Paste has found that a pattern of poor security and mishandling of demographic data plagued the Clinton campaign from December of 2015 until the end of the campaign on Nov. 8, according to volunteers who worked to get Ms. Clinton elected. And that information may have been compromised during the DNC hacks earlier in the year.
“Someone that’s volunteered twice could access like 80% of DNC databases,” explained Democratic volunteer “Tyler” in August.
These allegations, if true, raise questions about the security of the demographic information of US voters—and what happened to that information.
The Clinton campaign, like all Democratic campaigns since 2008, relied on the demographic data aggregator Votebuilder for most of its Get Out The Vote (GOTV) operations. Votebuilder, a subsidiary of data company NGP-VAN, which works with the Democratic Party, aggregates voter information throughout each state.
The information in NGP/VAN’s VoteBuilder database includes members of the public’s addresses, phone numbers, political leanings, incomes, voting history, early voting status, answers to previous candidate surveys, email, and members of household. It’s a wealth of information that could be used for much more than GOTV.
The program entered the news briefly last winter when the Sanders campaign accessed the Clinton campaign’s Votebuilder data. Sanders was cut off from the program by the DNC until a threat of a lawsuit forced the Democratic leadership to capitulate.
But that December dustup may have exposed flaws in the DNC’s data security system that hackers were able to take advantage of—because those flaws were never fully addressed by the organization.
When the springtime breach of the DNC was first revealed in July, the Clinton campaign quietly acknowledged that they were also the victims of a contemporary hack, saying in a statement that a data analytics program, controlled by the DNC, had been accessed for “five days.”
Perhaps the clearest indication of the lax campaign security around Votebuilder comes from Terry Murphy, a Clinton volunteer from Petaluma, California. Murphy said that people in his “team” of volunteers accessed Votebuilder using an unchanging password that was posted on a whiteboard in the center of the office.
It wouldn’t change until a phone banking incident on October 22. On that day, Murphy said, he and the other volunteers encountered the same five answering machines at multiple different numbers.
“There was a British guy, a Southern guy, a few others,” Murphy said. “I remember the Southern guy because he was rude—‘y’all shouldn’t be calling here’ or something like that.”
The phone bankers reported the incident to the Clinton campaign. Reaction was swift. On the 29th, the next time Murphy went into the office to volunteer, the password for Votebuilder had been removed from the wall. And there was a young man, Sage, from the Clinton headquarters in Brooklyn in the office for the remainder of the election.
Murphy’s superiors at the volunteer center told him that the new password security was directly related to the week before’s events.
“The campaigns are desperate for people to do data entry and no paid staffers want to spend their time doing it,” said “Tyler.”
It doesn’t take much time for volunteers to get access to the database, said “Faye.” She did data entry from home after the campaign set her up with a login. That process, she said, was quick.
“They set me up in about ten minutes,” Faye said.
Faye’s previous experience with the campaign totalled one phone banking shift and one canvassing shift. She was given a login and data sheets to take home to work remotely.
“Jane” said that security around the information data sheets for data entry had changed by the time she started working with the campaign in September—but her description of the lax security when she used Votebuilder before raises some serious questions.
“Previously I had shown up to either the office or someone’s house that was being used for staging and was given data sheets to take home and enter,” said Jane. “No one kept track of what I did with them when I was done. (I shredded them… but that was my choice).”
But how insecure was the data? And was it compromised?
The hacker (or hackers) known as “Guccifer 2.0” said they were able to access NGP-VAN data through a “Zero-Day Vulnerability,” or unknown software hole. After exploiting that loophole, they had access to the entire database, they said.
The website ThreatConnect isn’t buying it.
“Guccifer 2.0 would have to do it from the inside out as an authenticated user to the web service, or remotely from the outside in,” the site said. “However, this approach wouldn’t use the tools he mentions. It would also be extremely invasive and much more likely to generate significant amounts of log activity and/or errors that would draw unwanted attention to his efforts.”
NGP/VAN denied ever being directly hacked to Paste.
Yet it’s quite possible that Guccifer could have accessed this information directly from the campaign. As we’ve seen, the DNC and Clinton campaign’s security measures around this information were not particularly strict.
And this raises another question— what happened to this information? VoteBuilder aggregates just about everything about a voter save their bank account and credit card numbers. That information would be incredibly valuable for identity thieves and for intelligence services. For the Clinton campaign to treat it so carelessly is another indication of the arrogance and carelessness that has resulted in the election of Donald Trump.
We’re still no closer to a definitive, on the record answer as to who was behind the campaign’s hack. But as we’ve seen, the Clinton campaign could have been compromised by just about anyone.
“What seems more plausible,” “Tyler” asked rhetorically in August. “Russia has some crazy operation planned or someone like James O’Keefe sends an intern to volunteer with the Clinton campaign for two days?”
This is an ongoing story. Please contact Eoin Higgins if you want to talk about the campaign’s data security. You can find him on Twitter and Facebook.