Bernie Sanders
Related: About this forumJosh Uretsky: 5 Fast Facts You Need to Know
http://heavy.com/news/2015/12/josh-uretsky-bernie-sanders-campaign-national-data-director-fired-photos-bio-age-who-improperly-accessed-clinton-data-democratic-dnc-system-access/The national data director for Vermont Senator Bernie Sanders presidential campaign has been fired after improperly accessing proprietary data from the Hillary Clinton campaign in a Democratic National Committee system, the New York Times reports. The staffer was identified as Josh Uretsky by Bloomberg Politics. The information that was improperly accessed included confidential voter information added to a Democratic party database by Clintons campaign, according to the Washington Post, which first reported the breach.
Heres what you need to know about Uretsky and the allegations against the Sanders campaign:
1. The DNC Has Temporarily Blocked the Sanders Campaign From Viewing Any Voter Data
(since lifted under pending lawsuit threat)
...The DNC is in charge of maintaing a master voter list, which it rents to national and state campaigns. They can then add their own proprietary information obtained by field workers and volunteers, according to the Post.
Firewalls are supposed to prevent campaigns from viewing data gathered by their rivals, the Post writes.
The New York Times reports that the database includes information from voters nationwide and is used by campaigns to set strategy.
2. The Sanders Campaign & the DNC Blamed a Software Vendor for a Glitch That Allowed Access to the Data
The Sanders campaign said in a statement that the firewall was down because of a glitch in the system, which is run by a vendor for the DNC, NGP VAN. Campaign spokesman Michael Briggs said:
Unfortunately, yesterday, the vendor once again dropped the firewall between the campaigns for some data,After discussion with the DNC, it became clear that one of our staffers accessed some modeling data from another campaign. That behavior is unacceptable and that staffer was immediately fired.
The DNC places a high priority on maintaining the security of our system and protecting the data on it, said its communications director, Luis Miranda, in a statement. We are working with our campaigns and the vendor to have full clarity on the extent of the breach, ensure that this isolated incident does not happen again, and to enable our campaigns to continue engaging voters on the issues that matter most to them and their families.
3. Uretsky Was Hired By the Sanders Campaign in September
Uretsky, 39, was hired by the Sanders campaign in September, according to his LinkedIn profile. He writes that his role is to provide support administer VAN for campaign teams, and to provide data driven insight and strategy. While Uretsky was the only staffer fired, (two more have since been "suspended" the New York Times reports that four user accounts from the Sanders campaign ran searches in the system while the firewall blocking access to Clintons data was down.
Uretsky, of Philadelphia, could not immediately be reached for comment.
4. He Has Been Involved in Politics for Several Years
Uretsky has been involved in Democratic politics for several years, his LinkedIn profile shows. He worked as a staffer on Patrick Murphys Congressional campaign in 2006. From 2007 to 2008 he was a grassroots leader for Barack Obamas 2008 campaign in Philadelphia, serving as a co-chair of Philadelphia for Obama. He has also worked on local Pennsylvania campaigns, and was the Pennsylvania Data and Targeting Manager for America Votes from 2011 until he was hired by the Sanders campaign.
Prepared and presented data driven analysis of partisan political opportunities and needs using SQL, VAN, GIS and other tools. Determined key regions for electoral program and competitive districts, he wrote of his role with America Votes. Managed voter file access for partner organizations and their consultants including administration, security, training and technical assistance. Managed deputy staff.
5. He Graduated from Cal-Berkeley & Has Also Worked as a Computer Programmer
Point #4 is the most troubling...could he have been a trouble-maker, working for DNC/HRC?
Proserpina
(2,352 posts)Last edited Sun Dec 20, 2015, 09:40 AM - Edit history (1)
http://www.nakedcapitalism.com/2015/12/200pm-water-cooler-12182015.htmlSince it would be irresponsible not to speculate, one might imagine a DNC honey-trap: Expose Clinton data to newb Uretkskys staff, and if they view it, nail them. DNC is surely malevolent enough, but NGP-VAN, who would have to be involved, is supposed to be a neutral party, since their data is used by multiple campaigns (making the glitch all the more curious, since firewalls between campaigns are fundamental to their business model). Then again, with the stakes this high, whos neutral? I wonder if any of those great Philly bloggers (thats not irony) know anything about Uretsky. And Im sorta waiting for Sanders to say, in debate, I understand Secretary Clinton knows everything about securing servers. Perhaps the DNC should have consulted her.
TheBlackAdder
(28,186 posts).
Firewalls are to allow only select IP addresses to enter the access point server from outside the corporate network, and to control which servers are allowed to connect to each other on the internal network. THAT'S IT!
Once you are connected, Personal SSL Certificates and Userid Authentication ARE required straight down to each Application on the back-end side and to access the database plans and tables.
Additionally, encrypted Application and session state payloads are needed from from both end-points, the PC to the end-point application, verified at each hop along the way, to prevent session hijacking, people spoofing the connection, internal moles taking over, etc..
Clients should not be allowed to create their own additional userids, as this reeks of group level authentication, something else that can be spoofed by tech savvy people.
===
This 'firewall' issue exposed gross incompetence at the vendor site and DNC!
This requires a full security audit by several firms.
UPDATE: Did I read this right "firewall blocking access to Clintons data was down"? That implies that if the firewall is down, their network is open? I am totally not buying that one! Just even saying that sounds foul as it rolls off the tongue.
.
Scuba
(53,475 posts)TheBlackAdder
(28,186 posts).
This is supposed to be a professional IT contractor...
Why would someone have a system set up that allows requests to be processed if they cannot be properly authenticated?
If the external security manager is down, a token is broken, userids/password pairs are mismatched, or anything but an authenticated request, the request or the entire unit of work should be discarded and a log of that failure captured.
.
Scuba
(53,475 posts)... the DNC didn't bomb some innocent country.