Jump to content

So about that awesome RNC IT security


AUUSN

Recommended Posts

The RNC Files: Inside the Largest US Voter Data Leak

In what is the largest known data exposure of its kind, UpGuard’s Cyber Risk Team can now confirm that a misconfigured database containing the sensitive personal details of over 198 million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC) in their efforts to elect Donald Trump. The data, which was stored in a publicly accessible cloud server owned by Republican data firm Deep Root Analytics, included 1.1 terabytes of entirely unsecured personal information compiled by DRA and at least two other Republican contractors, TargetPoint Consulting, Inc. and Data Trust. In total, the personal information of potentially near all of America’s 200 million registered voters was exposed, including names, dates of birth, home addresses, phone numbers, and voter registration details, as well as data described as “modeled” voter ethnicities and religions.

This disclosure dwarfs previous breaches of electoral data in Mexico (also discovered by Vickery) and the Philippines by well over 100 million more affected individuals, exposing the personal information of over sixty-one percent of the entire US population.

https://www.upguard.com/breaches/the-rnc-files

Link to comment
Share on other sites





That's interesting since there are only 147 million registered voters in the US and that includes Democrats too.   Makes you wonder if this is fake news or did the data base contain everyone who had EVER been a registered Republican going back to the last century? 

http://www.statisticbrain.com/voting-statistics/

Link to comment
Share on other sites

17 minutes ago, AUUSN said:

^^^^Didnt read the article.

The OP refers to 200 million registered voters which is incorrect...in fact, not even close in if you look at my link......thus which casts doubt on the entire article....Just calling BS on the OP. and of course there was no claim that anyone accessed the files...

Link to comment
Share on other sites

10 hours ago, AU64 said:

The OP refers to 200 million registered voters which is incorrect...in fact, not even close in if you look at my link......thus which casts doubt on the entire article....Just calling BS on the OP. and of course there was no claim that anyone accessed the files...

Read the article, then speak.

Link to comment
Share on other sites

29 minutes ago, TitanTiger said:

Read the article, then speak.

Hey...I read the article and still think it is BS....file left unprotected...does not mean anyone accessed it...and the numbers still don't make sense....and what do you know about Upguard?    not much I bet.

Link to comment
Share on other sites

2 minutes ago, AU64 said:

Hey...I read the article and still think it is BS....file left unprotected...does not mean anyone accessed it...and the numbers still don't make sense....and what do you know about Upguard?    not much I bet.

I'm referring to your math.

Link to comment
Share on other sites

20 minutes ago, TitanTiger said:

I'm referring to your math.

:dunno:  guess you need to be more specific.....article talks about nearly 200 million registered voter records....whereas the link which I think is pretty good refers to 147 million and I validated that a couple places....the thought that the RNC had them all is beyond belief.   

As for UPGuard...that was a self-promotion piece and looks like they were out looking for hacking opportunities and found the RNC sub contractor. ...sloppy work by that company no doubt....but even more interesting in my view is that thus far no news service, not even Huffington as far as I can find,  has picked up this huge story.  So maybe it's not actually news.

Makes me think that some folks on this forum were hoodwinked.

Link to comment
Share on other sites

10 minutes ago, AU64 said:

:dunno:  guess you need to be more specific.....article talks about nearly 200 million registered voter records....whereas the link which I think is pretty good refers to 147 million and I validated that a couple places....the thought that the RNC had them all is beyond belief.   

As for UPGuard...that was a self-promotion piece and looks like they were out looking for hacking opportunities and found the RNC sub contractor. ...sloppy work by that company no doubt....but even more interesting in my view is that thus far no news service, not even Huffington as far as I can find,  has picked up this huge story.  So maybe it's not actually news.

Makes me think that some folks on this forum were hoodwinked.

Give up 64. You have given referenced information of why you think the OP info was misleading along with your commentary. The only commentary back has been to infer you did not read the article. They are making no counter argument. To paraphrase Johnny Tyler "its like talking with my brother's kids".

Link to comment
Share on other sites

1 hour ago, 80Tiger said:

Give up 64. You have given referenced information of why you think the OP info was misleading along with your commentary. The only commentary back has been to infer you did not read the article. They are making no counter argument. To paraphrase Johnny Tyler "its like talking with my brother's kids".

You are probably correct...but I think this part of the forum has been hijacked by some people who think they can post any crap they want as long as there is a link to it....or say whatever they like without being challenged about it.    

On many of the issues there are two sides (or more) and I'm willing to defend my views but I'm not going to be browbeat by some of those people with opposing view points who act as if they are the only source of truth or who think that anyone who disagrees with them must be irrational.  

The site is supposed to be a place for exchange of views...but some folks can't seem to deal with "serious meaningful discussion" without getting snarky or abusive.

Link to comment
Share on other sites

2 hours ago, AU64 said:

:dunno:  guess you need to be more specific.....article talks about nearly 200 million registered voter records....whereas the link which I think is pretty good refers to 147 million and I validated that a couple places....the thought that the RNC had them all is beyond belief.   

As for UPGuard...that was a self-promotion piece and looks like they were out looking for hacking opportunities and found the RNC sub contractor. ...sloppy work by that company no doubt....but even more interesting in my view is that thus far no news service, not even Huffington as far as I can find,  has picked up this huge story.  So maybe it's not actually news.

Makes me think that some folks on this forum were hoodwinked.

Ok, let's look at that third paragraph I told you to read:

The data exposure provides insight into the inner workings of the Republican National Committee’s $100 million data operation for the 2016 presidential election, an undertaking of monumental scope and painstaking detail launched in the wake of Mitt Romney’s loss in 2012. Deep Root Analytics, TargetPoint, and Data Trust—all Republican data firms—were among the RNC-hired outfits working as the core of the Trump campaign’s 2016 general election data team, relied upon in the GOP effort to influence potential voters and accurately predict their behavior. The RNC data repository would ultimately acquire roughly 9.5 billion data points regarding three out of every five Americans, scoring 198 million potential US voters on their likely political preferences using advanced algorithmic modeling across forty-eight different categories.

 

You said:

That's interesting since there are only 147 million registered voters in the US and that includes Democrats too.   Makes you wonder if this is fake news or did the data base contain everyone who had EVER been a registered Republican going back to the last century? 

 

This is why you were told to read the article.  Your contention here is off base.  The database contains around 200 million potential voters.  Thus how many registered voters there are is irrelevant and is useless as a reason to cast doubt on the article.

Link to comment
Share on other sites

2 hours ago, 80Tiger said:

Give up 64. You have given referenced information of why you think the OP info was misleading along with your commentary. The only commentary back has been to infer you did not read the article. They are making no counter argument. To paraphrase Johnny Tyler "its like talking with my brother's kids".

You didn't read either.

Link to comment
Share on other sites

20 minutes ago, TitanTiger said:

You didn't read either.

Evidently you didn't. The statement in the first paragraph that is emphasized is as quotes "In total, the personal information of potentially near all of America's 200 million registered voters was exposed..".. That is a statement of fact. Later he changes to 198 million potential voters. Crap article with crap "facts".

Link to comment
Share on other sites

Just now, 80Tiger said:

Evidently you didn't. The statement in the first paragraph that is emphasized is as quotes "In total, the personal information of potentially near all of America's 200 million registered voters was exposed..".. That is a statement of fact. Later he changes to 198 million potential voters. Crap article with crap "facts".

It's a security research firm, not a journalistic enterprise.  Stop dismissing embarrassing news over technicalities.  

Link to comment
Share on other sites

10 minutes ago, TitanTiger said:

It's a security research firm, not a journalistic enterprise.  Stop dismissing embarrassing news over technicalities.  

While we're at it though, they linked to the number for all of America's registered voters:

http://www.politico.com/story/2016/10/how-many-registered-voters-are-in-america-2016-229993

So regardless of how it's worded, the numbers are not a reason to dismiss the article.  There is no national database of registered voters so to some degree these things are estimates anyway.  The bottom line is, a sh**load of voters had their personal information leaked due to lax security.  Whether it's 149 million, 170 million or 198 million, if you're arguing over that you're completely missing the point, or deliberately avoiding it.

The sooner you stop using "fake news!" as a crutch for stuff you don't like, the better off you'll be.

Link to comment
Share on other sites

I'll also note, in the link to The Hill that I posted, the contractor responsible for the breach has already admitted their error:

Quote

"We take full responsibility for this situation," said the contractor, Deep Root Analytics, in a statement. The databases were part of 25 terabytes of files contained in an Amazon cloud account that could be browsed without logging in. The account was discovered by researcher Chris Vickery of the security firm UpGuard. The files have since been secured. Vickery is a prominent researcher in uncovering improperly secured files online. But, he said, this exposure is of a magnitude he has never seen before. 

Again, kneejerking to "fake news" any time you don't like something is ignorant.

Link to comment
Share on other sites

22 minutes ago, TitanTiger said:

I'll also note, in the link to The Hill that I posted, the contractor responsible for the breach has already admitted their error:

Again, kneejerking to "fake news" any time you don't like something is ignorant.

That seems to be the M.O. of the WH and those who support him. 

Link to comment
Share on other sites

28 minutes ago, 80Tiger said:

Evidently you didn't. The statement in the first paragraph that is emphasized is as quotes "In total, the personal information of potentially near all of America's 200 million registered voters was exposed..".. That is a statement of fact. Later he changes to 198 million potential voters. Crap article with crap "facts".

thanks....saved me from having to call attention to that opening statement...but I will anyway.

In what is the largest known data exposure of its kind, UpGuard’s Cyber Risk Team can now confirm that a misconfigured database containing the sensitive personal details of over 198 million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC) in their efforts to elect Donald Trump

Opening statement was offered as a "fact".....nothing about potential ....and I sure wasn't going to parse that "business development" piece to see if they would later acknowledge that their first paragraph was unsubstantiated BS.

Meanwhile, again I suggest that you check out the source.  This was not a news source but was just  a release direct from the company with no validation....just weasel worded comments and and numbers that did not even pass the smell test.  

This issue of accessible data bases is worth discussing for sure....and numerous commercial enterprises and the US government has been hit up for truly valuable  private information such as social security numbers and credit card numbers.       

Link to comment
Share on other sites

1 minute ago, GiveEmElle said:

That seems to be the M.O. of the WH and those who support him. 

Getting some people to admit even the smallest problems with their side is like trying to nail Jello to a wall.

Link to comment
Share on other sites

2 minutes ago, AU64 said:

thanks....saved me from having to call attention to that opening statement...but I will anyway.

In what is the largest known data exposure of its kind, UpGuard’s Cyber Risk Team can now confirm that a misconfigured database containing the sensitive personal details of over 198 million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC) in their efforts to elect Donald Trump

Opening statement was offered as a "fact".....nothing about potential ....and I sure wasn't going to parse that "business development" piece to see if they would later acknowledge that their first paragraph was unsubstantiated BS.

Meanwhile, again I suggest that you check out the source.  This was not a news source but was just  a release direct from the company with no validation....just weasel worded comments and and numbers that did not even pass the smell test.  

This issue of accessible data bases is worth discussing for sure....and numerous commercial enterprises and the US government has been hit up for truly valuable  private information such as social security numbers and credit card numbers.       

Again, the contractor who was responsible for data security for the RNC has already admitted to the breach and that they were at fault.  All this back and forth over Upguard, whether it was 150 million or 200 million is a smokescreen for not wanting to simply deal with the issue at hand.  Let us know when you're ready to accept the reality that the breach happened.

Link to comment
Share on other sites

1 minute ago, TitanTiger said:

Getting some people to admit even the smallest problems with their side is like trying to nail Jello to a wall.

And that simile has me picturing Cosby nailed to a wall. Ah, the danger of imagery.

Link to comment
Share on other sites

10 minutes ago, TitanTiger said:

Again, the contractor who was responsible for data security for the RNC has already admitted to the breach and that they were at fault.  All this back and forth over Upguard, whether it was 150 million or 200 million is a smokescreen for not wanting to simply deal with the issue at hand.  Let us know when you're ready to accept the reality that the breach happened.

If you mean a breach like this one..... http://abcnews.go.com/Politics/dnc-data-breach-happened-means-bernie-sanders-campaign/story?id=35841222  

No....probably not.....because no evidence of an actual breach was supplied.  Notice they use the word "exposure" which I bet their lawyers chose and I'm almost willing to bet that UPguard did not actually breach the data base or take a look because there is a good chance such action would be illegal.  So they don't actually know what or how much was in there. 

Meanwhile, what ever happened to the DNC's consultants who let their system get hacked?

And I still have free credit check because someone hacked accounts with a company that had me on file.    The times we live in.

But if it makes you feel good that someone responsible for one of the RNC data bases did a poor job....enjoy yourself.   That piece was pure "click bait"....and I'm sure they got lots of hits from the left. 

Link to comment
Share on other sites

16 minutes ago, AU64 said:

Irrelevant.  We are discussing this data breach.  Start a new thread on the DNC breach if you think there's still something worth discussing there.

 

Quote

No....probably not.....because no evidence of an actual breach was supplied.  Notice they use the word "exposure" which I bet their lawyers chose and I'm almost willing to bet that UPguard did not actually breach the data base or take a look because there is a good chance such action would be illegal.  So they don't actually know what or how much was in there. 

The contractor who was responsible for the data security with the RNC has already admitted fault.  That's all the evidence you need.  And I think you're nitpicking semantics unnecessarily, but going with it for a second, they chose "exposure" because it didn't take any hacking to get into it, thus a "breach" would be too strong a term.  That's because...

The databases were part of 25 terabytes of files contained in an Amazon cloud account that could be browsed without logging in. The account was discovered by researcher Chris Vickery of the security firm UpGuard. The files have since been secured. 

They did nothing illegal.  The stupid security contractor put it out there in the clear for anyone to see.

 

Quote

Meanwhile, what ever happened to the DNC's consultants who let their system get hacked?

Don't know.  Doesn't matter.  Stick to the topic.

 

Quote

And I still have free credit check because someone hacked accounts with a company that had me on file.    The times we live in.

But if it makes you feel good that someone responsible for one of the RNC data bases did a poor job....enjoy yourself.   That piece was pure "click bait"....and I'm sure they got lots of hits from the left. 

No one said it made them "feel good."  The post was put up because at the time of the DNC hacking, there was talk about how the RNC had better security.  It's not clickbait, it's pure fact.  I'm sorry that it interferes with your reality prevention shields.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...