General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsRemember when Hillary's info in the DNC database was breached, and some of Bernie's people
noticed that the "wall was down" and decided to take a look and then save some stuff into a file?
They insisted though, that they hadn't done any hacking themselves. And I think they were telling the truth.
I bet that when Guccifer and other Russian hackers were playing with the DNC system, they got into the database and THEY took the wall down -- knowing that one side or the other would notice the missing "wall" and go exploring.
So the "different problem" Mr. Tamene was tied up with when the FBI called (see below) was actually part of the SAME problem. The Russians were actively hacking the election on many fronts.
https://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html?_r=0
Mr. Tamenes initial scan of the D.N.C. system using his less-than-optimal tools and incomplete targeting information from the F.B.I. found nothing. So when Special Agent Hawkins called repeatedly in October, leaving voice mail messages for Mr. Tamene, urging him to call back, I did not return his calls, as I had nothing to report, Mr. Tamene explained in his memo.
In November, Special Agent Hawkins called with more ominous news. A D.N.C. computer was calling home, where home meant Russia, Mr. Tamenes memo says, referring to software sending information to Moscow. SA Hawkins added that the F.B.I. thinks that this calling home behavior could be the result of a state-sponsored attack.
Mr. Brown knew that Mr. Tamene, who declined to comment, was fielding calls from the F.B.I. But he was tied up on a different problem: evidence suggesting that the campaign of Senator Bernie Sanders of Vermont, Mrs. Clintons main Democratic opponent, had improperly gained access to her campaign data.
world wide wally
(21,757 posts)Give me one reason why they wouldn't
R B Garr
(16,995 posts)He should have pointed out the Russian hacking and all the other peculiarities mentioned instead of firing people.
Tom Rinaldo
(22,917 posts)Last edited Sun Jun 25, 2017, 01:30 PM - Edit history (1)
Even though I think he believed they had no ill intent. That happens in life as well as politics. Sanders was under a ton of pressure to fire them because they made some on the spot decisions that it was difficult for the Sanders campaign to defend, which would have hurt the Sanders campaign at that moment in time if he had tried to shield them from the consequences of their impromptu choices. He made the right call, I think the fired staffers probably understood that also - it's called falling on your sword.
R B Garr
(16,995 posts)(supposedly) didn't do? Are you sure? I thought Bernie was for the little guy.
Tom Rinaldo
(22,917 posts)I said they probably understood why they were fired, not that they appreciated being fired. And I said that they were understandably fired for what they did do, even if their intent wasn't malicious.
R B Garr
(16,995 posts)valor and sacrifice for their cause type of verbiage, taking the focus off being wrongfully fired. That didn't seem plausible. Thanks for the further explanation of your point.
Tom Rinaldo
(22,917 posts)R B Garr
(16,995 posts)even for a Bernie devotee.
Tom Rinaldo
(22,917 posts)I don't want to go back and relitigate the original incident. I don't think that it is important that we have to find total agreement on it. The employees I believe offered explanations for their actions. Even if one accepted those at face value, however, they made a poor decision that required their removal from the campaign. I'm sure they understood that, if they wanted Bernie to succeed.
Did you intend your comment to sound like a slur against me, even from a Bernie detractor?
R B Garr
(16,995 posts)which looks like a slur there.
Tom Rinaldo
(22,917 posts)First, the question I asked was honest - "did you intentionally mean to slur me?" I allowed for the possibility of a misunderstanding. You wrote: "Yeah, making it an act of valor or honor to get fired seems like a stretch, even for a Bernie devotee". One interpretation of that could be seen as "Crazy as Bernie devotees such as you often are, I was surprised at reading a position that seemed that extreme." I also wasn't sure if you were grouping Bernie supporters as devotees.
On reflection, reading your reply, I believe your point was simply that you had a hard time believing that even the most crazed backer of Sanders would equate their firing with valor. I apologize for my misreading. Honest I intentionally chose "detractor" as the mildest contrasting term I could think of - in the context of my question. I gladly retract that.
Thanks again for calmly seeking a clarification.
R B Garr
(16,995 posts)Actually, I was thinking about the fired staffers when I said Bernie devotee, but I see how you took it. I also didn't think that calling someone a "devotee" was a slur. "Fan" sounds like it could be taken that way, maybe, because it's more superficial -- I guess; whereas, "Bernie detractor" sounded like an invitation to alert on my posts, lol. Words, words, words!
pnwmom
(109,011 posts)decided to go exploring in Hillary's data, and save some of her data to their files.
Like if we saw a neighbor's door open, we don't take the opportunity to look around inside and open their desk drawers to see what's there.
pnwmom
(109,011 posts)R B Garr
(16,995 posts)revmclaren
(2,534 posts)If someone breaks into your home and then leaves your door open when they leave, it is still stealing if someone else comes in and takes stuff.
fleabiscuit
(4,542 posts)George II
(67,782 posts)R B Garr
(16,995 posts)Chevy
(1,063 posts)NCTraveler
(30,481 posts)That isn't far out there considering the timing. Gucifer has even mentioned that Uretskys actions were clearly intentional.
R B Garr
(16,995 posts)cause and explanation to a lot of what transpired. It makes a lot of sense, especially in the bigger picture.
Thanks for that great link!
murielm99
(30,777 posts)That looks even stranger than firing people.
R B Garr
(16,995 posts)Why blame the DNC for this instead of calling out the Russian hacking...?
Bradical79
(4,490 posts)Rather than just take the L and embarrassment, the campaign decided to go on the offensive distracting from the original crime. It was a useful tool in pushing the narritive of Bernie being an outsider vs. a colluding Clinton and the DNC.
Remember that the DNC had at first, understandably after that event, denied the Sanders campaign access to the DNC databases. With the DNC-Clinton collusion rhetoric heating up, this lawsuit was a vehicle to suggest the DNC was playing favorites.
karynnj
(59,507 posts)What he was reacting to was that the honest thing to do if you found the wall down was to immediately notify both the DNC and Bernie's campaign manager AND to not look at anything .
Yes, I realize that would take a lot of will power. It is similar to finding a store that was unlocked. Would you be arrested if you went in and took stuff?
Bradical79
(4,490 posts)They still stole data from someone else's servers.
Also, even if the Russians had done what's claimed here, I don't see how Bernie would know that. That would have looked worse too. As is he was able to do the right thing in firing them, and also somehow turn the scandal to make the Clinton campaign and DNC look like the bad guys to a lot of people. It was kind of crazy.
Gothmog
(145,667 posts)Tom Rinaldo
(22,917 posts)I have been thinking about this also, but had not thought of a constructive way to raise the issue that didn't risk sounding like sour grapes and refighting the primaries. We all were being played, why wouldn't we be? The Russians were on a lot of fishing trips, if they could get us to blame each other over them, all the better.
pnwmom
(109,011 posts)I'm glad that you understood I was trying to speak "constructively" here, and to put the focus on the Russian meddling, rather than the all-too-human response to it.
NurseJackie
(42,862 posts)sheshe2
(83,967 posts)yallerdawg
(16,104 posts)One had pledged not to peek into other campaign's proprietary data - which I assume would include NOT downloading it - while the other made no such pledge.
A lot of really weird stuff going on, for sure.
Response to pnwmom (Original post)
Post removed
pnwmom
(109,011 posts)investigated the situation and determined that the Clinton people did not do the same thing.
NCTraveler
(30,481 posts)Did he stumble upon the vulnerability or was he directed?
"You may remember Josh Uretsky, the national data director for Sanders presidential campaign. He was fired in December, 2015 after improperly accessing proprietary data in the DNC system. As it was agreed, he was intentionally searching for voter information belonging to other campaigns."
https://www.google.com/amp/s/www.forbes.com/sites/thomasbrewster/2016/09/13/hacker-guccifer-2-0-dnc-hacker-london-slags-tech-companies/amp/
pnwmom
(109,011 posts)run its course, we're likely to find out, one way or another.
stonecutter357
(12,698 posts)NastyRiffraff
(12,448 posts)Thanks for posting this update, pnwmom
left-of-center2012
(34,195 posts)Let's come together and beat the GOP.
The republicans are the enemy.
Got it?
Good.
Thank you.
Thank you very much.
bettyellen
(47,209 posts)NurseJackie
(42,862 posts)bettyellen
(47,209 posts)But they had already swallowed the HRC is evil look aide and felt that any means necessary was okay. It kind of blew my mind because I thought they were all about integrity. Nope. It was about beating her.
Hekate
(90,867 posts)...and for many years before that on liberal social justice causes -- we didn't get together that often any more, maybe once a month or so, but we had lunch just a few weeks before the election, and I was utterly appalled at the shit she was saying about Hillary.
And I have not reached out to her in all the months since then.
lunamagica
(9,967 posts)Baitball Blogger
(46,769 posts)Steven Maurer
(476 posts)And their techs screwed up. The contractor admitted it.
They did this multiple times as well. Only once was it "taken advantage of". And even that wasn't much.
Let's please not devolve into conspiracy theories around here, okay?
yallerdawg
(16,104 posts)pnwmom
(109,011 posts)and poked around in it -- for months. The contractor screwed up no matter what -- even if the only mistake was in writing code that Guccifer could hack.
This isn't a conspiracy theory.
Steven Maurer
(476 posts)Further, Guccifer 1.0 is a well known liar. He bragged about hacking a lot of things that he didn't, including Hillary's email server.
While "Guccifer 2.0" which did the email hack on the DNC, courtesy of their idiot IT, was likely Russian in origin.
The NGP VAN "hack" was never external. It was just temporarily dropping firewalls between registered users internal to the system.
pnwmom
(109,011 posts)Steven Maurer
(476 posts)Don't start saying a bus went off its rails. Or saying that because some kids managed to hijack and joyride a bus, that that had anything to do with a commuter train.
pnwmom
(109,011 posts)were in there for months, probing for weaknesses.
Steven Maurer
(476 posts)Hacking email is inherently insecure and exponentially easier to get hold of than hacking a back end logistics database. All that the former requires is someone using the system who is naive concerning clicking on links, and you can easily get all their email. The latter requires breaking the fundamental security of the system, which is extremely hard to do under normal circumstances.
And systems are constantly being "probed for weaknesses". That's what threat actors do. They typically don't get very far.
Bradical79
(4,490 posts)I'd forgotten the explanation. It's open and shut, no need to get into anti-Sanders campaign creative speculation.
TheBlackAdder
(28,230 posts).
A firewall is not meant to be the sole protector of data.
You have userids, session and state tokens that ensure no one injects themselves, group and owner priviledges, database records are row and record locked, requiring user authentication, and the data center is set up with at least 3 tiers. All of these STANDARD practices were violated by the Data Center contracting firm. When firewalls go down, you deny traffic, you don't open your network up. There were no intrusion detections either.
No one sees other people's data just because a firewall, or any other component goes down.
Can you imagine a bank or credit card company doing this. They would be out of business in days.
.
pnwmom
(109,011 posts)and would have been able to take advantage of them.
They did have some sort of intrusion detection, which is why they were able to notify Debbie Wasserman Schultz that the Bernie people had gotten in.
TheBlackAdder
(28,230 posts).
There is not one data center in the world that would do what is claimed, without immediately losing its government and corporate contracts and indemnification insurance.
I've been in IT for almost 30 years, with variations from consulting, insurance, retail, and global banking.
The stuff that was claimed would not have even occurred 20 years ago, or even 10 years ago, let alone today.
The loss of a firewall does not open up back-end data for other people to view, it just allows access to certain systems to others systems. It is the first in the narrowing funnel of security steps that is used. The intrusion would have been detected immediately, not during a post-mortem process, or after the fact. And, the intrusion would have been instantly quelled. They had some process that ran after-the-fact, which does very little to alert people.
.
stevenleser
(32,886 posts)A firewall, as I am sure you know since you seem to have some IT knowledge, controls and filters access to a network by certain protocols, ports and hosts.
What was brought down in the case of the data on the DNC systems was database level security, not a firewall. All of the candidates had access to the network and to the database but not all of the data in the database, per the security rules.
Whatever happened brought down the database level security such that all candidates staff could see all data in the database, not just their own data.
TheBlackAdder
(28,230 posts).
Even if DB security were to fail, most every shop has a default of NO ACCESS, they don't open the shop up.
.
stevenleser
(32,886 posts)All you have to do is think this through.
All the folks involved had a right to access the site and to the database. We're not talking about a firewall issue.
TheBlackAdder
(28,230 posts).
I have thought this through, and until there is one technical article that describes what exactly happened, where it lays the fault on a database security issue, anything else is a subjective story to justify something that is not described anywhere. Nothing in Computerworld, Networkworld or any other technical publishing house supports your premise.
.
stevenleser
(32,886 posts)it's very obvious given the facts in play.
TheBlackAdder
(28,230 posts).
When reflecting, it's been more than 30 years, since 1984, taking a year off during my fathers illness and death.
.
stevenleser
(32,886 posts)TheBlackAdder
(28,230 posts).
Who knows how inept this contracting firm is, and whether they followed any best practice procedures.
They failed securing their database, their network, structuring their ESM, and had a seemingly hokey application design.
I have not read a database issue, as you seem to be the only one floating that hypothesis.
.
stevenleser
(32,886 posts)database.
It's not a hypothesis, it's fact.
Firewall: http://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
Firewalls have been a first line of defense in network security for over 25 years. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet.
-----------------------------------------------------------
The campaigns all had access to the DNC database, that's the point. If they had access to the database, they had access to the network. Ergo, this is not a firewall issue. The difference is, they had access to different data in the database. The controls between who had access to what data is what went away.
To anyone with even a modicum of IT knowledge this is as straightforward an issue as it gets.