Tuesday, November 6, 2007

Dutch government spying on GPD press agency, GeenStijl had warned the agency

(photo:moriza)

The AP has a story about alleged spying by the Dutch government on a Dutch press agency, GPD. I for one am shocked by this (if true).

Minister Piet Hein Donner sent a letter to parliament confirming the essence of the accusation — that several employees in his ministry's communications department had been accessing the GPD network since mid-2006.

-AP


But I wanted to translate what I consider a classic letter that the Dutch language "GeenStijl" blog sent the GPD way back in 2003 _ for the pleasure of all non-Dutch out there.

This is just in fun, so GeenStijl and GPD, please don't sue me.

Without further ado, here it is:

PLEASE CONFIRM RECEIPT AND ANSWER DIRECTLY.

Dear GPD,

Hereby, a very important disclosure: Your website, and all connected systems, are as leaky as a basket. LEAKY as LEAKY can be, LEAKY!

We make www.geenstijl.nl, a weblog. In the whole history of our existence, we have never seen such a shameless excuse for a web site as yours.

Just with a little creative surfing, all your internal hard drives are vulnerable. I don't know where to begin, there are so many holes in your system.

God knows how a professional news organization like yours could have left all its systems open, probably for years! Not a single safety update has ever been installed, and there's no password to keep out someone who bears you ill will. We're not talking about cracks that could be exploited by advanced hackers, but ENORMOUS HOLES that any halfwit can find.

The chance is real that you've been tapped for years, and we can guess without too much difficulty that your email can be monitored as well. We didn't look at it, of course, but given the amount of holes, it's not hard to imagine it happening.

Even though it would be completely legal for us to post all the necessary links (to access your systems), we won't do that. Instead, we will warn you before we publish about this shameful situation. The damage for a news organization would be so great if we just publish the sentence "GPD is Leaky," given that many of our readers will become curious about it, that your business would be in danger. We'd like to avoid that, of course. So, with this note, we make the very emphatic request that you close the holes.

We wonder who your system managers are. It might be prudent to keep these people as far away from all computers as possible and immediately seek a professional security company. These so-called system managers form an acute danger for your organization.

REMEMBER: we're not even talking about hacking here, all anybody needs to do is enter some links in a browser. In order to "hack" there would have to be some security, and there isn't any.

Friendly greetings,

GeenStijl.


(March 11, 2003)



The original Dutch text, if anybody is interested, is here.

1 comment:

Mrtn said...

Thanks for that, Tobs. Its amazing to me that even though this is a big story, _NOBODY_ is questioning GPD security. That just goes to show how little the general public (and the journalists and the system administrators at GPD, for that matter) know about IT security.