Thanks.

Clinton and DWS are as bad as Rove. Birds of a feather.

and complete B***S*** and not worthy of any person who supports Democratic Underground.

Shame on you!

They took data. This is a provably fact.

You can argue that the security was flawed, but you can't pretend Clinton is the bad guy here.

Not unless you've completely left the realm of reality.

.


If you are handling accounts for internal clients, and perform services for partner-firms--

SECURITY BREACHES are NOT TOLERATED--AT ALL!


The fact that there have been multiple exposures of other client's information should warrant an immediate termination of the contract. Is is quite apparent that the vendor, and the DNC do not take the issue of data security seriously!



If you logged onto your bank account or credit card system and saw someone else's account information:

WOULD YOU KEEP THAT ACCOUNT OR CANCEL IT, KNOWING SOMEONE ELSE MIGHT BE SEEING YOUR INFORMATION?


.

who would be taking over? I think that isn't a true representation of what would happen. It would take at least a day or two to get a replacement and longer to do a turnover, for which you would still need that terminated contractor.

Nothing like a firing after a breach to instill confidence in the shareholders. I am glad my company has a little more sense to calm down and think it through.

.


It's not like this had just popped up the other day, this was over 6-7 months in process.

There should have been contingencies in place, and plans for a migratory path staged.

===

What happens if they were housed at or near WTC-like event? What would you do for business continuity?

The fact that the DNC is sticking with this provider, when their IT architectural plans and system's designs seem woefully malconstructed, is a wonderment of possible cronyism.

===

Oh, and no, it would take a few months to transition properly. That is all an outsourcer needs to acquire a data center. Connect to the network, or get a copy of system tapes, bring up a shadow system at the outsourcer's site and study the layout.


The fact that a firewall is to blame, shows there was virtually no security, no session-state account tokens, no userid checking on the back-end side, nothing locking down the database, etc. This is a hacker's delight, not only from the outside, but from a mole.


.

I am going to wait on forensics reports to be released, if they are.

It just may. From personal servers, to DNC data banks to social media, lets face it, h is not doing too well.


Maybe Luddites will always love her?

keep the sarcasm thingo handy.

Whet she can really mess shit up.

proof, they say you stole it. Look at the log, the guy labeled everything as _bernie. He left the audit trail all the way through it.

...there was no attempt otherwise to conceal.

by Chris Johnson (580)

NGP-VAN, the company that stores this data, which is run by an old Clinton hand who worked for them in 1992, the company paid $34,000 by Ready For Hillary, was repeatedly dropping their firewall between the two major Dem campaigns, Clinton and Sanders.

A guy who’s now fired from the Sanders team observed this. They complained once and were given assurances by the company that it was a mistake and wouldn’t happen again. Then it happened again. The guy decided to gauge how deeply the Clinton campaign was able to read into the Sanders campaign, by experimenting to see how much of the Clinton data he could get. That’s a bad call but by information security standards it’s not unthinkable: it’d be called a white hat intrusion, seeing how much of the firewall was down by probing the other side and assuming your own data was revealed exactly the same way. It does matter, but you still have to fire the guy.

One thing we can be sure of is, anything open to ‘stealing’ on the Clinton side was just as open on the Sanders side, literally. It’s the same system and the same firewall, and if the firewall keeps mysteriously going down for no good reason you have to wonder what’s up and more relevantly what’s being made available to those on the other side of the firewall, which might explain why the firewall’s going down like that.

The Sanders people did NOT throw a fit the first time this happened. But this time, the Sanders guy got caught crossing the nonexistent firewall. We have no information at all on whether anybody from the Clinton side was doing the same thing. During that time there WAS NO firewall and the guy wasn’t hacking, he was browsing, as anybody on either side could have done during those windows.

I think that’s accurate so far. The behavior of the firewall is important, whether or not it’s suspicious as a planned exploit of the Sanders data run by Clinton people who are at the DNC and at NGP-VAN.

In response to the Sanders guy browsing over and seeing data (how do they know? Because HE TOLD THEM. The Sanders team were the ones reporting this, that’s part of the story), the DNC suspended access by the Sanders campaign to THEIR OWN DATA at a crucial time. In order to get access back, at least as of this morning, the requirement is for the Sanders campaign to prove it has destroyed all data that it didn’t necessarily even download (remember, Sanders guy claims he was exploring the Clinton system because it would mirror the vulnerability of the Sanders system, and he’s not IN the Clinton system to go and browse the Sanders side to see how much is revealed, but he was IN the Sanders side and could look at the Clinton side and reasonably conclude that his own side was equally compromised)

And social media is blowing the hell up, not unreasonably, because it’s a goddamn hatchet job combined with a kneecapping to yank access by the Bernie campaign to its OWN DATA because a guy from the Bernie campaign passively browsed through a firewall he didn’t himself disable, a firewall run by a company controlled by Clinton partisans which had been going down already for reasons unknown.

If they tried to repeat the DNC bullcrap to their tech peers, they know they'd get their asses handed to them. Slashdot has a robust moderation system.

If the DNC presses on with this, they will face an ever-widening credibility gap as non-techies make more and more references to the tech press.

......and several other very useful data sets saved it.

One doesn't "passively browse" selected data, and one doesn't save "passively browsed" data.

got access to and downloaded, or had the DNC and/or their Vendor, send them the Sanders campaign's information? I know that forensic IT can recover deleted info, but not if it was overwritten many times. I also know that it can be time consuming and expensive to do this. I don't know much about audit trails and the like. Can someone answer this for me?

I find it transparent that neither the DNC nor the Clinton campaign criticized the Vendor. The young guy that ordered the download had to be very frustrated since they had already complained of the dropped firewall and been assured by both the DNC and the Vendor it wouldn't happen again.

I am also worried when I see Rachel Maddow run a "Special Report" first on a serious situation that has been around at least since the mayor of Flint declared a state of emergency a week or two ago. She then spent a relatively small amount of time on this story before going to Trump and the Republicans. She did not even mentioning that this was at least the second time this has happened, and that Bernie's team had brought it to their attention and was given the assurances it wouldn't happen again. This is pretty key to the story!

as the firewall, at the time, was NOT THERE.

data entered by the Clinton campaign. Otherwise, the queries might come back looking like nothing was amiss.

The two campaigns essentially share the same database. Its the specific tags that each campaign puts on the voter data that is critical; Like the campaigns themselves, the data is focused on voters in the early states.

IOW: When hacking a bank to show a gaping (but ignored) hole, you don't restrict yourself to poor people.

Explanations like this are why I read DU.

Could beba lot off reasons. Or could have been unintentional and for no reason.

Do we know whether Hillary saw any of Bernie's information?

That's all I am going to say.

or being so wide that they fetch the whole database.

What he did, and leaving the queries with 'bernie' tags, makes complete sense from the standpoint of documenting the problem.

No hiding, no secrecy. They did exactly what they claimed to have done: proved that the data was vulnerable and exposed.

It could just as well have been the system appending it.

System-generated usernames don't usually look like that.

2. The DNC beat him to the press.

Dirty campaigns use dirty tricks. Lots of 'em.

It ain't just by chance or for no good reason that the majority of American don't trust Hillary Clinton and those that do her dirty work even less.

by Chris Johnson (580)

NGP-VAN, the company that stores this data, which is run by an old Clinton hand who worked for them in 1992, the company paid $34,000 by Ready For Hillary, was repeatedly dropping their firewall between the two major Dem campaigns, Clinton and Sanders.

A guy who’s now fired from the Sanders team observed this. They complained once and were given assurances by the company that it was a mistake and wouldn’t happen again. Then it happened again. The guy decided to gauge how deeply the Clinton campaign was able to read into the Sanders campaign, by experimenting to see how much of the Clinton data he could get. That’s a bad call but by information security standards it’s not unthinkable: it’d be called a white hat intrusion, seeing how much of the firewall was down by probing the other side and assuming your own data was revealed exactly the same way. It does matter, but you still have to fire the guy.

One thing we can be sure of is, anything open to ‘stealing’ on the Clinton side was just as open on the Sanders side, literally. It’s the same system and the same firewall, and if the firewall keeps mysteriously going down for no good reason you have to wonder what’s up and more relevantly what’s being made available to those on the other side of the firewall, which might explain why the firewall’s going down like that.

The Sanders people did NOT throw a fit the first time this happened. But this time, the Sanders guy got caught crossing the nonexistent firewall. We have no information at all on whether anybody from the Clinton side was doing the same thing. During that time there WAS NO firewall and the guy wasn’t hacking, he was browsing, as anybody on either side could have done during those windows.

I think that’s accurate so far. The behavior of the firewall is important, whether or not it’s suspicious as a planned exploit of the Sanders data run by Clinton people who are at the DNC and at NGP-VAN.

In response to the Sanders guy browsing over and seeing data (how do they know? Because HE TOLD THEM. The Sanders team were the ones reporting this, that’s part of the story), the DNC suspended access by the Sanders campaign to THEIR OWN DATA at a crucial time. In order to get access back, at least as of this morning, the requirement is for the Sanders campaign to prove it has destroyed all data that it didn’t necessarily even download (remember, Sanders guy claims he was exploring the Clinton system because it would mirror the vulnerability of the Sanders system, and he’s not IN the Clinton system to go and browse the Sanders side to see how much is revealed, but he was IN the Sanders side and could look at the Clinton side and reasonably conclude that his own side was equally compromised)

And social media is blowing the hell up, not unreasonably, because it’s a goddamn hatchet job combined with a kneecapping to yank access by the Bernie campaign to its OWN DATA because a guy from the Bernie campaign passively browsed through a firewall he didn’t himself disable, a firewall run by a company controlled by Clinton partisans which had been going down already for reasons unknown.

Here's the main point: Clinton/DWS are complaining because a Sanders dude accessed data when Clinton/DWS compromised their own fucking system! Clinton/DWS have no standing for outrage.

THAT is something I am most definitely curious about. Especially since it was basically Clinton's people dropping the firewall in the first place.

I'm glad I wasn't swallowing my coffee when I read that

A term coined by Betsey Wright, Clinton's gubernatorial campaign manager in Arkansas.
https://en.wikipedia.org/wiki/Betsey_Wright

James Carville and Paul Begala worked on the squad during the Washington years. There's a lot of documentation on the web about this, just waiting to be dragged out again in the general election campaign if HRC is the nominee.

...I took it as referring to a certain group of posters on DU, since it was so very descriptive.

Thanks for the info...and the laugh.

Their actions don't make zero sense if they were making a conscious effort to discredit their biggest opponent.

This is ridiculous. The DNC has royally pissed off a lot of people.

And you can bet once in office it will roll the same way. Goldman Sachs anyone?

be satisfied or very enthusiastic to see her as the Democratic nominee.

Expecting a fact based response is unlikely to be fruitful.

This was known since Oct. Of course she knew. She could turn out to be secretly working for Bush or an Alien and you would still support her. This time her campaign messed up bad. Watch.

Liberal pundits are lining up saying they will boycott her and vote third party. She's tearing apart the party. At this point it's selfish to support her. And by the way Clinton could access all Bernies voting data too. He was the one who altered to this in October. I know the Wall St War Machine wants Hillary but there are waaaaay more of us then them. Hillary will implode....again. There's so little to attack Bernie on and no racist innuendo like she did with Obama.

You do not. No more nightmares please.

They knew a lawsuit would bring the facts to the light of day. They are that both campaigns could read each other's data. Bernie reported this in October. We all know Hillary was accessing because her family friend and CEO of the data company wouldn't fix it. They didn't need to download to view and could've done a lot by hand. Smarter maybe. But way dirtier.

but does that mean the lawsuit is off? I hope not. I want discovery. And I'd happily donate extra specifically to get that.

Fire-able and illegal are two very different things in this case.

And no... Its not illegal if you already reported the hole and you left the evidence intact and and you highlighted it and you didn't use the data to your own advantage. Sorry, that is a bucket of fail that the IT industry will never line up for (though DWS is lining YOU up for it...) and the legal precedents agree.

This accusation could have worked 20 years ago. Too bad its 2015 and MSM do not define what is acceptable practice in technology.

Oh, I hope not. I'm afraid they will try. And hearing that Maddow hardly covered it really worries me.

I hope Berniemroadts their ass tomorrow night!

I was up in the wee hours last night, when this crap first hit the fan. The timing, the allegations, the "immediacy" of the accusations of data theft--all stunk like a dead skunk.

So, DWS, you've stepped in it BIG time. We, the vast Hoi Polloi, are not buying this Rovian ruse.

or are being robbed.

If Clinton is such a lock, as her supporters keep saying...why go to all this trouble to discredit and knee cap Sander's campaign efforts?

What are they afraid of if she's already got all the votes?

by snooping.

We know that Bernie's campaign did.

BTW, if you can prove Clinton's campaign used it, which they did not, and Bernie's did, how is it wrong for Clinton and not Bernie?

"They did it first!" is not an argument, except for children on the playground. And Clinton's campaign did not do it. Bernie's campaign is at fault.

BECAUSE THEY REPORTED IT!
THe real tell is did the Clinton campaign use the disappearing firewall to THEIR advantage? How many times? What data did they steal?
IF the lawsuit continues we will find these things out. Which explains perfectly why DWS caved so quickly.
I personally will contribute to fund the lawsuit's continuation, and will urge the Sander's campaign via telephone and emailto do so.

with the big endorsements Bernie has gotten in the last few days, their fear is showing.

lots of real-time issues....I learned pretty quick that whether or not your program that is at fault, you have to get as much evidence as possible proving 1) what happened, why, and what the permanent fix ; 2) it is not your program(s) ; and/or 3) what program/area is the problem.

So 24+ searches done is totally reasonable to DEBUG the problem and give as much info as possible to show the vendor how big of a hole there is.

BTW, great post, matches my experience, and links to info....bookmarked so I can refute posts by non-techies who like to distort and lie and have no clue as to how technology works.

They would have found a way to purge the log files. These database web apps are not rocket surgery or brain science, many people can hack them.
The log files are intact, thus they WANTED the vulnerability to be found.

support Clinton. She MUST RESIGN.

in getting this corrected in October?

Yes, obviously his campaign was stealing sensitive data from Clinton just to prove to the DNC that it was possible. Couldn't possibly have anything to do with, umm, the actual campaign they are running.

lol, that was semi-obligatory.

Thanks for the link.

Thanks for the thread, cprise.

And this is now news, when it didn't have to be.

(Source, I am a chief architect / vp of engineering for internet companies for the last 17 years).

I am very confused by the explanations coming for the DNC and vendor. There is not such thing as a 'firewall' that works this way. This is not how databases and security systems work.

A firewall prevents improper connections to a server / network. For example, most web sites are behind firewalls that block all incoming traffic except on port 80 and 443, which is port that web browsers hit (HTTP and HTTPS respectively).

Firewalls can also be configured to block people from behind the firewall from getting to certain sites ("The Great Firewall of China" is just one example.

Firewall in general do not filter or block content that is sent over one of the open points. Since the are probably using the secure protocol (HTTPS), that would be extraordinarily expensive.

More important, the content that was improperly served up was valid content that was sent to the wrong user. Firewalls have no concept of the person login on. Identity would be handled by the web applications.

Since the web application knows the identity of the person accessing the site, it is responsible for serving up the content. This is usually done through some sort of access control list (ACL). This is very old and well known technology which even predates the internet.

Nothing in their explanation of what went wrong makes any sense at any level. The idea that you could 'turn off' a firewall and give someone access to content is, well basically, insane. In nerd speak, 'it does not parse'.

To get the effect they had, someone would have to either have screwed up the initial configuration of the ACLs or someone purposefully reconfigured them. The former is in competence, the latter, well, why.

There are many other technical details and safeguards that would have 'come out of the box' meaning are basically free to implement.

I will be happy to answer any questions.