The latest dump of documents from the DNC by Guccifer 2.0 paints an ugly picture for the Democrat party both politically and in terms of information security. They show a sparkling lack of talent in security mixed with an unethical mindset of how to abuse donors and America.

The first item that jumps out of the breach is an XL spreadsheet file titled NF raised. The spreadsheet is a detailed listing of 454 top DNC donors. The file includes the names, addresses, home phone numbers, cell phone numbers and emails the major DNC donors. What lies behind the list is the fact that many of the same large donors also were awarded top level jobs inside the Obama administration. The fact that so many received these jobs, some directly after making a donation, points to a "pay for play" scheme.


For example: Top donor Matthew Berzun became Ambassador to UK, second place donor Julius Genachowski became the chairman of the FCC, and third place donor Frank Sanchez became Under Secretary of Commerce. Other big dollar donors on the list became the Ambassador to Singapore, Ambassador to Spain, Ambassador to Japan, Ambassador to Bahamas, Ambassador to the UN, Ambassador to Switzerland, Ambassador to South Africa, Ambassador to Belgium, Ambassador to Luxembourg, Ambassador to New Zealand, Ambassador to Czech Republic, Ambassador to Finland and Ambassador to EU.

In the area of national security violations is a file called "Contact List". The XL spreadsheet is a contact list of 444 DNC operatives from then Chairman Kaine all to members then serving in the White House. The list includes the cell phone number, email address, black berry number and White House phone number with extension of each individual. This file of data in the hands of a nation state or even organized crime would enable hackers to exploit a known flaw in the cell phone system called SS7. This flaw was demonstrated on CBS showing attackers armed with nothing but the cell phone number could monitor the conversation, email and text messages passing through a target.

Of course, this adds to the security violation caused by the DCCC documents given to Softwar by Guccifer 2.0 which contained the cell phone of Christine Turner, Director at the White House National Security Council. Ms. Turner is a national security advisor to President Obama. Hackers armed with her phone number could also exploit the SS7 flaw to monitor conversations.

In the file labeled "OFA Export" is a text file of over 3 million DNC donor email addresses with their last donation date and amount. The nature of this particular file is clearly aimed at email marketing since it is easily read by spam software. In short, this is a massive spam list to send nagging emails to DNC donors in an effort to get them to donate again. The list, now circulating on the Internet, is a living gold mine for spammers and hackers to deliver tons of junk email and virus laden emails to over 3 million people who have money to spare.

In the file labeled "IFA Cellphone test" is a listing of 100,000 DNC donors with name, address, cell phone number and cell phone carrier. This text file is designed to be used by ROBO SMS Text spam software to send messages to the DNC donors. The fact that the carrier is included is the dead give-away here. The carrier information is used by the ROBO SMS spam program to connect to each phone service then use the phone number to send the spam messages. The list, now circulating on the Internet, is a living gold mine for cell phone jackers and text spammers to deliver tons of junk text messages and cell phone hacking virus attacks to 100,000 people.

In the text file labeled "Marketing Phones" is a listing of hard line phone numbers sorted from lowest to highest order. The intention of this file is to operate a ROBO dialing program to send pre-recorded messages to over 270,000 DNC potential donors. The list, now circulating on the Internet, is in such a format as to make it easy for any illegal marketing ROBO caller to use for any of a number of various scams.

Additional files have hundreds of thousands of DNC donors names, addresses, home phone, cell phone, occupation, last donation, last 4 digits of any credit card and expire date. These files also show the DNC using what is called XML data files to extract the credit card information from their processor. The DNC did not store the full credit card information on their data base in any of these hacked files but the previous release of DNC data on Wikileaks did contain emails with the full credit card numbers and signatures from some donors. It would not be unusual for the DNC to have a large data base that did contain this information and, if so, it too may have been hacked.

It does appear, however, that the DNC did have some trouble processing credit cards because some of their systems could not pass security tests required for certification. Instead of fixing the issue, DNC technical staff member Ian Reynolds sent an email to the contractor doing the security scans, Security Metrics, complaining that the problem was their scan. In the end, Security Metrics certified the credit card processing of the DNC was safe.

The nature of the data released by Guccifer 2.0 leads me to believe the person or persons in the DNC who were hacked were also at the top level of their computer technical department. The breached files did contain details of the DNC computer systems that only their top IT staff would know and work on. This data includes a listing of DNC login IDs, detailed documentation on the status, nature and details of the DNC computers, memos to DNC Chair Tim Kaine on IT status and the budget details on the DNC computer systems.

The files show the DNC had a technology budget of about $6.5 million but did little with that money except set up systems to get more money. There are no references in the budget files leaked by Guccifer 2.0 to any computer security beyond SSL certificates for their websites and Symantec anti-virus and firewalls programs. The extensive array of memos sent to then DNC Chair Tim Kaine by the IT staff have few references to security issues and it appears that Kaine did not see fit to hire an information security professional.

One memo did note that the DNC computer staff was working with vendors to get their Microsoft software licenses certified and that they also needed to work with Juniper for some of the communications equipment. This last mention of Juniper raises red flags because the major manufacturer of computer communications devices discovered two back doors inside their production code late last year. These back doors would give attackers complete access to the computer systems attached to the Juniper devices. One of the back doors appeared to be of NSA origin that was later altered by a nation state actor. The other back door appeared to be from a less skilled hacker who most likely was not a nation-state actor but it did allow full access to computers including the ability to destroy any evidence of an attack.

In the end, the state of DNC computer security can only be defined as deplorable. The shockingly bad quality of any security effort was atrocious and Tim Kaine showed that he is incapable of understanding the need for such security. The diabolical effort to set up spam email and cell text bot systems to attack the DNC donors was shameful and inexcusable. The DNC has left millions of American citizens vulnerable to hack attacks and put our national security at risk by posting the hackable cell phone numbers of top ranking individuals inside the White House. The dishonorable effort to pad DNC coffers by handing out juicy Ambassador jobs and the dreadful DNC computer security is a total failure of ethics, morality and sensibility.




Contact Us: