File mix-up raises Govt hacking fear

By MICHAEL FOREMAN

When an e-mail carrying a large file attachment arrived in her inbox last October, Raglan-based internet user Lorraine Walker was immediately put on her guard.

Not only was the sender - a user at chbdc.govt.nz - unknown to her, but something else about the e-mail struck her as odd.

The subject line contained three letters, which we will call "xxx", followed by: "/ File Dump back to 1/07/98." What caught Ms Walker's attention was that these first three letters exactly matched the prefix of her Xtra e-mail address, xxx@xtra.co.nz.

Understandably, she began to wonder what the file contained. The phrase "file dump" suggested a record of some kind - could it possibly be a log of her e-mail activity over the past couple of years?

But Ms Walker was net-savvy enough to resist the temptation to open the file. Wary that it could contain a virus, she saved it to her hard disk before tersely informing the sender by return e-mail that she never accepted attachments from strangers.

Ms Walker ran a check at www.domainz.co.nz, which revealed that the domain name chbdc.govt.nz belonged to the Central Hawkes Bay District Council, a local authority based miles away in Waipawa and with which she had never had any dealings. She enlisted the help of her internet service provider.

The e-mail record supplied by Ms Walker shows that Xtra took the complaint seriously - the file was shuttled between at least three helpdesk staff last month.

The verdict of Bruce Williams at the helpdesk was that it was likely someone had hacked into her PC using a Trojan virus and copied her mailbox.

But Ms Walker knew no one could have stolen a log of her e-mails going back to July 1998 because a system crash last year had destroyed all her files. It seemed to her the only possible explanation was that her e-mails had been under surveillance by a third party.

Was the Central Hawkes Bay District Council acting as the front for some sinister intelligence-gathering operation? Could the file have been sent out by mistake? Or was it perhaps a desperate warning that had been delivered at great personal risk by a conscientious whistleblower?

Given the evidence Ms Walker had been presented with so far, and bearing in mind that she had received no reply from the sender of the e-mail, such bizarre conclusions were not unreasonable. On January 3, when she read in the Herald of Privacy Commissioner Bruce Slane's concerns over the Government's plans to intercept electronic communications, she decided to go public.

She wrote to the Herald to say she might have already been "hacked" from a .govt.nz address.

"I would say that electronic surveillance is already being actioned without the power yet enforced and that unprecedented snooping [is] already occurring," she wrote.

We contacted Ms Walker, who forwarded a copy of the suspicious file, which was cryptically named "v3210241.asc." This is not a known virus name and the .asc extension implied the file contained harmless text.

A virus scan with Norton AntiVirus had a negative result. But the e-mail header suggested it was an executable application, so we were not about to take any chances.

We engaged Zone Alarm's internet lock, which stops any internet activity, before opening the file with WordPad, a simple text editor available on any Windows PC.

The 1.19 Mb file, which contained an estimated 5700 records of changes to Central Hawkes Bay District Council's property database, included names and addresses of residents in the Napier area.

We contacted the council and spoke to finance officer Trudy Kirk, whose name had appeared as the sender on the original e-mail. Naturally, Ms Kirk was appalled to learn of the chain of events since October.

"Oh, my God," she exclaimed several times during the conversation. She did not remember sending the e-mail but mentioned that other people also used her PC.

The council regularly sent such files via e-mail to Quotable Value New Zealand, a Wellington-based valuation and property information company.

"It's how we keep in touch with them," Ms Kirk explained.

As the file should have been sent to xxx@quotable.co.nz, that is, the same prefix as Ms Walker's address, we suspect that someone probably with an Xtra account at home substituted the name of the ISP out of habit.

It is an easy mistake to make, but perhaps Quotable Value and the council should invest in a more secure means of communicating.

The true moral of this tale is that in the present climate of mild paranoia that is the result of viruses and hacking, everyone should take great care when sending files by e-mail.