"On Reddit, an r/technology thread about the controversy included comment from a self-identified 2008 Obama campaign staffer who claimed such breaches were both common but of limited strategic value:
"As an '08 Obama staffer who used the VAN extensively, it went down like this, "Oh, that's weird. It looks like we can pull lists from Hillary again. Hey Erin, do a quick search..." Then everyone in the office room (there were 4 total accounts who did a search) tried the search too.
Any data they pulled would not have been that useful, especially considering both campaigns use the VAN. They couldn't just turn around and re-enter the Clinton supporters as 5's, etc. That's not how it works ... The breach is a non-issue, however how it is being handled by the DNC (in addition to the way the debates, etc) is the telling issue about how undemocratic the Democratic National Party has become.""
Partway through my search I found one source, not primary, claiming that NGP VAN was not at fault, but that's it. Can anyone find anything else?
"Weaver blamed the DNC and its vendor for failing to protect the data. He said the Sanders campaign contacted the DNC about an earlier firewall failure in October, and he feels “very confident” that some of the Sanders’ campaign data was lost to another campaign then. That system was not controlled by NGP VAN, the company notes."
It's interesting that essentially the same issue has happened with two different systems. Assuming the phrase "firewall failure" is meant the same way... The technical doublespeak is really starting to get on my nerves. The use of the term "firewall," it seems, is explicitly to make people think a "hacking" was done.
The entire story seems kind of ridiculous. Given the descriptions, we're talking about an access control bug. Calling it a "firewall failure" makes it sound ridiculous, and I agree that it shades everything under a nefarious tone. But since campaigns are chock full of lawyers, they might be using it in a legal sense, referring to a "Chinese wall" [1] that prevents certain communications to avoid conflict of interests. Unless access logs show that the Sanders campaign decided to suck up everything, it's hard to argue that the DNC didn't massively overreact here.
Whatever the case, what confuses me are the suggestions that these sorts of breaches are common and that they have been for some time. What the hell are these software vendors doing? Access control is nothing new. And while getting it right isn't always easy, there's no reason for you to continuously get it wrong, either. It's also really easy to test, comparatively speaking, because potential issues here are predictable.
Reposting my response from below, but the October incident was not with NGP VAN and was actually another vendor - not sure who though but I'd be interested in hearing theories.
From their press release:
"Josh Uretsky, the former National Data Director for the Sanders campaign confirmed on MSNBC (at 5:47), and also on CNN, regarding the previous incident: 'it wasn’t actually within the VAN VoteBuilder system, it was another system.'" [1][2]
http://www.snopes.com/bernie-sanders-campaign-data-breach-co...
"On Reddit, an r/technology thread about the controversy included comment from a self-identified 2008 Obama campaign staffer who claimed such breaches were both common but of limited strategic value:
"As an '08 Obama staffer who used the VAN extensively, it went down like this, "Oh, that's weird. It looks like we can pull lists from Hillary again. Hey Erin, do a quick search..." Then everyone in the office room (there were 4 total accounts who did a search) tried the search too.
Any data they pulled would not have been that useful, especially considering both campaigns use the VAN. They couldn't just turn around and re-enter the Clinton supporters as 5's, etc. That's not how it works ... The breach is a non-issue, however how it is being handled by the DNC (in addition to the way the debates, etc) is the telling issue about how undemocratic the Democratic National Party has become.""
Partway through my search I found one source, not primary, claiming that NGP VAN was not at fault, but that's it. Can anyone find anything else?
http://www.usatoday.com/story/news/politics/elections/2016/2...
"Weaver blamed the DNC and its vendor for failing to protect the data. He said the Sanders campaign contacted the DNC about an earlier firewall failure in October, and he feels “very confident” that some of the Sanders’ campaign data was lost to another campaign then. That system was not controlled by NGP VAN, the company notes."
It's interesting that essentially the same issue has happened with two different systems. Assuming the phrase "firewall failure" is meant the same way... The technical doublespeak is really starting to get on my nerves. The use of the term "firewall," it seems, is explicitly to make people think a "hacking" was done.