data honeypot

carry insurance against the possibility that I might someday be accused of that, and I'm only a user accessing private records, not an IT manager.

I don't know the licensing requirements for IT professionals, but firing is only the first of the consequences for ol' Josh.

You have NO idea what the business rules are in that organization...they vary.

But what you said is patently false...

situation, only that there are many that govern the behavior of political campaigns. Given the quickness of Bernie's campaign to fix this situation, I wouldn't expect federal action; after all, it's pretty common for lower-level staffers and volunteers to run afoul of the law.

But that doesn't mean this is okay. You can bet it's a violation, not just of DNC rules, but of FEC regulations. Take a tip from Bernie's response to this problem -- like firemen evacuating a classroom on fire.

Once is a mistake, twice is an embarrassment, any more is intentional.

No one is blaming the Sanders campaign. The incident happened. It's not the end of the world.

the Sanders campaign is now being denied access to vital data because the vendor failed to properly secure it.

It's patently unfair.

They'll fix the problem and get them back in. And there is no primary in 2 weeks.

If the DNC had taken similar actions against her campaign based on their mistake. Of course, the very idea that they ever would is just laughable. The blatant rigging of the "game" is what pisses me, as a Bernie supporter, off. But all's fair, right?

implicated in something like this. It wouldn't be enough to deny her access to data. There would be screams for her to withdraw, stand trial and serve the rest of her life in jail.

Personally I hope they give him access back.

And then it was reported to the DNC, I think the majority would not.

In fact, that's more than laughable. You certainly give more credit than I can.

There are people here who have already jumped that shark.

In fact, as I think it over, I like it more and more....there's been sufficient unsavoriness to make it a distinct possibility in the near future.

they were punished because they accessed data they weren't supposed to.

compromised..

screwy....

and a criminal makes off with your TV...who goes to jail....you or the thief?

Imagine this.

1 big building(database), divided into 3 sections. Typically there are 2 doors dividing the three areas. They are meant to be closed at all times.

Now imagine this.

All doors have been removed by a contractor(IT), for whatever reason. People are totally free to move between the rooms. In one room, some idiot leaves a pile of papers on a table with confidential information on it. You(BS employee) walk into the room, and because you are a friend, you pick it up, and read the first page. No copies are made. You put the page back down. No information is really compromised, except to memory.

Hours later, the contractor realizes the importance of the fact that the doors must remain closed at all times, except in case of emergency. He immediately replaces the doors. Oooops!!!

The fact that this situation occurred and someone traveled between rooms, gathered some confidential information, is reported(IT) to the building manager(DWS), who knows damn well that the doors should remain closed.

So who gets the blame? Who should be punished?

The database? The contractor(IT)? The building manager(DWS)? Or You(BS employee)

Get the picture now?

If you leave you home unlocked...and someone comes in and rifles through your underwear drawer.....are they still guilty of "breaking and entering" when there wasn't even a "break" involved?

and unrelated as to how this situation actually occurred.

There is NO comparison.

You see that your opponent to your right is holding her cards so that you can see their faces.
Maybe you're the really ethical type and tell her that you can see her hand.
But you've seen it.
It was entirely her fault, you did nothing wrong, but you can't unsee it.

That's how this data breach sounds to me.

employee was terminated. Let's see if anyone gets nailed for the firewall issue. I'm saying no. We'll see.

....the Sanders campaign tells the DNC just what they accessed and how they did it.

The could be reinstated this afternoon. It's up to them.

when I got suspended in school!
Just sayin'

Actually the DNC is cutting off his campaigns access. So yeah, Sanders entire campaign is being blamed.

If the offending party was already fired then what is the point of blocking it?

Moreover why hasn't the software firewall glitch been dealt with? It was reported numerous times according to the Sanders campaign.

So you remove all access and then give it back correctly. It's fairly standard.

They suspended the Sanders campaign accounts and administered it like a punishment in a public fashion in the media a day before the next debates and a day after two huge Sanders endorsements.

That doesn't sound like IT work to me.

That's unavoidable. It really isn't a big deal. No one cares about Hillarys email and no one cares about DNC databases. The "suspension" is no different than what I was talking about.

While it's not explicitly a permanent ban yet, it is far beyond the time required to fix it.

punish, thereby helping their preferred candidate. These people who are claiming "what's the big deal?" are full of shit.

to prove they've destroyed all data, that is really impossible.

look at post 1 - so out of proportion.

on this very thread....trying to blame HRC for it...

so he pulled a Weathervane and BECAME a Democrat...(just as I said he would have to...before he could get on the ticket in New Hampshire)

http://blogs.wsj.com/washwire/2015/11/08/bernie-sanders-i-am-a-democrat-now/

Gotta go wash up and change now.

all that slobber everywhere...

find out who has the contractor in their back pocket first.

that crazy ass Conspiracy Theory.....

Hillary taunted him with her data!!!! How dare she!!!

We needs to wait for the facts.

Damn, chill out.

I'm sure this will all come out soon. Otherwise, the DNC will look even worse than it already does.

there is any real difference between the DNC and the Hillary campaign.

do you have ANY crumb of evidence supporting this conspiracy theory?

prohibits them looking at data they were not supposed to even if accidentally given permission

It's typically up to the vendor to properly secure data so that this is not possible without extensive intentional hacking. The guy who accessed it was fired. That's fair. But totally denying the campaign access "indefinitely" is not.

I guarantee you that the contractual agreement required them to not access data they are not supposed to even if accidental access is granted.

That puts the onus on the Sanders campaign. Had they simply reported it, it would be a non issue.

Instead, they stole the data.

Then, when caught, a staffer got blamed and fired.

Nowhere in any article I have seen is ANYBODY saying data was "stolen". You, and other Shrillaries on this and other boards, are the only ones making that slanderous accusation.
Again, your shrieking reeks of desperation.

Can't have it both ways.

I can argue in circles with the best of them. Ask my wife!
The firing is/was politics at the very least. Whether it is anything else we will have to wait and see. Anyone making false accusations on EITHER side, is not interested in the truth, IMHO.
Have a nice day.

enters my house and steals my valuables...it isn't their fault? Oh, I always thought it was.

to ensure the doors are locked at all times. A key factor is that when you're dealing with YOUR property, that's one thing. But data vendors deal with OTHER PEOPLE'S data. And because they're not just protecting their own data but also the data of other people/organizations, they are held to a higher standard than you are personally.

You obviously have never read a contract from a third party vendor that warehouses data.

I have never once read one, regardless of the service provided, that did not have a data access clause prohibiting you from accessing data that you have been accidentally granted privilege to.

I even see this same clause in agreements that provide nothing more that help desk support!

The onus was on the Sanders campaign and they still stole the data.

So naturally, Debbie punishes the alerter.

and took valuables. Now they at least need to hand the valuables back over to the owner.

in fact not the same as forgetting to lock the door.

I am in my own house and a new door appears. I go to check it out and am teleported into your house.

that you could exploit later part.

No articles I have seen have said anything was recorded.

"Uretsky says he got into the system to create a record to make it clear to anyone with NBG-VAN knowledge that he was "going through stuff that I wasn't supposed to have access to."

Straight from the horses mouth.

So he providing them proof of their incompetency that had been reported and ignored multiple times.

No data was taken per your quoted cnn blurb.

and O'Malley's data. It does seem that Sanders group notified the software company months before this event about the problem.

If the voter data that Bernie has been gathering has been inputted into the software, I think he may been the one being snooped on.

Of course the DNC is all about demonizing Sanders camp for this so that won't be discussed.

and that's why he got fired.

It is Bernie who fired him, not the DNC, etc.

when does entrapment occur?

That said I think this is much ado about very little.

This place is hilarious today.

I couldn't see a lawyer arguing that his client was entrapped after stealing money from a register that was left open because it had been reported that the cashier had left it open several times in the past.

I can't latch onto that logic, sorry.

But again, I hope they give him access back.

I'd think a director would have better sense.

If I accidentally leave my door unlocked and someone trespasses, that person is free of guilt?

Especially after you complained months ago that new doors keep appearing in your house.

that 3 Hillary supporters said almost the exact same phrase about the security breach? 'Leaving the door open and someone steals something.....thief.....blame' was said in about 45 min time, in this short thread. Does any one else see a 'trend'?

Z

Last edited Fri Dec 18, 2015, 01:16 PM - Edit history (1)

There is not just the wording in the vendor contract regarding agreeing to not access others' data regardless of system permissions. There are also usually requirements of notices to be posted in various point of the application presenting the data. A notice stating that you are authorized to see what you are about to see, etc. Standard stuff, really.

There is also likely more than one contract or relationship to this. One contract with the DNC and the IT vendor...contracts between the various campaigns and the DNC. Who knows how it works. Is it the DNS who actually owns the data? Are we sure about that?

I dont think we have enough information to know exactly what happened.

The stories indicated a misconfigured firewall was the problem.....which could suggest that each campaign has their own database which are all firewalled off from each other. But it is hard to believe that this would be the only layer of security. Normally you would expect to also see at least one more layer of security when accessing the database.

The firewall is used to prevent your computer from seeing anything behind it. You dont know its there.

The database security would be where you can designate among those who are allowed past the firewall, which users have read only access, which have read / write access, etc.

This database layer of security is normally based on a specific login of the end user.

Thus, its hard to imagine that the clinton data was behind a firewall, and that an accidental opening in that firewall allowed sanders users to get to the clinton data, and that user IDs from the sanders staff would have had access at the database level to see anything other than maybe the names of the databases. Because you would assume that the Sanders' staff IDs do not have access to the Clinton data, and vice versa.

But who knows how well this system was designed, or how old it is, etc. Does each campaign use the same application front end, and then they get the data for the specific campaign based on who is logged into the application?

All of that aside, I would say that the reaction by the DNC seems off base. There should be no issue determining what was accessed assuming they have the logs that record security events configured correctly. This is also a common way to see who accessed the data in question. If you take that information and compare it with the statements of the fired sanders staffer, you should be able to see if his statements match the events that were logged in the system. He appears on the surface to be willing to explain what he did in detail.

Anyway, this IT security stuff is always messy, and more so when you have outside vendors involved. In my experience, you first correct the problem and ensure the data is safe, then you take your time gathering logs (which are facts) and piecing together exactly what took place. Its practically never an entire organization that is knowingly working in concert to acquire unauthorized information, so it seems off base to react against the entire sanders campaign, unless the DNC would have walked thru the logged events that indicate the entire campaign is responsible, and maliciously so.

Editing to add that i have no idea how the system in question works, and no idea what actually happened. I just wanted to point out what a few possibilities could be, and point out that there are normally multiple points of security and not just one. There are also multiple divisions of responsibility relative to the security of the system and its data. The comparisons to leaving the door to your house open just don't work at all due to the complexities - both technical and legal - that are involved with IT security.

campaign for the party's voter file? How does this hurt Bernie and what can we do?

One thing I have done is I did a donation to his campaign like we all did when her PAC let loose on him.

and her private servers




Private servers............ think about that.