This wasn’t the diary I was going to write this morning. But after seeing the headline on CNN, and two diaries which makes this out to be Clinton’s fault..I decided to shift focus for a few hours.
For the record, I am a Sr. System Engineer for the IT wing of a global corporate real estate company. My focus is data protection, legal retention, and data storage.
Here is the headline:
Bernie Sanders campaign accesses Hillary Clinton data, gets suspended from DNC voter files www.cnn.com/…
Wow , that is some bad press to be on CNN, Politico, etc. So I looked at the story on a few sites and here is my take. Someone in Sanders campaign screwed up.
In many IT systems, like with ours, there are systems and networks technically accessible by anyone on the network. Users know they are not allowed to access HR, financial, and PeopleSoft systems. However, users are human and therefore we have firewalls in place and restrictive logins in place to prevent those without permission from accessing those files.
This is not a case where Hillary’s modeling data just happened to pop up on the screen for a Sanders campaign staffer. He didn’t turn on his computer one morning, and it was on the screen. Someone knew there was patching, and during that period of patching accessed data they did not have permission to access.
The New York Times said the staffer was the campaign data director. Searches were run from four user accounts while data from Clinton's campaign was exposed, the Times said. But it's difficult to say what that means, since one person could have had more than one user account.
www.cnn.com/...
This was intentional.
The DNC database keeps the information gathered by different campaigns separated by a firewall.
But the data systems vendor that runs the program dropped the firewall for a brief period Wednesday, during which time the data was accessed.
For all the talk that it is a setup, or that Bernie’s campaign reported the firewall hole numerous times I ask this question, ”If Bernie’s campaign KNEW that the data was accessible without the firewall, and it KNEW that it did not have permission to access it, then why did it do it anyways?”
For those excusing the bad behavior of the IT staffer who was fired, you should be ashamed of yourselves. If a bank replaces the the door on a vault, and someone takes that time while it is open to steal money, you don’t say the bank “set up” the robber. Wrong is wrong. Even more wrong by the fact the there are those saying that the staff KNEW this was a problem, and DID IT ANYWAYS.
With that being said, the Sanders entire campaign should not be punished for this so close to Iowa. When one user does something wrong, we do not fire or suspend the entire department. We do reviews, verify what was accessed, and how. In this case, the review should be quick, and Sanders should personally verify that all data downloaded from Hillary’s campaign has been deleted from his campaigns servers. Once that is done, full access should be restored as soon as possible.
Friday, Dec 18, 2015 · 5:56:31 PM +00:00
·
sholmberg
Update from Jasmine84 in the comments:
Well.
Sanders camp initially said this was 1 low-level staffer, but accts belonging to natl data dir & deputy involved bloom.bg/...
Sanders campaign saved Clinton lists including "HFA Support" & "HFA Turnout" in various age ranges for key states bloom.bg/...
NEW a few mins ago: Sanders campaign SAVED Clinton data and was creating addl accts/sharing access during breach bloom.bg/...
Friday, Dec 18, 2015 · 6:12:33 PM +00:00
·
sholmberg
Sanders’s campaign has sought to downplay the severity of the incident, initially saying that only a single “low-level” staffer accessed the Clinton data and that none of it was saved. But the audit of the database's logs created by the vendor that manages the data, NGP VAN, show that four accounts associated with the Sanders team took advantage of the Wednesday morning breach. Staffers conducted searches that would be especially advantageous to the campaign, including lists of its likeliest supporters in 10 early voting states, including Iowa and New Hampshire.
After one Sanders account gained access to the Clinton data, the audits show, that user began sharing permissions with other Sanders users. The staffers who secured access to the Clinton data included national data director Josh Uretsky, who was fired on Thursday, and his deputy, Russell Drapkin. The two other usernames that viewed Clinton information were “talani" and "csmith_bernie."
Though the Sanders campaign initially claimed that it had not saved Clinton data, the logs show that the Vermont senator’s team created at least 24 lists during the 40-minute breach, which started at 10:40 a.m., and saved those list to their personal folders.
www.bloomberg.com/...