Former Minnesota Sen. Norm Coleman's donor database exposed on Wikileaks

Counsel says data stolen, crime committed

In a brewing controversy, whistle-blower site Wikileaks.org has published personal information belonging to more than 51,000 donors and supporters of former U.S. Sen. Norm Coleman that it says were leaked because the Minnesota Republican's campaign Web site was not properly secured.

The information posted by Wikileaks, which has been at the center of controversy before, included the names, street addresses, e-mail addresses, phone numbers and, in the case of 4,721 individuals, the last four digits of their credit card numbers.

In a statement on its site, Wikileaks said it was publishing the information to substantiate rumors that sensitive information belonging to thousands of Coleman's supporters had been floating around the Internet since Jan. 28 "as a result of sloppy handling by the campaign."

Wikileaks said the decision to publish the information was prompted by claims from Coleman's campaign that no data been compromised and by its failure to apologize for the "initial leak" or its subsequent "coverup."

The statement said that Coleman's campaign had known about the breach since January but had failed to notify anyone of the potential compromise of their personal data.

Wikileaks claimed that the senator collected detailed information on every supporter and Web site visitor and retained unencrypted credit card information from donors, including their security codes, on the campaign's Web site.

The statement said that Wikileaks had so far sent out two notifications to Coleman's supporters "as a courtesy" prior to a further analysis of the data this week. "Wikileaks will release other material from the extensive Coleman database once those affected have time to be informed," Wikileaks said in the statement.

A copy of the original letter, from the anonymous individual who tipped Wikileaks of the breach, suggested that the information had not been illegally obtained but was exposed on the Coleman campaign's Web site because of "incompetence."

The whistle-blower's letter pointed to an earlier blog post by technology consultant Adria Richards explaining how she had in January first discovered a database file sitting in a directory on Coleman's Web site that anyone could download.

Richards said on her blog that she stumbled upon the problem when looking into reports in January about the political campaign's site crashing because of heavy traffic. In her bid to find out what was going on, Richards said she entered the IP address for Coleman's Web site into her browser, and the Web site's directories were immediately exposed in plain text.

Richards said on her blog that she found the database while "tooling around" the listing of exposed Web directories on Coleman's site.

She said the problem was the result of the Web server not being "told to restrict directories from the Web." Richards said that she did not personally download any of the files, though she said she posted screen shots of the directory listings on two other blogs.

Coleman's legal counsel responded today in a statement, saying that the information had been stolen. "We believe a federal crime has been committed," the statement said, adding that the campaign intended to "fully pursue all legal options available" and was working with local, state and federal authorities to identify those responsible for the breach."

The statement said that donors and supporters had been contacting the campaign office after receiving e-mails from Wikileaks yesterday informing them about the potential compromise of their personal information. "At this time, it appears that several thousand donors may have had their credit card information compromised. To what end, and for what purpose, that we do not know," it said.

The statement noted that when the Web site crashed in late January, concerns had been expressed at that time about whether the site had been compromised. A subsequent investigation by law enforcement authorities had revealed nothing to suggest that any information had been accessed, it said.

A letter to donors, purportedly from Cullen Sheehan, Coleman's campaign manager, was also posted on the Wikileaks Web site. It said the January site problems triggered concerns that the site's "firewalls might have been breached."

"We contacted federal authorities at that time, and they reviewed logs from the server in question, as well as additional firewall logs," the letter said. "They indicated that, after reviewing those logs, they did not find evidence that our database was downloaded by any unauthorized party." Sheehan purportedly went on to say that "at this point, we don't know if last evening's e-mail is a political dirty trick or what the objective is of the person who sent the e-mail."

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon