lefty blogs. That does seem to be the only way they can get any accurate news, after all. It’s certainly not coming from you.
This entry was posted on Friday, March 13th, 2009 at 6:37 am and is filed under Politics, Stephanie Zvan. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.