Jarqui
Jarqui's Journal
You do realize, from that article that this part is BS
http://www.politico.com/story/2015/12/sanders-campaign-threatens-to-sue-dnc-216942#ixzz3vFGuPZZYAs part of the agreement, the Sanders campaign agreed to an audit of its data, which will be carried out by corporate investigation firm Kroll, according to a Democrat familiar with the outcome. The Democrat also told POLITICO that the Sanders campaign had agreed to sign an affidavit attesting to the actions of its staffers during the data breach.
Clinton campaign press secretary Brian Fallon said in a statement early Saturday, "We are pleased that the Sanders campaign has agreed to submit to an independent audit to determine the full extent of the intrusion its staff carried out earlier this week, and also to ensure that Sanders' voter file no longer contains any of the proprietary data that was taken from us. We believe this audit should proceed immediately, and, pending its findings, we expect further disciplinary action to be taken as appropriate."
The DNC software company already answered the issue of "Sanders' voter file no longer contains any of the proprietary data that was taken from us" - that they didn't export any lists. They ran and exported one summary report that did not seem to alarm the software provider. So that was not a gigantic issue very early on in this because the software vendor had the user activity logs that back him up on his claim. So that was not a big show stopper within a few minutes of the breach because they had the logs which leaves the agreement to audit as the second thing that the DNC and Clinton campaign allege helped to overcome this ...
They and Clinton Campaign Co-Chair Debbie Wasserman-Schultz (before the debate) both tried to float the BS that they had arm wrestled the Sanders campaign to agree to an audit and that helped break the impasse for the Sanders campaign to get access to their data back.
There was just one very big problem with that
The previous day, the Sanders campaign called for an audit
"What is required here is a full and independent audit of the DNC’s handling of this data and its security from the beginning of this campaign to the present, including the incident in October that we alerted them to."
https://berniesanders.com/press-release/statement-jeff-weaver/
That statement was made while they were still locked out of their system - 12 hours or more before they reached a deal with the DNC .
The reality is the Sanders lawsuit
https://berniesanders.com/wp-content/uploads/2015/12/Bernie2016vDNCComplaint.pdf
exposed the DNC had blatantly breached their contract with Sanders. Sanders had 10 days to cure any default. But the DNC wouldn't man up to the notion they were wrong so they spun this BS about agreeing to the audit. The DNC were the ones not budging on restoring access until the lawsuit and hundreds of thousands petitioned them.
After their service was restored
https://berniesanders.com/press-release/dnc-to-restore-sanders-campaigns-access-to-voter-files/
“We are extremely pleased that the DNC has reversed its outrageous decision to take Sen. Sanders’ data. The information we provided tonight is essentially the same information we already sent them by email on Thursday,” said Jeff Weaver, Sanders’ campaign manager.
“Clearly, they were very concerned about their prospects in court. Now what we need to restore confidence in the DNC’s ability to secure data is an independent audit that encompasses the DNC’s record this entire campaign. Transparency at the DNC is essential. We trust they have nothing to hide,” Weaver added.
I note that the Sanders campaign have not dropped the lawsuit until they get all the breaches audited.
Bernie wasn't around and hadn't heard about it before Josh was fired
http://www.philly.com/philly/news/politics/20151220_Philadelphian_Uretsky_at_center_of_Dems__data_breach.htmlTad Devine, senior adviser to the Sanders campaign, dismissed any notion that data had been tampered with or that the campaign had set out to exploit the accident.
Devine said Uretsky had mishandled things by not immediately reporting to top staffers that a system problem had caused Clinton voter information to appear in Sanders' computers Thursday. That's why he was fired that day, before it became public, he said.
From the lack of activity on a log that can add users (like a IT Data Manager would have privileges for), it looks like he was distracted between 11 and 17 minutes after it started - that's when he probably was beginning to report the issue to his bosses at the Sanders campaign on the phone. You don't bug your superior immediately with nonsense. You verify what you're going to tell him to some extent before you embarrass him with others by passing along bad info.
They were not caught with their hands in the cookie jar. Josh had used this system since 2007. He knew all about the activity logs and said as much. It's not like it's a big corporate secret either:
https://www.ngpvan.com/content/privacy-policy
NGP VAN logs IP addresses of users for internal purposes only. We use IP addresses for diagnostic purposes when an error or bug is reported; that way we can track the exact steps a user took that produced the error.
He knew there would be a log of what they did.
He didn't hide what he was doing from the employees he asked to help him or his superiors he had already phoned.
And he didn't export any of those lists.
To me, he was fired more for PR purposes than anything else. The DNC and Clinton were going to the media and they had to put a head on a platter for the public's perception of it. The public (as Clinton said were not that interested in this) were not going to take the time to understand this. Ditto for the two staff suspensions - optics. None of them were stealing Clinton's data.
As I've mentioned before, if you really wanted that data, you could go under the hood and hack it. Given the number of the securitiy breaches, I doubt it would be that hard. It wouldn't shock me if the GOP hasn't found someone to do that already in light of all these breaches.
Not necessarily - or at all
A list is a bunch of items IDs. It has no other data. So in order to identify what the list is of, you usually/nearly always document how you got the list in the list name or by who the list is going to (sometimes, you can add a description of what the list is). A list of debtors to call might be named after the collector's ID - that may be in the collector field in the debtor file. A list of subscribers among many magazines might be named for the particular magazine and date of issue they're going to receive during that publishing period. Etc.
So the way to distinguish a list in that voter file system would often just reflect how that list of voters was selected - in this case with some part of the Clinton field name used for the selection and some cutoff value that the selection used. ie HFASupport<30
Otherwise, you risk getting a bunch of voters IDs with list names that you can't remember how you got them. To prove access to Clinton data, he can say "look in 'data team' (directory) for 'HFAsupport<30' (field & criteria)- that proves I got access to Clinton's data field 'support' and was able to select voters with support value less than 30".
If the values in that Support field were 5, 10, 15, 20, ... 85, 90, 95, etc (increments of five), the list wouldn't tell you if the voter you selected had a field value of 5 or 20. You don't get that value. You just get a yes or no answer to the question "Support < 30?"
Nation Builder is VGN VAN for non Democratic party users
http://nationbuilder.com/fields_available_for_import
It NGP VAN supports SQL
http://plus.ngpvan.com/jobs/sql-developer
So if you want a procedure to steal Clinton's data during a breach:
1. Login to a state (IA, NH, early primary states first)
2. Run SQL statement (that NGP VAN supports)
SELECT VOTERFILE
WHERE HFA_PRIMARY_PRIORITY NOT NULL OR WHERE HFA_SUPPORT NOT NULL OR WHERE HFA_TURNOUT NOT NULL (etc)
COLUMN VOTERID HFA_PRIMARY_PRIORITY HFA_SUPPORT HFA_TURNOUT
SPOOL (to file on disk called) v:\Data TeamCLINTON_IOWA_VOTERS_DATA
3. Tell someone to export print file v:\Data TeamCLINTON_IOWA_VOTERS_DATA
(I presume this step for security reasons - that you cannot print directly to a local file on their network)
4. login to next state and do the same thing
Now that's how you'd steal their data if that was what you really wanted to do. One pass through the data to select it and another shorter pass within the same sentence through the selection to extract and output it to a file on disk. One statement per state. In the 47 minutes the breach was open, they probably could have done a bunch of the early primary states and maybe 47 or more states. 2-3 people running the SQL statements and 1-2 exporting.
You wouldn't wind up with unexported, incomplete lists with vague values that the activity logs show they did. You'd wind up with every byte of Clinton data in those fields for close to every state on your own computers - out of NGP VAN's view.
As Josh said, the logs would show you doing that and that is blatant theft. But I don't see his partial lists as a good way to go about getting this data.
SQL is not rocket science - it's pretty simple stuff. You don't screw around with partial select lists - that have no actual data values in them and take longer to generate a partial profile of the data in the field. One SQL sentence can get you every bit of data in the voter file in each state with fewer CPU requirements.
Josh had been working with this application (evolved from Obama) since 2007 and Josh has been in IT, starting as a C++ programmer for 20 for years. Generating a SQL report would be 1000 times easier for him than going to the bathroom at a debate.
"It's been established that his staffers accessed data improperly"
Should Sanders proceed with his lawsuit, I'm very, very confident that the Clinton campaign and DNC are going to have a heck of a time proving the data managers actions were "improper" in the sense that they were not someone trying to demonstrate the extent of a security breach. Obviously, one might argue that if he did anything it might be "improper" but I don't agree with that. The activity logs look like he was trying to prove a breach to me - multiple witnesses, multiple logins, multiple computers accessing it, multiple states, multiple Clinton fields - but only partially searched. And they didn't export those searches or the data behind them - they didn't "steal" that data - it resided on the VAN system.
What really was improper was the DNC not properly responding to the complaint of breaches before.
This time, the DNC cut off the campaign accessing the data, went to the media and called for an audit. In October, they did none of those things for at least two complaints of security breaches. The DNC are in a really bad position to try to explain or justify the differences in their behavior to a judge between recently and last October.
In case you didn't notice, it was the Sanders campaign who filed the lawsuit, willing to go before a judge with these allegations. At the outset, a key desire was Sanders campaign wanted access to their data. The DNC was defenseless with their inappropriate breach of their contract with the Sanders campaign. No contest. The DNC had to conduct themselves within the confines of their contract and they gave the Sanders campaign access to their data back. The DNC didn't have a legal leg to stand on and were over the top.
In case you didn't notice, the lawsuit is still in place - hasn't been dropped. The Sanders campaign suffered damages from the DNC's behavior. But even though the Sanders campaign got data access restored, they're not done. The Sanders campaign want an audit done for breaches since they started using the system - because they're "very confident" their data was compromised. So confident, they're willing to go before a judge.
This was posted by the DNC software vendor
http://blog.ngpvan.com/data-security-and-privacy
there has been independent confirmation that NGP VAN has not received previous notice of a data breach regarding NGP VAN. Josh Uretsky, the former National Data Director for the Sanders campaign confirmed on MSNBC (at 5:47), and also on CNN, regarding the previous incident: “it wasn’t actually within the VAN VoteBuilder system, it was another system.”
....
For clarification, NGP VAN played no part in the October data issue that has been mentioned.
So NGP VAN is not dismissing the October breach outright - just that they were not involved.
At least four people from the Sanders campaign have made the claim. The Sanders campaign manager said:
"Two months ago, ?shortly? after our digital vendor, who conducts modeling for our campaign, told us that there was a failure in the firewall that prevents campaigns from seeing one another's data, we contacted the DNC and told them about this failure. We were very concerned that our data had been compromised and we were assured at that time that the firewall between the campaigns data would be restored. We're actually very confident that some of our data was lost to one of the other campaigns."
So outside of four staff, the Sanders campaign actually have a digital vendor for modeling software who witnessed the breaches in October. Whoops!! The Sanders campaign probably also has emails on the October breaches too. I don't think the Sanders campaign are going to have a lot of trouble establishing a data security issue happened in October.
The naming convention proves absoluutely nothing
There are all kinds of reasons he might have had for calling the lists or directory whatever.
I did a string search for "voter file" and I'm not sure what you're referring to with this "You have yet to address my comments on the voter file searches." What was I supposed to address?
I have addressed the lists and what they were doing in numerous posts around here before.
"The only people who accessed data improperly were Bernie staffers."
No that hasn't been established yet.
1. The Sanders campaign maintains they're "very confident" their data was compromised during breaches in October and they have asked repeatedly for an audit to determine that. Until an independent audit by qualified people takes place, your assertion has absolutely no sound foundation whatsoever.
2. Secondly, an audit has not taken place on the most recent incident. The data manager maintains he was checking the extent of the breach and the activity logs (that the Sanders campaign didn't have when they fired him) seem to back him up on that. From the logs, Clinton data was accessed and lists were generated from it but none of those lists were exported or used to take or analyse Clinton's data. No one has proven that the Sanders Data manager was lying - particularly when the activity logs seem to back him up.
3. A lot of folks have come down on the data manager for doing what he did. I'm not one of them. This had happened at least twice before according to several people at the Sanders campaign. Unlike the last two times, this time, the data manager got evidence and witnesses. If he did what he did the previous two times, Sanders data would be exposed to more breaches like the one they just experienced after at least two breaches before - when they feel someone compromised their data. The data manager's actions proved a problem in data security existed and Bernie is in a pretty good legal position with that evidence to force the DNC to audit those breaches of last October when the Sanders campaign feels "very confident" that their data was compromised. Without that evidence and witnesses the data manager got, without that data mangers actions, the Sanders campaign would have little recourse for those earlier breaches and be in the same boat going forward.
The DNC and Clinton campaign opened up Pandora's box shooting from the hip. They do not seem too comfortable letting anyone look inside at last October. Why is that? Why should they fear anyone looking for prior data breaches and what happened if they did nothing wrong? An audit might clear them of suspicion ... or prove something they don't want people to know.
What a disgrace
Kroll, Our history
http://www.kroll.com/en-us/who-we-are/history
Kroll is currently owned by Corporate Risk Holdings, LLC, which is also the parent company of two separately-managed information service businesses: HireRight and Kroll Ontrack. The majority shareholders of Corporate Risk Holdings are certain investment funds, including funds managed by Third Avenue Management LLC, Litespeed Management LLC and Mudrick Capital Management LP.
Mark Williams, President & CEO of the related Kroll Ontrack is a 2016 Clinton campaign donor.
Michael Cabonargi, Associate Managing Director of Kroll is a 2016 Clinton campaign donor.
William C. Nugent, Regional Managing Director of Kroll was a 2008 Clinton donor
Third Avenue Management Holdings LLC donated to Hillary's 2008 campaign
http://docquery.fec.gov/pres/2008/M2/C00431569/A_EMPLOYER_C00431569.html
These may well be various employees from the same company
THIRD AVE MANAGEMENT 6,900.00
THIRD AVE MANAGEMENT LLC 2,300.00
THIRD AVENUE 2,300.00
THIRD AVENUE HOLDINGS LLC 2,300.00
THIRD AVENUE MANAGEMENT 4,600.00
THIRD AVENUE MANAGEMENT LLC 2,300.00
THIRD AVENUE MGMNT 2,300.00
THIRD AVENUE MGMNT LLC 2,300.00
Martin J. Whitman, CFA, Chairman and Portfolio Manager of Third Avenue Management LLC
http://thirdave.com/who-we-are/people/investment-team-2/
appears to have been donating to Hillary since 2000
Third Avenue Management may have been a lobbyist in 2006
THIRD AVENUE MANAGEMENT PRIVATE FOUNDATION (Third Ave Mgmt LLC is the contributor to this)
https://www.citizenaudit.org/261865570/
509(a)(1) Purpose of grantlcontribution General 8. Unrestricted -E .4 W I.
Name WILLIAM J CLINTON FOUNDATION
Street 610 PRESIDENT CLINTON AVE, 2ND FL City State Zip Code
LITTLE ROCK AR
- another Clinton Foundation Donor that is missed on the Clinton Foundation donor list
http://omegaworldnews.com/?p=16874
Jason Mudrick is a hedge fund manager and the founder and current President and Chief Investment Officer of Mudrick Capital Management. who gave Clinton $2,700 in 2008 and 2016. And he managed to scrape up $50,000-$100,000 for the poor, cash starved Clinton Foundation.
http://omegaworldnews.com/?p=16874
That looks a little fishy for an impartial auditor, doesn't it?
EDIT: (I didn't see any of them donating to Sanders - could have missed one ..)
Everyone knows exactly what she was talking about and many know she's right.
I tried to research it a little a couple of days ago. Didn't have time yet to document it. I got on al jazeera middle east english site when this dispute popped up.
http://www.aljazeera.com/topics/regions/middleeast.html
The story about Trump banning Muslims was more prominent than it is now
http://video.aljazeera.com/searchresults?keyword=Donald+Trump
you can see some of what they had at that link
Not quite an ISIS propaganda recruitment video but it can't be helping the US fight against terrorism to have that ignorant pig of a racist spewing his hate speech to Muslims in the Middle East.
Profile Information
Member since: Sun Aug 23, 2015, 03:58 PMNumber of posts: 10,123
