Politics A Republican National Committee database of nearly every voter was left exposed on the Internet for 12 days, researcher says

21:05  19 june  2017
21:05  19 june  2017 Source:   MSN

Nearly 200M Americans hit by massive voter records leak

  Nearly 200M Americans hit by massive voter records leak <p>Personal information for more than 198 million American voters were left exposed this month after a data analytics firm hired by the Republican National Committee stored the files on an unsecured Amazon server.</p>Deep Root Analytics, the conservative analytics firm, confirmed in a statement Monday the files had been accessed without their knowledge.

Now comes the fallout of all that information hoarding: A California- based security researcher says Republican -linked election databases were inadvertently exposed to the entire internet , sans password, potentially violating the privacy of almost every single registered voter in the United States.

In what is the largest known data exposure of its kind, UpGuard’s Cyber Risk Team can now confirm that a misconfigured database containing the sensitive personal details of over 198 million American voters was left exposed to the internet by a firm working on behalf of the Republican National

Voters fill in their ballots as they vote in the U.S. midterm elections at a polling place in Westminster, Colorado November 4, 2014. Rick Wilking/Reuters© Rick Wilking/Reuters Voters fill in their ballots as they vote in the U.S. midterm elections at a polling place in Westminster, Colorado November 4, 2014. Rick Wilking/Reuters

A Republican National Committee database of nearly every registered American voter was left vulnerable to theft on a public server for 12 days this month, according to a cybersecurity researcher who found and downloaded the trove of data.

The lapse in security was striking for putting at risk the identities, voting histories and views of voters across the political spectrum, with data drawn from a wide range of sources including social media, public government records and proprietary polling by political groups.

Russian Breach of 39 States Threatens Future U.S. Elections

  Russian Breach of 39 States Threatens Future U.S. Elections Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported. In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S.

A data analytics contractor employed by the Republican National Committee ( RNC ) left databases containing information on nearly 200 million potential voters exposed to the internet without security, allowing anyone who knew where to look to download it without a password.

This blunder was caused by Deep Root Analytics (DRA), a data analytics firm employed by the US Republican National Committee ( RNC ), who "mistakenly" left sensitive personal details of more than 198 million US voters exposed on an unsecured Amazon S3 server.

Chris Vickery, a risk analyst at cybersecurity firm UpGuard, said he found a spreadsheet of nearly 200 million Americans on a server run by Amazon's cloud hosting business that was left without a password or any other protection. Anyone with Internet access who found the server could also have downloaded the entire file.

The server contained data from Deep Root Analytics, a contractor to the Republican National Committee, which used Amazon Web Services for server storage.  Vickery said he came up on the server's address as he scanned the Internet for unsecured databases.

"With this data you can target neighborhoods, individuals, people of all sorts of persuasions," said Vickery in an interview. "I could give you the home address of every person the RNC believes voted for Trump."

Obama White House Knew of Russian Election Hacking, but Delayed Telling

  Obama White House Knew of Russian Election Hacking, but Delayed Telling The administration did not speak out forcefully about the election interference because it worried that it would be seen as meddling on its part.WASHINGTON — The Obama administration feared that acknowledging Russian meddling in the 2016 election would reveal too much about intelligence gathering and be interpreted as “taking sides” in the race, the former secretary of homeland security said Wednesday.

A data analytics contractor employed by the Republican National Committee ( RNC ) left databases containing information on nearly 200 million potential voters exposed to the internet without security, allowing anyone who knew where to look to download it without a password.

Sproul & Associates has received nearly half a million dollars in disbursements from the Republican National Committee . In Nevada, former employees of Voters Outreach for America (AKA “America Votes ”), have exposed the organization’s practice of destroying registration forms completed by

It is not known whether the information has been accessed by any one but Vickery. But if it was, it would represent perhaps the largest political data mishap in American history. Gizmodo was first to report details of the data vulnerability Monday.  The Washington Post has not reviewed the file.

The RNC did not provide immediate comment. In a statement, Deep Root founder Alex Lundry told Gizmodo, “We take full responsibility for this situation.” He said the data included proprietary information as well as publicly available voter data provided by state government officials. “Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access,” Lundry said.

In all, the leaked files amount to more than 1,000 gigabytes of data — more than four times the size of any previous breach of this type, according to Vickery. The data fields included views on specific issues including abortion, gun rights and environmental issues, he said.

Homeland Security official: Russian government actors potentially tried to hack election systems in 21 states

  Homeland Security official: Russian government actors potentially tried to hack election systems in 21 states Most of the hacking was just scanning for vulnerabilities, though a few were successfully exploited.Samuel Liles, the Department of Homeland Security’s acting director of the Office of Intelligence and Analysis Cyber Division, said vote tallying mechanisms were unaffected, and the hackers appeared to be scanning for vulnerabilities — which Liles likened to walking down the street and looking at homes to see who might be inside.

Connect With Us. Republican National Committee . Follow @GOP. Paid for by the Republican National Committee . Not Authorized By Any Candidate Or Candidate's Committee . www.gop.com. X.

This Account has been suspended.

The detailed file does not stop at Trump supporters, but likely includes Democrats, independents and many voters in between, he said. At a time when even many Americans protect their most basic emails and photos using passwords and two-step authentication, the security missteps by Deep Root Analytics, the contractor behind the breach, represent a form of gross negligence, he added.

The file has been secured now for several days, Vickery said, adding that he informed law enforcement of the vulnerability after discovering it.

"What is alarming about this now is that I believe it's the first time RNC IDs and model data have been exposed," said Matt Oszcowski, a veteran GOP political data strategist. "This is not just a list of people; this is unique proprietary information which gives away [Republican] strategy and informs on targeting and methodology."

Privacy experts expressed alarm over the breach, which they said shows how deeply personal data has become integrated into the modern political campaign.

"They're using this information to create political dossiers on individuals that are now available for anyone," said Jeffrey Chester, executive director of the Center for Digital Democracy. "These political data firms might as well be working for the Russians."

Samsung blunder reportedly leaves millions of devices open to hackers

  Samsung blunder reportedly leaves millions of devices open to hackers Samsung left millions of its customers exposed to malicious activity after failing to renew the domain of an app that came pre-installed on its smartphones, according to a report from Motherboard. Anyone with an older Samsung device probably has the app S Suggest. The stock application was used to suggest other popular Android apps to users. The Korean mobile giant appears to have stopped supporting the software in the last few months and it reportedly failed to renew the domain ssuggest.com, according to a security researcher who, fortunately for Samsung, took over the domain.

Internet -news mogul Matt Drudge says Sen. Ted Cruz of Texas was "condemned to Republican hell" after delivering an anti-Donald Trump message during his Republican National Convention speech. Get the best of Business Insider delivered to your inbox every day .

Just In: NK Says They're "Not Far Away" from Doing the 1 Thing the World Fears. Breaking: Hours Before Jeff Sessions Testifies, Senate Makes Final Decision. Here's Why the U.S. Marines Just Practiced for a "D- Day " Beach Landing.

Deep Root Analytics’ unprotected server appeared to have exposed data housed by the Data Trust, the private data company hired by the Republican National Committee to update its voter file -- part of a costly effort to improve the party’s data collection and analysis in the wake of the 2012 election.

The RNC poured more than $20 million into data services in the 2016 cycle, according to Federal Election Commission records. Of that, $6.2 million went to Data Trust, which has an exclusive list-sharing agreement with the national party. That allows the company to swap RNC voter data with independent big-money groups such as American Crossroads and American Action Network, helping enrich the party’s master voter file.

Among the outside entities that participated in data swaps with Data Trust last cycle was i360, a rival operation financed by Freedom Partners, a nonprofit backed by the wealthy Koch brothers and other conservative donors. The private firm -- which has its own individual-level database of 194 million voters culled from registration files, consumer data and social media profiles – provides data and technology to groups in the Koch network, as well as GOP campaigns and vendors.

The Koch data operation, which is widely regarded by Republican strategists, had more than 200 GOP campaigns and state parties as clients in 2016, The Post reported last year.

For its part, Deep Root Analytics worked for at least 14 GOP political committees in the 2016 cycle, FEC records show. Among its clients: House Speaker Paul Ryan’s campaign committee and his allied House super PAC; the Senate Leadership Fund, a super PAC aligned with American Crossroads and Senate Majority Leader Mitch McConnell; and former Florida governor Jeb Bush’s presidential campaign and allied super PAC.

There are no reported payments from the RNC to Deep Root. However, the party spent $983,000 on “polling services/consulting” with a company called Needle Drop, which is a subsidiary of Deep Root, according to AdAge.

“There is much more of a life cycle here at the RNC now that revolves around data,” then-RNC chief of staff Katie Walsh told The Post in July 2015. “Everything we do here comes back to, 'How does that improve the voter file?'”

Matea Gold contributed reporting.

Election Hackers Altered Voter Rolls, Stole Private Data, Officials Say .
The hacking of state and local election databases in 2016 was more extensive than previously reported, including at least one successful attempt to alter voter information, and the theft of thousands of voter records that contain private information like partial Social Security numbers, current and former officials tell TIME. An Incredible $200 Intro Bonus Just For Using This Card Learn More Sponsored by NextAdvisor In one case, investigators found there had been a manipulation of voter data in a county database but the alterations were discovered and rectified, two sources familiar with the matter tell TIME.

—   Share news in the SOC. Networks

Topical videos:

This is interesting!