The UK Independence Party (UKIP) has suffered a data breach after allegedly having 143 party email accounts accessed amid demands made by blackmailers, the High Court in London has been told (PDF).
UKIP is suing former party leader Richard Braine, former general secretary Tony Sharp and one-time party returning officer Jeff Armstrong, and, in Mr Justice Warby’s words, “a former member who has IT skills” called Mark Dent.
Although the lawsuit is ongoing, an interim judgment from the Queen’s Bench Division of the High Court reveals claims of illicit email access and blackmail. It also reveals the chaos tearing apart the party that put Nigel Farage onto the political map.
Amid “internal political strife” in mid-October this year, Armstrong was accused by party comrades of trying to block a group of candidates, the so-called “Batten Brigade”, from standing in internal elections to UKIP’s National Executive Committee.
From a website whose address was mentioned in the judgment, it appears one of those candidates was former party leader Gerard Batten himself. He publicly defended Youtube star and party candidate Carl Benjamin, aka Sargon of Akkad, when the latter used Twitter to say he “wouldn’t even rape” a female Labour MP. Batten stood down from the leadership in June.
As senior UKIPpers argued over the NEC elections, party discipline began to break down. The NEC voted to suspend Armstrong. Party leader Braine then suspended the entire NEC – which was subsequently unsuspended by NEC member and chairwoman Kirstan Herriot, who in turn declared that Braine himself was now suspended. Party functionaries argued over who should access what IT systems at party HQ. Various people called the police to claim crimes had been committed. Email accounts were suspended and accessed.
While all this was going on, a mysterious message was sent. At least four people received this email from the address reply[at]munge.cockington.com on the night of 16 and 17 October:
Describing this as a “blackmail threat”, High Court judge Mr Justice Warby observed: “The demand for prompt resignation addressed to several senior UKIP figures would appear to be unwarranted, and the threat to disclose email correspondence appears on the face of things to be plainly illegitimate.”
The threat was not carried out. Herriot was made aware of it by Neil Hamilton, who forwarded it to her from his private email address while adding “it may be a spoof”.
UKIP immediately asked the High Court for an injunction to stop Braine, Sharp, Armstrong and Dent from revealing anything they may have obtained from 143 named UKIP email addresses – and, in early November, added a request for an order forcing Dent’s computer to be “seized and searched”. It was claimed that an audit of UKIP’s servers identified that Dent had something to do with the email data breach mentioned by the blackmailer.
Dent had, on Braine’s instructions, visited party HQ to lock Herriot out of her email@example.com account, open up the party’s Mailchimp account to somebody evidently favourable to Braine’s faction and to “do a Microsoft Office 365 Evidence scan of the chairman’s account and other UKIP.org account to gain evidence, for use later.”
UKIP argued that because Braine had been suspended, he had no power to send Dent to party HQ and therefore Dent’s access to its systems was unauthorised.
Unfortunately for the party its contracted IT expert, Zain Ul-Haq, gave it a report which concluded: “I have insufficient information to determine whether data was exfiltrated during the security event.”
He did, however, recommend a forensic examination of a computer used to access its mail server.
Dent, noted Mr Justice Warby, “denies responsibility for, or even knowledge of, the blackmailing email.”
Dismissing both UKIP’s application to seize Dent’s computer and to impose a non-disclosure injunction on him, Braine, Armstrong and Sharp, Mr Justice Warby ruled: “UKIP has not pleaded as a fact, because it lacks an evidential basis to assert, that Mr Dent acquired any of the allegedly confidential information. It follows that he cannot be accused of passing that information to the other named defendants, or to Persons Unknown, and the Particulars of Claim contain no such averment.”
He added: “The prospects of UKIP establishing at a trial that any of the defendants to this claim obtained, and then threatened to disclose, confidential information derived from UKIP’s email database are slender in the extreme, or worse.”
The judge also ruled that Ul-Haq’s report “contains no indication that a download [from UKIP systems] occurred or might have occurred.” The full judgment is available from the judiciary website. ®
READ MORE HERE