Wholly Shita, is right Bluto! (with belated RIP to Flounder, who sadly passed away yesterday)
Reddit and twitter is on Fire about the RNC Data Breach that happened last week. From Upguard website:
In what is the largest known data exposure of its kind, UpGuard’s Cyber Risk Team can now confirm that a misconfigured database containing the sensitive personal details of over 198 million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC) in their efforts to elect Donald Trump. The data, which was stored in a publicly accessible cloud server owned by Republican data firm Deep Root Analytics, included 1.1 terabytes of entirely unsecured personal information compiled by DRA and at least two other Republican contractors, TargetPoint Consulting, Inc. and Data Trust. In total, the personal information of potentially near all of America’s 200 million registered voters was exposed, including names, dates of birth, home addresses, phone numbers, and voter registration details, as well as data described as “modeled” voter ethnicities and religions.
In the early evening of June 12th, UpGuard Cyber Risk Analyst Chris Vickery discovered an open cloud repository while searching for misconfigured data sources on behalf of the Cyber Risk Team, a research unit of UpGuard devoted to finding, securing, and raising public awareness of such exposures. The data repository, an Amazon Web Services S3 bucket, lacked any protection against access. As such, anyone with an internet connection could have accessed the Republican data operation used to power Donald Trump’s presidential victory, simply by navigating to a six-character Amazon subdomain: “dra-dw”.
voters-diagram.pngUpon inspection of the contents, “dra-dw” is shown to stand for “Deep Root Analytics Data Warehouse.” The concept of a “data warehouse” is common in modern business— essentially, it is a massive collection of data prepared specifically for complex analysis. Deep Root Analytics confirmed they owned and operated the dra-dw bucket, which was subsequently secured against public access the night of June 14th, shortly after Vickery notified federal authorities.
In total, 1.1 terabytes of data in the warehouse—an amount roughly equivalent to 500 hours worth of video—was fully downloadable. Among these files were clear indications of the repository’s political importance, with file directories named for a number of high-powered and influential Republican political organizations. As such, the exposed Deep Root Analytics warehouse contained a remarkable amount of fully accessible data.
Yet this was not all. An additional 24 terabytes of data was stored in the warehouse, but had been configured to prevent public access. Ultimately, the amount of data stored in the misconfigured database was equivalent in size to about 10 billion pages of text.
Less clear was the significance of intriguing but inaccessible files, such as one titled “for_strategy_xroads_updated_FINAL” – which may refer in some capacity to American Crossroads, the Super PAC co-founded by former George W. Bush adviser Karl Rove that was very active in 2016 electoral financing. Also found was a large cache of Reddit posts.
About Data Analytics & its Operations (again from Upguard)
Deep Root Analytics,[DRA] the Republican data firm which created and maintained the exposed data warehouse, was co-founded in 2013 by Alex Lundry, a Republican campaign data scientist who had served as data director in Mitt Romney’s unsuccessful 2012 presidential campaign. The company bills itself as “the most experienced group of targeters in Republican politics,” offering media analytics services to corporations, lobbying groups, and GOP political campaigns seeking to reach specific target demographics. Deep Root claims to be able to more effectively reach these desired demographics by “microtargeting” using big data analytics, allowing clients to make better-informed decisions when purchasing advertising.
What Does Data Trust Have to Do with DRA?
It was a pedigree that would earn Lundry a position as “Chief Analytics Officer” with the 2016 Republican presidential campaign of former Florida Governor Jeb Bush. While Bush would fail to win the nomination even after assembling a well-credentialed data team, Trump would have the inverse problem, winning the nomination without having created a robust data operation within his campaign. Following the formal conclusion of GOP primary season in July 2016 with Trump’s nomination, the RNC would move quickly in coordinating their data team’s efforts with those of the Trump campaign in the upcoming general election fight against Hillary Clinton.
In order to win the election, the RNC would need to draw heavily upon the resources of several private firms specializing in data analytics. Among these private consultancies was Data Trust, a Washington-based firm that claims to “continually develop a Republican and conservative data ecosystem through voter file collection, development, and enhancement.”
Data Trust, “the GOP’s exclusive data provider,” was created by the RNC in 2011, per National Review, “to shoulder the cost of building and managing the GOP’s voter file”—its repository of detailed voter information crucial to any successful electoral advertising and get-out-the-vote efforts. As reported by Slate, Data Trust operates as a private-sector satellite of the RNC—“a hybrid, a private company that party bosses built but can’t formally run.”
What’s in that Data Trust file?
Within the Deep Root Analytics database, the folder “data_trust” appears to contain nothing less than the full fruits of this RNC/Data Trust effort to house as comprehensive and detailed a repository of potential 2016 voter information.
Within “data_trust” are two massive stores of personal information collectively representing up to 198 million potential voters. Consisting primarily of two file repositories, a 256 GB folder for the 2008 presidential election and a 233 GB folder for 2012, each containing fifty-one files – one for every state, as well as the District of Columbia.
Starting with the potential voter’s first and last names—limiting even the barest possibility of the data sets masking the identities of those described—the files go onto list a a great deal more data, including the voter’s date of birth, home and mailing addresses, phone number, registered party, self-reported racial demographic, voter registration status, and even whether they are on the federal “Do Not Call” list. Also included as data fields are the “modeled ethnicity” and “modeled religion” of the potential voter—particularly sensitive personal details that have historically been a source of controversy for data collection.
While not every field is populated for each individual, if the answer is known, it appears to have been included. A smaller folder for the 2016 election was also included in the database, but unlike the 2008 and 2012 folders, only included .csv files for Ohio and Florida – arguably the two most crucial battleground states. The entire “data_trust” folder, it bears repeating, was entirely downloadable by any individual accessing the URL of the database.
You can read the rest here.
Man, that makes Podesta’s e-mails look like chump change. But worse, this is part of the “Shock Doctrine” that Naomi Klein has been railing about, especially in her new book, NO is not Enough: Resisting Trump’s Shock Politics and Winning the World We Need. This undermines our democracy.
Gizmodo has a few more details:
Deep Root Analytics, a conservative data firm that identifies audiences for political ads, confirmed ownership of the data to Gizmodo on Friday.
UpGuard cyber risk analyst Chris Vickery discovered Deep Root’s data online last week. More than a terabyte was stored on the cloud server without the protection of a password and could be accessed by anyone who found the URL. Many of the files did not originate at Deep Root, but are instead the aggregate of outside data firms and Republican super PACs, shedding light onto the increasingly advanced data ecosystem that helped propel President Donald Trump’s slim margins in key swing states.
Although files possessed by Deep Root would be typical in any campaign, Republican or Democratic, experts say its exposure in a single open database raises significant privacy concerns. “This is valuable for people who have nefarious purposes,” Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology, said of the data.
and the crumbs begin to add up..
The Koch brothers’ political group Americans for Prosperity, which had a data-swapping agreement with Data Trust during the 2016 election cycle, contributed heavily to the exposed files, as did the market research firm TargetPoint, whose co-founder previously served as director of Mitt Romney’s strategy team. (The Koch brothers also subsidized a data company known as i360, which began exchanging voter files with Data Trust in 2014.) Furthermore, the files provided by Rove’s American Crossroads contain strategic voter data used to target, among others, disaffected Democrats and undecideds in Nevada, New Hampshire, Ohio, and other key battleground states.
Deep Root further obtained hundreds of files (at least) from The Kantar Group, a leading media and market research company with offices in New York, Beijing, Moscow, and more than a hundred other cities on six continents. Each file offers rich details about political ads—estimated cost, audience demographics, reach, and more—by and about figures and groups spanning the political spectrum. There are files on the Democratic Senatorial Campaign Committee, Planned Parenthood, and the American Civil Liberties Union, as well as files on every 2016 presidential candidate, Republicans included.
In other news, Bernie just finished a livestream on FB with Elizabeth Warren answering questions about the mysterious Senate Healthcare bill. In that conversation, just Warren said she was single payer, but right now they have to defend ACA right now. Elizabeth points out MA was the first example of bi-partisan legislation, but the R’s in Congress walked away when it was discussed in 2009, and of course, not one R voted for it. Warren also called on the Federal Reserve to remove all Wells Fargo executives on the Governor’s Board.
This is sad news:
— POLITICO (@politico) June 19, 2017
About that mysterious recent purge of long-time TOP bloggers, here’s the short scoop.
This serves as an open thread too as the other post has nearly 100 replies!