I really enjoy working with WordPress and other Internet based technologies and through a local project I’m involved with, I get approached on a regular basis by others looking for advice when it comes to their own online projects.
It was through this work that I ended up providing voluntary support for a political party based in Fife during 2012. I’ll not name the party to save them some embarrassment, but I need to highlight their shocking attitudes towards IT, Internet Technologies and the sad, sorry state of affairs that appear to make up a large part of their politics in the Fife area.
I was first approached by their councillor after I’d highlighted that their website had been hacked and defaced by an Indonesian Hacking group. Luckily for the party, no malicious intent other than the defacement was carried out on their website. Digging into black hat forums, this was part of an ongoing competition by hack groups to deface sites with the winner chosen by the perceived value of the defaced target.
After the party had their site hacked, I was asked to volunteer my time to help them get ownership back to ensure that the website was secure and safe for visitors. The easiest option at that time was to start from scratch and re-install and add the previous content.
This took two weeks working full-time on a voluntary basis, without so much as a thanks! Worse than that, I got the distinct impression from the Councillor that I should somehow be grateful for having the privilege to work for the councillor and party.
Despite the terrible attitude and arrogance they displayed, I continued to provide them technical support on the basis of professionalism despite the fact that I disagreed with their party politics and attitudes.
Once I secured the site, I carried on with my other work and life. Two months later, I was approached again, as their website started distributing viruses.
I was given access to the site and server and immediately switched the site off to protect site visitors. My second action was to make a full backup, discover the exploit, sanitise an secure the site. Thirdly, I was tasked with getting the site removed from all blacklists.
It took time to get the website cleaned and secure although I couldn’t discover the how the original exploit happened. Removing the website from various black lists was very time consuming but I prevailed. The site was then re-launched.
Fast forward two weeks, I receive a call, once more the website is distributing viruses and blacklisted. Again, I went through all the procedures to sanitise and clean the site, lock down all the security issues and re-launch.
Two days after cleaning the site, I get another call with the same problem. Both times previous, all passwords had been changed, file permissions corrected, backdoors removed, etc. I was at a loss as to why this was happening with such frequency.
I arranged to meet one of the Councillors at the party headquarters to go over the issues to see what can be done to identify the threat and nullify it, completely, if possible.
Upon visiting the office, within one minute of accessing their computers, the problem self-identified itself through poor I.T. practices and another wider issue with the party was presented. Every single computer on the network within their office was affected by Ransomware!
Ransonware as defined by Wikipedia states:
Ransomware is a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction.
The type of Ransomware that I spotted was the kind that pops-up shortly after boot-up and declares that there is hundreds of errors with your registry files, hundreds of adware/malware/viruses, etc.
I told the Councillor the serious issue they have with their office network, only to be told in response (I’m paraphrasing here) “Don’t worry about it…..it’s been like this for ages……we just ignore it“, and ignore it they did!
The sheer disregard for the security of their systems was shocking. Not only personal security of the systems were at risk, these councillors were dealing with sensitive materials on a day-to-day basis, including some highly personally identifiable sensitive data, which were open to risk to any malicious user that had already gained access to their systems.
Despite warning the party the risk to their data, which included data from their party, the local authority, and personal data of constituents, it was completely ignored. On top of this, they were still expecting me to clean up their website for a third time.
By now, it was fairly obvious with a 99.9% confidence rate that the site infections were caused by bad practices, magnified by a complete failure to adopt basic IT security practices. I decided to decline volunteering my time for two very important reasons;
Firstly, I fully understand that not all individuals are aware of the basic security measures that should be adopted to try and protect your computer system, but when someone who is technically able is providing advice, it is often best advice to listen to the expert and take that advice on-board, and not dismiss it out of hand.
Secondly, seeing as I was providing in-depth help with their website, I did get access to their main email account so that I can easily access the server details, and I was shocked by the brief glimpse into their email and working practices.
The majority of councillors for this party in the Fife area all had their emails forwarded to one Gmail account. What astounded me was the amount of emails that were unread, thousands, spanning back for months. The emails that weren’t being read appeared to be from constituents seeking help from their elected local representative. If you wonder why your local councillor hasn’t responded, it is a good chance they haven’t read your email.
The dismissal of residents as they pursued their own political agenda was reprehensible. This became the deciding factor for me not to help the party fix their website. Why volunteer time and skills, when they couldn’t be bothered to carry out one of their main duties that we the people vote, elect and pay them for, representing their constituents.
This insight into their working practices let me understand why certain areas in Fife are so neglected and why parts of the local authority are poorly managed, career politicians! Despite the negative impacts from incompetent third-rate career politicians, there is still some very good councillors, that go above and beyond their role in trying to help their constituents and local areas.