2016 Postmortem
Related: About this forumThere's an excellent analysis of the data breach posted on slashdot
I thought it could use it's own thread here, to counter some of the piss-poor analogies which have been posted lately.
Background (Score:5, Insightful)
by Chris Johnson (580) on Friday December 18, 2015 @11:16AM (#51143803) Homepage Journal
From what the news stories are saying, this firewall-dropping was happening repeatedly. So:
NGP-VAN, the company that stores this data, which is run by an old Clinton hand who worked for them in 1992, the company paid $34,000 by Ready For Hillary, was repeatedly dropping their firewall between the two major Dem campaigns, Clinton and Sanders.
A guy whos now fired from the Sanders team observed this. They complained once and were given assurances by the company that it was a mistake and wouldnt happen again. Then it happened again. The guy decided to gauge how deeply the Clinton campaign was able to read into the Sanders campaign, by experimenting to see how much of the Clinton data he could get. Thats a bad call but by information security standards its not unthinkable: itd be called a white hat intrusion, seeing how much of the firewall was down by probing the other side and assuming your own data was revealed exactly the same way. It does matter, but you still have to fire the guy.
One thing we can be sure of is, anything open to stealing on the Clinton side was just as open on the Sanders side, literally. Its the same system and the same firewall, and if the firewall keeps mysteriously going down for no good reason you have to wonder whats up and more relevantly whats being made available to those on the other side of the firewall, which might explain why the firewalls going down like that.
The Sanders people did NOT throw a fit the first time this happened. But this time, the Sanders guy got caught crossing the nonexistent firewall. We have no information at all on whether anybody from the Clinton side was doing the same thing. During that time there WAS NO firewall and the guy wasnt hacking, he was browsing, as anybody on either side could have done during those windows.
I think thats accurate so far. The behavior of the firewall is important, whether or not its suspicious as a planned exploit of the Sanders data run by Clinton people who are at the DNC and at NGP-VAN.
In response to the Sanders guy browsing over and seeing data (how do they know? Because HE TOLD THEM. The Sanders team were the ones reporting this, thats part of the story), the DNC suspended access by the Sanders campaign to THEIR OWN DATA at a crucial time. In order to get access back, at least as of this morning, the requirement is for the Sanders campaign to prove it has destroyed all data that it didnt necessarily even download (remember, Sanders guy claims he was exploring the Clinton system because it would mirror the vulnerability of the Sanders system, and hes not IN the Clinton system to go and browse the Sanders side to see how much is revealed, but he was IN the Sanders side and could look at the Clinton side and reasonably conclude that his own side was equally compromised)
And social media is blowing the hell up, not unreasonably, because its a goddamn hatchet job combined with a kneecapping to yank access by the Bernie campaign to its OWN DATA because a guy from the Bernie campaign passively browsed through a firewall he didnt himself disable, a firewall run by a company controlled by Clinton partisans which had been going down already for reasons unknown.
http://politics.slashdot.org/story/15/12/18/1536245/bernie-sanders-campaign-blocked-from-dnc-voter-info-after-improper-access
What did the Clinton campaign team know, and when did they know it? Why was their good friend repeatedly dropping the firewall?
WillyT
(72,631 posts)Matariki
(18,775 posts)Dragonfli
(10,622 posts)You noticed the door to the adjoining suites you shared a floor with was open and wanted to know if your neighbor could fit trough the door into your suite and steal your stuff, so you walked through to see, knowing if you could, hey, either your neighbor probably already did, or at least could.
You only did it because the door to the neighboring suite kept being left open by someone, and you knew it wasn't you.
Sure, you tried to complain to the building manager about it, maybe put a lock on the door or somethin', but he just said, "sure thing kid" - but never did and it kept happening.
I myself don't trust the building manager because he is old pals and the former roomie of the tenant in the adjoining suite whose door you kept noticing would often be open leaving you vulnerable to them.
Now another former roomie of your neighbor has locked you out of the building and that damn door between the suites is still likely wide open, so now you should go to court because it's your place and you have a right to be let into your own part of the building.
leveymg
(36,418 posts)And, on the other hand, if the Data Director was white hatting, why didn't he do the usual CYA thing and document what he was doing? Or did he - didn' t he and three staffers take screen shots of their browsing activities? Didn't the Bernie campaign notify DNC of this and DNC made it into a "breach"?
angrychair
(8,702 posts)Data integrity is serious business in that line of work. Based on the record of actions taking by the Sanders data steward, the reference data list (a list of the data set, not the voter data itself) was worthless. All of the access control information was linked by name to Sanders data steward and had Sanders name in the queries. No action was taken to hide the actions they were taking. Why? They were building a case to make that point there was a serious issue that needed to be addressed.
msongs
(67,420 posts)leveymg
(36,418 posts)Dragonfli
(10,622 posts)Metric System
(6,048 posts)Leftyforever
(317 posts)Joe the Revelator
(14,915 posts)K/R
pnwmom
(108,980 posts)and coordinated 25 specific searches through Hillary's data. And both NBC and ABC reported that they SAVED data -- they didn't just look at it.
oasis
(49,389 posts)Now, step into The DU Twilight Zone.
Electric Monk
(13,869 posts)oasis
(49,389 posts)for swiping cookies.
Electric Monk
(13,869 posts)Sanders' team initially reported it in October. Nothing was fixed. Why not? Somebody wanted it that way?
Here's an insightful post you may have missed:
Star Member Turn CO Blue (3,646 posts)
7. Lists of voters "HFA support 60-100" is the exact opposite of helpful to Sanders.
"HFA Combined Persuasion 80-100) is the exact opposite of helpful to Sanders.
"HFA Primary Priority 9-10" is the exact opposite of helpful to Sanders.
You'd want LOW scores to find voter lists that MIGHT be worth targeting by Sanders' campaign (worth calling at that point, however, they didn't pull those lists, and low scores like could also indicate leaning Republican or voting history that was heavily Republican)
These searches do seem to back up their story that they were trying to prove to vendor (once and for all) that the breach kept happening.
oasis
(49,389 posts)Maybe that's why the ring leader's head was rolled.
AgingAmerican
(12,958 posts)Things are getting spicy!!
oasis
(49,389 posts)BeanMusical
(4,389 posts)http://m.nextgov.com/cybersecurity/2015/12/bernie-sanders-has-his-own-computer-scandal-data-breach-exposed-hillarys-secret-info/124637/
pnwmom
(108,980 posts)there were numerous downloaded and saved searches.
And Huffington Post. And Time.
http://www.huffingtonpost.com/entry/sanders-sues-dnc_56748b06e4b06fa6887d883e?ncid=fcbklnkushpmg00000013§ion=politics
Though Sanders' campaign has insisted that it did not keep the data its staffers viewed, Time magazine reported Friday that those staffers appear to have obtained files with lists of voters that the Clinton campaign had cultivated in 10 early states including Iowa and New Hampshire and that the staffers created from scratch no fewer than 24 lists -- consisting entirely of data pulled down from the Clinton campaigns database -- and saved them to their personal folders.
SNIP
In addition, the Sanders campaign has said that it did not download or retain any of the Clinton campaigns data, and Weaver reiterated that claim on Friday afternoon at a press conference in Washington. This campaign does not possess any data, does not retain any data and does not want any data, said Weaver.
But the records from the NGP VAN software indicate that Sanders staffers did in fact save data to its own folders.
BeanMusical
(4,389 posts)I doubt that anyone can teach you or anybody else how all this works in one post. It usually takes years.
pnwmom
(108,980 posts)because he's ethical.
grasswire
(50,130 posts)because he's ethical?
you're not? what does that mean?
pnwmom
(108,980 posts)are trying to justify, on the "white hat" theory.
You don't go around stealing other political campaigns' voter targeting information, downloading dozens of searches into your own folder, on the white hat theory. Not if you're ethical.
Which is why they fired Uretsky and didn't even let him resign.
And yet for some inexplicable reason Bernie supporters feel the need to defend the guy.
Leftyforever
(317 posts)not true ...those are all unsubstantiated claims...every single one of them
uponit7771
(90,347 posts)... disenginous at best
DirkGently
(12,151 posts)murielm99
(30,745 posts)Imagine that! A Democrat working for the VAN company! Who do they think is going to run the company? Karl Rove? Boehner?
AtomicKitten
(46,585 posts)Politico has a headline screaming "Clinton Goes For the Jugular" http://www.politico.com/story/2015/12/clintons-offense-will-be-personal-216962 indicating she was poised for the attack on the heels of the DNC's kabuki theater regarding the data breach. The Sanders campaign clearly were able to prove they had warned the DNC about the faulty firewall months ago, putting the onus of mismanagement back where it belongs, on the vendor and the DNC, both solidly in the Clinton camp. And the scheme to frag Bernie goes poof.
BeanMusical
(4,389 posts)Doctor_J
(36,392 posts)Slimier with each passing day. The republicans used to be the only ones with morals like this. Now the dinos have infested my party.
Uncle Joe
(58,366 posts)Thanks for the thread, Electric Monk.