Envelope (not Tweet!) Cost Sean Gallagher the Election

In John Patrick Shanley's excellent play, "Doubt" (filmed with Meryl Streep and Phillip Seymour Hoffman in 2008), Sister Aloysius uses a lie to extract a tacit admission of his paedophile tendencies from Fr. Flynn.
Had he not had a history of molestation on his conscience, he would have steadfastly protested his innocence against the lie.
Although the nun has no real proof, she takes his resignation as an admission of guilt.

All through his presidential campaign Sean Gallagher was at pains to portray himself as some kind of community youth worker instead of the Fianna Fáil insider he is.

Despite his recent membership of Fianna Fáil's National Executive and pictures of him rubbing shoulders with Bertie Ahearne, the PR seemed to be working.


However, it seems that someone who understood the true nature and history of the man decided to put the cat among his pigeons.

Since the Broadcasting Authority of Ireland yesterday upheld Sean Gallagher's complaint against RTE, his supporters in the blogosphere have been busy saying that RTE changed the election by broadcasting a lie they received via Twitter.

For those who care to read the BAI's finding itself, it is only the attribution of the Tweet to someone from Martin McGuiness's campaign that is considered erroneous.
The BAI criticises RTE's failure to verify the source despite the fact that the content of the tweet subsequently proved to be true.


"While the Broadcaster states in its response to the complaint that the content of the tweet turned out subsequently to be correct, the Committee did not believe that the subsequent truth or otherwise of the content removed the basic responsibility of the Broadcaster to verify its content and provenance during the programme as it was being broadcast."


Regardless of the allegation itself, it is the source that is deemed to have been false and RTE let itself down badly by not verifying it.

As in the case of Fr. Kevin Reynolds, RTE's journalistic standards were found wanting.
However, unlike Fr Kevin Reynolds, Sean Gallagher did not steadfastly defend his innocence.
Live on national TV, he equivocated and said that he may have collected an envelope.

Rather than the tweet from a mischievous source, it was this tacit admission from his own lips that cost him the election.

Yes he was ambushed by the tweeted story on live TV and did not have time to compose himself and put out his usual story.
On mature reflection, the next morning he was back on message but by then it was too late.
His mask had slipped and everyone had seen it.

As far as I am concerned the originator of the mischievous tweet did the country a great service and so did Martin McGuinness and Pat Kenny by putting the allegation to Sean Gallagher.
They gave him the rope. He did the rest himself.

As Sister Aloysius says "Sometimes to right a wrong, you must move away from God".

Stable Door is just fine wide open, Thanks

As reported in the Irish Times of July 8th 2011, "Garda sources said there were currently no criminal investigations into phone hacking by journalists in the Republic because there had been no complaints about the practice."

On Today FM's  Sunday Supplement with Sam Smyth, communications minister, Pat Rabbitte, assured us he saw no need for an investigation of voicemail hacking in the Irish Republic as there was no evidence of it.
He did allow that his position might be naive but can naievity be the defense of someone who in 2006 was himself reportedly concerned about the vulnerabilities of Leinster Houses's voicemail.

Minister Rabbitte's placement of his head in the sand seems to reflect a general tendency in Irish political and media circles to blindly ignore the following facts:

1. There is indeed evidence of journalists in Ireland hacking the voicemail boxes of politicians and private individuals.  See the list of stories below.
2. Voicemail hacking is not the exclusive preserve of journalists or Private Investigators.  Because it is so well documented and demonstrated on several web sites, why should we assume that only journalists would be interested?  Why not also criminals, terrorists, currency speculators, political enemies?
3. Irish Mobile Operators continue to operate their voicemail systems with the most lax security procedures, relying on subscribers to voluntarily set passwords and providing no defense against software that can dial from a configurable caller ID.

If  your neighbour's house is burgled, why would you continue to leave your doors and windows unlocked at night?  

Pat picks up a voicemail

When you are minister for communications why would you allow this to go on?  

Evidence of Journalistic Hacking in Ireland

• Alex Marunchak, Slovak-born editor of the Irish News of the World paid a hacker to intercept emails from the computer of a British army intelligence officer. (But he wouldn't pay for voicemails would he?)
• Paul McMullan, who worked for the Irish News of the World in the 1990s, said the tactics used in Ireland on some stories were the same as those used in the UK.
• In Northern Ireland, the media is suspected of hacking the voicemails of politicians and private individuals.  Are they so much more interesting? 
• The Irish Mirror hacked the voicemail of several Irish politicians back in the late 1990s

There is little evidence that Irish Mobile Operators or corporate voicemail vendors have improved their security since that time and there seems to be no will on the part of the communications minister to force them to take the measures required.


What if Facebook or Google treated their users' private communications like mobile operators treat voicemails?  "We provide a standard password for all new users. You have the option to set a unique one if you want and if you connect from your home IP address, we won't check for a password anyway!"

Who would sign up for that?   How long would the service providers stay in business?

An Irish Times article of July 7th, quotes a spokesman for the Office of the Data Protection Commissioner saying that while "there was no evidence to suggest phone hacking was prevalent within the Irish newspaper industry ...That does not mean, however, it is not happening, just that we have no proof that it is taking place,” He added that legislation was in place “to protect people”.

Legislation does not protect people from burglary, locked doors and windows do.

Hacked off Mobile Operators Cover Their Tracks

There is general outrage in the UK following recent revelations about employees of media organisations "hacking" into the voicemail boxes of not just celebrities and politicians but also of murder victims and their bereaved families.  

People are, quite rightly, disgusted by the scurrilous intrusion of such snooping, which even distorted the evidence in one missing persons investigation when it was thought that Milly Dowler herself was alive and listening to her voicemails.

Despite the public and political outrage, there has been little comment on the part of  the Mobile Network Operators in the UK, still less any admission of responsibility.

For many years these networks have presided over systems so insecure that the term "hacking" flatters those who breached them. Mobile operators deployed voicemail systems in such a way that convenience took precedence over security, with:

• Voicemail boxes easily derived from the phone numbers of subscribers (eg. add 5 to the beginning)
• The same initial PIN is provided to all new subscribers who are not required to change it
• PIN validation  by-passed when voicemail is accessed by the owner’s Caller ID
• Once accessed, a voicemail box can be used to return a calls to any caller that has left a message

Indeed many of the operators published the information that enabled the "hacking" on their own websites. 
Oh they have cleaned up their acts now, removing the instructions from their websites and some of the vulnerabilities and lax practices that allowed them but many of the hacking sites on the internet still have postings from 2004-2008 which document how easy it was at the time.

(Irish Article 2006    US article 2005)

If Facebook or Google handled personal communications in such a flagrantly insecure way, they would be out of business.  O2, Orange, T-mobile and Vodafone have done their best to cover their tracks but there are still plenty of hacking websites that publish their past vulnerabilities:

• http://www.textfiles.com/phreak/VOICEMAIL/
• http://www.cashloopholes.co.uk/free-mobile-phone-loopholes-secrets/3669-hacking-voicemail.html
• http://www.break.com/usercontent/2007/8/HOW-TO-HACK-INTO-CELL-PHONE-VOICEMAIL-342982.html
• http://100waystogetrevenge.wordpress.com/2009/07/11/cell-phone-voice-mail-hacking/

Even today, mobile operators  are doing little to enhance the security of their voicemail systems apart from suggesting subscribers set a voicemail PIN,.   

Even when a subscriber sets a PIN, however, it can easily be derived by the dialing robot scripts used by hackers.

Because the systems are still set up for convenience, many include a feature that bypasses PIN validation when accessed from the owner's phone.  Most operators don't give their subscribers the option of using this feature or not.
Spoofing hackers exploit it using software that can be configured to dial using any configured Caller ID. With full access to the mailbox they can then listen to voicemails, change the greeting and return calls (again made with the dialling software) to international and premium numbers.
See the video posted here for a demo.

In one famous case, a US operator presented their customer with a $12,000 bill.

The same vulnerabilities have been exploited since the mid-90s and due to internet sites, the vulnerabilities of voicemail systems are well known to hackers – ranging from amateurs to organised crime families.

Isn’t it time that more was done to protect the privacy and accounts of mobile subscribers?

For starters the operators could put in place the following  simple security features to prevent hacking attempts:

• Subscriber opt-in for voicemail access based on caller-ID
  The Voicemail System should disable PIN-bypass by default and allow the subscriber to consciously activate it at his or her own risk.

• Voicemail access through complex random PIN with 3-strike locking
  To hinder a security breach because of customers not setting a PIN, the VMS should send a complex, random PIN by SMS to voicemail subscribers upon registration to the service. This PIN code can have multiple different locks on the VMS's Interactive Voice Response and  web interfaces. If an incorrect PIN is entered  more than 3 times, the account is then locked and can only be released with operator permission.

These measures would show that the Operators are serious about protecting their subscribers against snooping and fraud and gives the subscriber the freedom to choose convenience or security for access to their private messages stored on the mobile operator’s systems.