A MESSAGE FROM OUR FOUNDER AND CEO -
The DNC lawsuit against Trump, Assange and Putin is a reminder of exactly how badly equipped the Democrats were in 2016 and how badly equipped they are still today. Even after getting hacked the DNC has never turned over their computers to law enforcement for an investigation.
In June 2017, former Secretary of Homeland Security Jeh Johnson, who was appointed by and served under President Barack Obama, testified before a House Select committee that his department offered their assistance to the DNC during the campaign to determine what happened to their server, but said his efforts were "rebuffed".
One of the unforeseen consequences of the lawsuit is that it now opens the DNC computers and records up for the Court inspection. What we already know is the DNC was ill-equipped and poorly trained on security. Worse still the failure by the DNC to protect its information led to severe breaches of private information on large numbers of donors. The cavalier and careless manner at which information was tossed around by the DNC and its employees is a perfect example of what not to do if you want to stay in business.
For example, there are numerous open emails sent between employees that request and share password and login information. One of the first rules of basic security is never to send the open password to an account via email. Most email systems are not secure so sending your password is a fast way for anyone watching traffic to compromise your system.
However, for the DNC sending passwords by email to videos, press accounts and even financial bank accounts was common practice; the dncpress account password was tossed around in open emails, the DNC Factivist account password was distributed by email, photos taken of a VP Biden event were password protected until that too was distributed. Even the DNC business credit card was compromised when its password was sent by Democrat employees.
The same problem existed for the Clinton campaign even after the DNC exposed itself. Clearly, information security was neither an issue nor a worry for John Podesta. The top Clinton campaign advisor, John Podesta, frequently shared his password with his staff. In one email Podesta shared his password "RUNNER4567" which controlled his Gmail, Apple and Twitter accounts. In fact, Podesta was warned in 2008 via email by Denis McDonough to encrypt his important documents. Podesta chose to ignore the warning.
Worse still Podesta was fooled by a fake "phishing" email that claimed his password needed to be reset. Instead of going to Google, the link he clicked on took him to a fake hacker site where he reset his email password which was instantly recorded by the hacker.
The Podesta security troubles don't end at his computer. Amy Chozick, a New York Times reporter following the Clinton 2016 campaign, recalled in her new book a moment when she found an iPhone in a bathroom at Clinton campaign headquarters in Brooklyn. "Seeing a bunch of calendar alerts pop up, she realized the phone belonged to a Podesta assistant."
The Podesta hack compromised others as well including the press and associates still in government. Juan Williams sent Podesta his contact information, including his cell phone number. Even current DNC Chairman, then Secretary of Labor Tom Perez, was caught up in the Podesta breach scandal as an email he sent also contained his personal cell phone number.
The worst part of having poor security is that your customers lose their privacy. The DNC and Podesta hacks contained numerous photographs of full credit card information, personal information, signatures, passports and other important financial or ID documentation. The processing of credit card information by sending a picture attached to an email is painfully a rotten way to do business.
It is well worth noting that all individuals authorized to accept payment cards (debit and credit cards) must securely process, store and dispose of payment card data (paper and electronic media) in order to adhere to the Payment Card Industry Data Security Standards (PCIDSS). There are consequences if the data you store or process is compromised.
Other important DNC personal information was sent in an unsecure manner. Many of the emails also had spreadsheets attached to them. Some of the spreadsheets contain not only basic donor data but details such as Social Security (SSN) numbers and dates of birth. These details are pure mana from the devil himself to hackers. Clearly, the DNC staff was more concerned with getting the money than protecting its clients.
Then there are the even more obvious flaws that became public during the election. The effort by the Democrat leadership to sabotage Bernie Sanders included cheating during the debates. Clinton readily accepted the debate questions in advance via her inside CNN mole, Donna Brazile. This single episode demonstrated beyond a shadow of a doubt that there was NO integrity or honesty in Hillary Clinton. It also demonstrated there was no common sense or data security inside the campaign either.
It is often said that the weakest piece of security hardware is the nut holding onto the keyboard. The hacks of Podesta and the DNC prove the point that it was their lack of training that led to their own destruction. The attacks were carried out mainly via email and phishing schemes, preying on the ignorant and untrained members of the DNC and Clinton staff.
The DNC lawsuit reminds us all the DNC rigged the 2016 primaries. The lawsuit is a reminder that DNC chair Debbie Wasserman Schultz resigned before the Democratic National Convention. After the convention, DNC CEO Amy Dacey, CFO Brad Marshall, and Communications director Luis Miranda also resigned in the wake of the controversy.
The lawsuit is an adventure into futility. It's almost as if the DNC and its leadership wants to commit political suicide by expending money that it does not have into an effort it cannot win. The lawsuit also reminds us of how badly the DNC treated the real victims of the hacks; its donors, customers and supporters. Instead of wasting time in a public relations Court case the DNC should do as Equifax, Home Depot and even the US government has done when they were hacked.
The DNC has not notified donors, credit card holders or persons who have had their IDs compromised due to its careless security. It's long past due.
DNC password reset request
New password for access
photo link from a 2012 Joe Biden event password
Business card password
good friend of mine Al Jazeera, NPR - vimeo password
Does anyone have the password
SSN numbers in DNC spread sheet
Passport image in DNC email PDF
Donor credit card information with signature in DNC email PDF
Podesta warned in 2008 to use encryption
Juan Williams cell phone
Tom Perez cell phone
Podesta password "runner4567"
Fake email to Podesta – Someone has your password
CHARLES R. SMITH
CEO FOUNDER OF SOFTWAR INC.