Pubblicato in: Commercio, Criminalità Organizzata

Deep Root Analyitcs. Dati sensibili di 198 mln persone messi in rete.

Giuseppe Sandro Mela.

2017-07-07.

Spione_007__

Ci si stupisce che la gente si stupisca.

*

«Anyone with an internet connection was able to access a huge database of personal information on US voters ahead of 2016 elections, a security firm says»

*

«discovered a misconfigured database containing information on almost every registered US voter compiled by data analytics company Deep Root Analytics»

*

«The database contained “names, dates of birth, home addresses, phone numbers, and voter registration details,” as well as data described as predicted data about voter behavior on policy preferences and likelihood of choosing a particular candidate»

*

«The data that was accessed was, to the best of our knowledge, this proprietary information as well as voter data that is publicly available and readily provided by state government offices»

*

«It also comes at a time when the integrity of the US electoral process has been tested by a series of cyberassaults against state voter databases, sparking concern that cyber risk could increasingly pose a threat to our most important democratic and governmental institutions»

*

Non dovrebbe essere un mistero per nessuno che un numero consistente di organizzazioni pubbliche e private raccolgono dati sensibili su tutti: nome, cognomi, indirizzi, telefoni, preferenze di vita, etc.

Due casi sotto gli occhi di tutti potrebbero essere Google e Facebook. Loro dicono che queste informazioni servono per ottimizzare il servizio che adesso si avvarrebbe dell’intelligenza artificiale, ma in pratica è solo ed esclusivamente spionaggio di chiara fonte.

Alcune considerazione sembrerebbero essere sequenziali.

– Sono accessibili usualmente i dati che gli stessi interessati rilasciano per leggerezza o faciloneria, specie quelli intimi e strettamente personali. La abitudine, per taluni consolidata, di pubblicare fotografia personali permette di risalire al giro di conoscenze e dei posti frequentati.

– Per quanti non usano estensivamente i social, si possono raccogliere dati anagrafici e, anche se proibitissimo, informazioni economiche e bancarie. I movimenti fatti tramite carte di debito e di credito sarebbero un ottimo esempio.

*

Ma il problema è alquanto differente.

Allestire mega database è relativamente facile.

Immettervi dati veri è del tutto difficile.

Tenere aggiornato il database rasenta quasi l’impossibile, con forse l’esclusione di servizi segreti di grandi nazioni.

Ma un database non aggiornato non solo è inutile, ma quasi invariabilmente fuorviante.

Indirizzi e numeri di telefono cambiano anche molto rapidamente nel tempo.

La tipologia degli acquisti è anche essa soggetta a rapide variazioni.

Non parliamo poi delle preferenze politiche. Le recenti tornate elettorali nei paesi occidentali dovrebbero aver ben messo in evidenza l’elevata mobilità dell’elettorato.

Paucis verbis, i database di dati personali sono come i fiori: gratificanti quando sono al massimo dello splendore, inutili e da cacciar via quando sono appassiti.

*

Una ultima considerazione sarebbe però doverosa.

Un numero consistente di persone rilascia di sé stesso informazioni false, molti cercano di operare tramite pseudonimi, e così via.

Il vero problema è quello di poter accedere ad informazioni sicure: numero e tipologia contano ben poco.


Fortune. 2017-06-19. Nearly 200 Million U.S. Voters’ Personal Data Accidentally Leaked by Data Firm Contracted by RNC.

Information about more than 198 million U.S. citizens was accidentally leaked earlier this month, after more than a terabyte of data was stored on a publicly accessible server by a marketing firm working for the Republican National Committee.

Deep Root Analytics, a conservative media firm, has confirmed that it owned the exposed data, Gizmodo reported.

The data was discovered on June 12 by Chris Vickery, a cyber risk analyst at UpGuard, which characterized the discovery as “perhaps the largest known exposure of voter information in history.”

“Anyone with an internet connection could have accessed the Republican data operation used to power Donald Trump’s presidential victory,” UpGuard said.

The Deep Root server — which was publicly accessible between June 1 and June 12 — included data collected by other firms and Republican super PACs, including voters’ home addresses, birthdates, phone numbers and opinions on political issues.

The firm does not believe its systems were hacked or accessed by any malicious actors during that time, Gizmodo reported.


Deutsche Welle. 2017-06-20. Deep Root Analytics behind data breach on 198 million US voters: security firm

Anyone with an internet connection was able to access a huge database of personal information on US voters ahead of 2016 elections, a security firm says. The database helped the Republican Party’s presidential campaign.

*

A data analytics firm that helped US President Donald Trump’s election campaign exposed personal information on 198 million Americans, a security firm revealed on Monday.

Chris Vickery, a researcher at the consultancy Upguard, discovered a misconfigured database containing information on almost every registered US voter compiled by data analytics company Deep Root Analytics.

The information was used by the Republican National Committee to help win the 2016 presidential race.

The database contained “names, dates of birth, home addresses, phone numbers, and voter registration details,” as well as data described as predicted data about voter behavior on policy preferences and likelihood of choosing a particular candidate.

Upguard said the database “lacked any protection against access” and was available to “anyone with an internet connection.”

It described it as “a treasure trove of political data and modeled preferences used by the Trump campaign.” It said the information was used to help influence potential voters and accurately predict their behavior.

Deep Root takes responsibility

Deep Root released statements confirming that files were accessed without its knowledge.

“The data that was accessed was, to the best of our knowledge, this proprietary information as well as voter data that is publicly available and readily provided by state government offices,” the statement said. 

“Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access.  We take full responsibility for this situation.”

“We do not believe that our systems have been hacked. To date, the only entity that we are aware of that had access to the data was Chris Vickery,” it added.

Data breach hunter

Analyst Chris Vickery, a self-described “data-breach hunter,” last year discovered a breach of 191 million voter records in Mexico. Upguard said the latest leak was the largest known breach of voter data in history, with the equivalent of 10 billion pages of text.

It said the database modeled voters’ position on almost 50 different issues with the files offering insights into the algorithmic strategy used by Trump’s campaign to target voters.

The exposure “raises significant questions about the privacy and security Americans can expect for their most privileged information,” the researchers said.

“It also comes at a time when the integrity of the US electoral process has been tested by a series of cyberassaults against state voter databases, sparking concern that cyber risk could increasingly pose a threat to our most important democratic and governmental institutions.”

Annunci