- Don Cheadle made important fashion choices on ‘SNL’ 5 Years Ago
- Why the Twitter left loves to dunk on Max Boot Today 6:30 AM
- How to watch ‘Last Week Tonight with John Oliver’ online for free Today 6:30 AM
- How to stream Francis Ngannou vs. Cain Velasquez for free Today 6:00 AM
- How to stream the 2019 Daytona 500 for free Today 5:50 AM
- 7-year-old YouTuber to get his own show on Nickelodeon Saturday 5:30 PM
- ‘Hipster’ jobs are trending, and Indeed says the market is booming Saturday 3:33 PM
- Trump meme removed after copyright complaint Saturday 2:15 PM
- Facebook pushes back against moderators complaining about ‘Big Brother’ environment Saturday 12:46 PM
- Twitter hid post from an account linked to Iran’s Supreme Leader Saturday 10:17 AM
- How to stream Leo Santa Cruz vs. Rafael Rivera for free Saturday 8:00 AM
- ‘Larry Charles’ Dangerous World of Comedy’ finds the balance between tragedy and comedy Saturday 7:30 AM
- How to stream Michael ‘Venom’ Page vs. Paul Daley for free Saturday 7:00 AM
- How to watch the NBA Dunk Contest 2019 online for free Saturday 6:50 AM
- The best new TV shows to stream this weekend Saturday 6:00 AM
In the U.S, it’s a crime—in Canada, it’s the best political prank of the year
A trick that exposed an AT&T security flaw also enabled the funniest joke in Canadian politics.
It’s a tale of two cities: Washington and Ottawa. It’s a tale of two hackers: Andrew Auernheimer, known as weev, and Kevin O’Donnell, the Green Party of Ontario’s deputy leader and provincial candidate for Ottawa Centre. It’s also a tale of two countries on either side of the 49th parallel, and how that narrow line can sometimes make all the difference.
Auernheimer is currently serving a 41-month prison sentence for identity theft and violating the Computer Fraud and Abuse Act (CFAA). In June of 2010 Auernheimer and his associates at Goatse Security exposed the emails of more than 100,000 iPad owners, through a flaw in security at AT&T which they had discovered. As the Electronic Frontier Foundation explains the hack, “AT&T configured its website to automatically publish an iPad user’s e-mail address when the server was queried with a URL containing the number that matched an iPad’s SIM card ID. In other words, if anyone typed in the correct URL with a correct ID number, the e-mail address associated with that account would automatically appear in the login prompt.”
That is roughly analogous to the “hack” which enables telemarketers to reach unlisted numbers. They start at 100-0000, move on to -0001, then -0002, and so on. Testing each of those URLs (and then sending the results to Gawker) is basically what weev is in prison for.
Meanwhile, up in Canada, a prominent Canadian senator and ex-broadcaster named Mike Duffy was busy recording intro after intro for a Conservative Party fundraising video. A real pro, he did take after take, day after day, greeting hundreds of faceless Canadians by name. “Hi Joel,” he sang out perkily. And so on, for over 800 names. These snippets were then prepended to the rest of the fundraising video and emailed to loyal party supporters in hopes they would be inspired to shower the party with cash.
Since that time, Duffy has become embroiled in a rather complex and Schadenfreude-rich scandal revolving around, of course, money. The charges include paying a friend to do no visible work and taking money from the party to pay his own legal bills, along with the standard issue expense account irregularities. The upshot is that Senator Duffy has replaced Toronto mayor Rob Ford as the punchline of choice in Canadian political circles.
On December 18, Glen McGregor at the Ottawa Citizen stumbled across the intro videos, still echoing cheerfully into the void online. “Enter your first name here http://movingforward.conservative.ca/vb/101/c3eeg/glen and the senator reads it aloud — “Hello, [YOUR NAME]. It’s Mike Duffy” — as extolls the many accomplishments of the prime minister.”
Among the many who could not resist was the aforementioned Kevin O’Donnell. But merely forcing the politico to mumble “Hi Kevin” wasn’t enough; he had to go on and scrape the whole website. By the afternoon he had trawled the site and posted on his own videos of Duffy greeting 750 individual names. The Canadian Twittersphere exploded and Macleans, Canada’s answer to Time magazine, interviewed O’Donnell the same day.
“I’m a computer programmer and just about everything I know about my trade was learned by digging through how other people have done their work and learning from it. So I dug into how they did the ‘name’ videos. Of course, once that was solved, the idea of putting them all on the Internet was too funny to not do.”
O’Donnell also explained how he found those 750 names, and it sounds an awful lot like the “hack” that landed weev in prison:
“The sleuthing showed the ‘name’ videos were predictably located at this link. Then I just googled for any list of first names and picked one that had about 3,500 in it. Running a downloader in a loop yielded 750 successful matches. I added an open source Flash video player on to the page and that was it.”
The difference is that Canada doesn’t have the CFAA, the 1986 anti-hacking law so broad it’s been described as “the worst law in technology.” While weev remains locked up for exposing a major corporation’s security flaws, O’Donnell is being celebrated across Canada for doing roughly the same thing to a politician.
Photo via Daniel Means/Flickr
Lorraine Murphy is an Ottawa-based cybersecurity journalist and founding editor of the Cryptosphere. She has a keen interest in WikiLeaks and web culture, and her bylines have appeared in Salon, Vanity Fair, Serious Eats, and elsewhere.