Unlike other years, the recent presidential election has been investigated without hesitation. Because of this, more mistakes and errors are being found this year. Does this mean there weren’t this many last year? No one will know. But a recent revelation about an RNC contractor shows that votes were exposed to dangers.
The Hill reports the following mishandling of information:
“A data analytics contractor employed by the Republican National Committee (RNC) left databases containing information on nearly 200 million potential voters exposed to the internet without security, allowing anyone who knew where to look to download it without a password.”
The company Deep Root Analytics has stated they take full responsibility for the databases which were part of 25 terabytes of files. These files were kept on Amazon cloud which can be accessed without logging in if you know where to look. Researcher Chris Vickery apparently knew where to look. As an employee for security firm UpGuard, Vickery is tasked with uncovering unsecured files. Vickery stated that this breach was one of the biggest he has ever seen:
“In terms of the disc space used, this is the biggest exposure I’ve found. In terms of the scope and depth, this is the biggest one I’ve found.”
UpGuard reported that the files contained around 190 million entries which included names, addresses, and RNC ID’s which can be used to find other information of individuals. The Hill reported how damaging this information could be if released:
“For example, a 50-gigabyte file of ‘Post Elect 2016’ information, last updated in mid-January, contained modeled data about a voter’s likely positions on 46 different issues ranging from ‘how likely it is the individual voted for Obama in 2012, whether they agree with the Trump foreign policy of ‘America First’ and how likely they are to be concerned with auto manufacturing as an issue, among others.’”
“That file appears in a folder titled “target_point,” an apparent reference to another firm contracted by the RNC to crunch data. UpGuard speculates that the folder may imply that the firm TargetPoint compiled and shared the data with Deep Root. Another folder appears to reference Data Trust, another contracted firm.”
Another UpGuard Analyst, Dan O’Sullivan, dug into his own named entry and found that, for him, the preferences were nearly spot on:
“It is a testament both to their talents and to the real danger of this exposure, that the results were astoundingly accurate.”
While these things do happen, this case is uncommon due to its “size and scope.” If numbers are correct, Deep Root Analytics contains more than half of the American population on their systems. The company has hired security firm Stroz Friedberg to complete a full investigation on their mistake. The information has been sealed shut on June 14th after Vickery made the find.
Credit: The HIll