Whaleoil hacker revealed
It's a story of hackers and attack bloggers, privacy and paranoia, bombshells and duds. It's rapidly become the story of the election.
28 August, 2014
Rawshark, a self-styled information vigilante, has derailed National's political campaign with his hack of Whale Oil blogger Cameron Slater's private communications and now threatens to up- end the seedier part of corporate public relations.
The hack has been followed by an orchestrated release of information, first through Nicky Hager's book Dirty Politics, then Twitter account @Whaledump, and finally through passing documents to media.
The late February hack appears to have secured a grab-bag of documents, emails and message chat logs, opportunistic rather than comprehensive.
Material provided to Fairfax Media by Rawshark, totalling 50 megabytes, includes invoices, corporate pitch documents and hundreds of pages of Facebook messaging. The information relates to Slater's commercial and corporate links, chiefly through Slater's long-time friend, tobacco lobbyist and Facilitate Communications managing director Carrick Graham.
So who is Rawshark? The nom de plume is an intentional echo of Rorschach, the morally uncompromising vigilante in Alan Moore's cult- classic Watchmen graphic novel.
"I'm not your run-of-the-mill hacker," Rawshark insisted last week. "Which means there aren't many like me out there. Which means that as soon as people understand my motivations, the list of suspects narrows down to one."
Rawshark's graduated disclosure of hacked emails - in what appears to be an orchestrated campaign likely to run at least until the end of this month - has been accompanied by a series of humorous graphics and subtle in-jokes. His Twitter account biography includes an encryption key that resolves to the email address of NZ First leader Winston Peters, and lists as an address the Ecuadorian embassy in London where WikiLeaks founder Julian Assange has been sheltering from police.
Rawshark said he was unconcerned by wild speculation over his identity, and claimed the revelations he helped bring to light were important. "I don't really mind people thinking I'm a 15 year-old doing it for the lulz. It's safer that way, and it doesn't make a difference towards my goal - which is to take down the network," Rawshark said.
Slater, overseas on an Israeli- government sponsored trip, reiterated his belief Rawshark had ulterior motives and had broken the law. "There is no network. And who the hell does he think he is, acting illegally and playing judge and jury? The fact he talks about the 'network' suggest a political motivation. So who is the one really playing dirty politics?"
The material Rawshark supplied to this paper supports Hager's conclusions Whale Oil was paid by Facilitate Communications boss Carrick Graham to run disguised attacks against the rivals of Facilitate clients. But Slater denied he provided cash for comment.
"I'm not being paid to write blog posts about people. I've done nothing wrong or illegal and somehow I'm the enemy and the crook who breached everyone's privacy is a hero?"
Graham, a long-term friend of Slater who has attracted controversy for his work for the tobacco industry, this week refused to discuss "that particular book". "I don't talk about who I work with, who my clients are or what I do with them. I run a private company and that's what it is," he said.
Although some of the material has been covered in Dirty Politics, significant chunks refer to matters yet to be reported. Hager concluded a nexus existed between Slater, Graham and Food and Grocery Council chief executive Katherine Rich, that was used to surreptitiously attack opponents of corporate members of the council. New evidence shows:
An email from Slater in January 2014 in which the blogger wrote "December hits coin" and invoiced Facilitate Communication $6555.
A series of emails the same month from Graham to Slater, headed "Hit" and sometimes including "KR," including draft posts savagely critical of council members' commercial rivals or political opponents. Shortly afterwards Slater posted articles - nearly identical to Graham's draft - on Whale Oil.
An unreported email exchange between Graham, Slater and Rich discussing the political leanings of the Generation Zero climate-change lobby group, concluding with Graham saying: "That's our job. They're on the target list."
Countdown,the subject of more than a dozen critical blog postsin the months following the hack, was concerned but guarded when approached for comment. Following a wave of negative publicity earlier this year, the supermarket giant is now the subject of a Commerce Commission investigation into its business practices.
Countdown managing director Dave Chambers said of the hacked emails: "If these claims are correct this is not only disappointing but very disturbing given the subsequent impact on our business."
Slater was combative and denied being influenced by payment in his choice of article subjects. "I don't write posts for money, I write posts for personal interest," he said. "You should all get off the high horse called sanctimony and perhaps mount the lame donkey called hypocrisy."
Rich would respond only with written statements: "We do not pay for media coverage or blogs."
She confirmed the unreported email was legitimate, but said: "The conclusions being drawn illustrate the dangers of drawing conclusions from incomplete information, whether it's gained from eavesdropping on a private conversation in a pub, intercepting the post, or reading someone's private emails".
Reporting this saga has involved considerable paranoia and data- security measures on both sides. Rawshark, fearing arrest for hacking, insists on communicating through encrypted emails routed through computers running the secure Tails operating system.
Slater, wary of more personal information being hacked and claiming his mobile phone has been subject to message bombing, preferred talking through an encrypted phone messaging service.
In an atmosphere charged by leaks and leapt-to conclusions, it's worth noting that several tantalising leads provided by Rawshark's hack have turned out, following investigation, to have benign or comedic explanation. A Facebook chat about meetings with SkyCity casino's executive, at first glance sinister, turned out to be about Slater's failed attempt to solicit advertising while he was editor of the now- defunct Truth newspaper.
Then there was the time Slater boasted online of "a request to sell 10 Mig-29s to another country" and hiring an Antonov-124 cargo plane to ferry the military jets to their end customer.
The deal appears to have been nothing but a joke. "If I did that stuff do you think I'd be wasting my time blogging?" Slater said. "Basically this fool has taken trash-talking pub chat and thinks it's fact. Too funny."