 So the top story today was RNC contractor left data on a hundred and ninety eight million Americans exposed So that caught my eye and if you're here for some Political commentary or someone conspiracy theory. No There that's not what I'm here for I like the technical details behind the news and the news sometimes I think doesn't make the assumption that the American public just doesn't understand things So they try to dumb it down and by doing so they may not get all the facts, right? So I want to know kind of exactly what happened So I started reading on the topic and it turns out the majority of the data was public information But let's start at the beginning here first where the article where the data come from So here's all the different news agencies throwing their opinion on it But let's start at the beginning up guard. Who is up guard up guard is the company that found all the data And how do they find it? Well, they are up guard is a company that does cloud consulting and they help set up your cloud processes Up guard helps business around the world gain visibility and your technology and how it changes in short what they are Is when you want to set up you go Okay, I need all my data in the cloud and need all this cool stuff to be done You use these outside companies up guard being one of them to help set up and configure your Amazon cloud All right So now we know who they are because usually I think about why someone says something Before you read what they say think about their motives and things like that may sound kind of Conspiracy is but I always think about that. Why would you be telling me this or what's the angle that they have? Well They help secure things clearly this is a Not properly secured so probably because they found it having an article about how they Audited and found and accidentally left open. I'm assuming accidental Leak almost makes it sound malicious But never attribute to mail us what can easily be explained by ignorance because well this stuff still newer and sometimes people find the cheapest contractor outsourced to cheaper and cheaper contractors to do things when it comes to technology and You know that you end up with accidentally leaving 200 million records on an open database So Amazon S3 is the storage server that this was found on they have a lot of little details in here about it Upguard is a great place because they are a company that actually put the details together They did responsible disclosure, which means hey, we were scanning through and found this random link of data accidentally left open We'd like to notify you so they now notify the company called deep root analytics and let them know you misconfigured this and Probably maybe they had an angle going. Hey, you should hire us to secure your servers So you gotta think what they have it's kind of a publicity for them But it also is data that was leaked even though it's public data and what kind of data was leaked Well, this is where it gets a little bit interesting. So your voter data is public here in America But who you voted for is not and if polling people came around and did a Questionnaire and asked questions of like hey, do you like this or do you like that? Would you vote this way? Maybe the phone calls you got or the door that are polling that goes on They had that data tied in there, too So it's not the concern that your name and voter information as in your address and the fact that you voted is out there That took me no time at all to find myself. I typed in Michigan voter database second leak on Google They have all the downloads for 2013 all the way till 2017 You can download the entirety of the history on there and I went and double checked And let me pull this up real quick it did indeed I can just dump this Just all the voters all their addresses all their information now that is public You can easily find this and majority of states have something that you can find this on so that's not big deal There's a lot of state databases that have searches and that's may close these windows so What makes this a little bit more scary is? The fact that this ties together both voter information and opinions voter half That's where it gets a little bit scary is how they were tying some of this together And how they were doing this either some of the links that they had in here for some of the details of how they viewed people Now where this gets really scary is We live in a world where a lot of information becomes very easily available like this and people looking for angles on someone else And maybe You shared an opinion of how you feel about something that you may not have shared or you're a business owner You're someone who's in the public light and you shared an opinion with these people now that opinion You shared with a polder who knocked on your door who worked for in some Director indirect way for deep root analytics or someone they gathered data from that opinion was shared in here now You have a name and an opinion all tied together and that's where it gets a little bit creepy That's the data that's really shouldn't have been linked now the value of this data is questionable in terms of that It's obviously very available during an election cycle Because people feel a certain way and they use that for targeted information to target voters. So it is a little bit Scary, but the data breach really comes down to a misconfigured Amazon s3 server. So how that got misconfigured. I don't know Clearly there's someone in trouble Undoubtedly because you know, they put all this time and effort Building these databases. They don't want them just left on the internet because well, there's competing companies deep root intellects as a single company For example that you know was trusted and paid by the RNC to build all this voter information So they understand how to target ads for voting now to take a deeper look at the end result of a lot of this I put an article together in November of 2016 that you can find I'll throw a link here and below and it's all about I called it Bargain presidency using psychological profiles dark posts and micro targeting to win a president's election And it was because of some analytics. I did And then it was really interesting to find out that they the Trump presidency what I was downloading all the different Media the the buys them ad spends and it was fascinating to me I was like, I wonder how much each one of the parties and each candidate specifically was spending on Facebook So I went and downloaded the publicly available information. That's you can find and I said, huh They're spending a lot less. Where's that money going and I dug into it and it became really interesting It's kind of funny. I published this in November. Some similar articles came out much later You know kind of analyzing this but specifically the company that was behind it and this is another one This is a competitor so to speak of the deep root analytics was Cambridge Analytica And this is interesting to me because they literally have a blog post and Bragging and that they can help you win a presidency. So when you say, let's talk or let's go to their main page of their website Data-driven campaigns. I've already been here. So it doesn't show up. It gives an option. Do you want to win an election essentially? case studies Includes how they use data analytics all the stuff and this is kind of what I wrote in my article here So this is what the end results a lot of this is they literally built case studies on like how they did campaigns for each of these people Almost creepy like hey, give us money. We get results in elections So your data is more valuable than ever these this company use a lot of Facebook data that they pulled in here Undoubtedly there was a tie-in And we don't know every detail. There's a lot gizmodo did a write up on this too about what else they may have tied together with this Now that's where it gets kind of scary is you take all the voter registration information Cross-reference that with Facebook information and then start making then go to the polling information going Oh, yeah, this person seems to post on Facebook complaining about this political topic And then we have a polling data because we contacted So-and-so or Tom Lawrence and Taylor and he posted about this and he has this opinion So we should target him with these type of ads so we can win them over to the view that we like So that's where this really gets scary. So it's really not the voter information It's the deeper tying together those personal details and maybe your Facebook posts But then again, if you're posting all your political stuff on Facebook, you don't have nothing to worry about They probably don't have anything in here that you didn't already a post But if you're someone who Operates with a group and you don't post politically and you keep it very quiet Well, this leak could lead to if all the data was available It doesn't really clear how much of this data was accessed But if this data was accessed it could be one more place for someone can find out more about you than you originally Wanted to disclose because you thought the conversation was between you and the person taking the polling data or the question you answered With these polling people and now that data has been tied together a little bit deeper And now you know they have it and there is a chance because once the data was out on the internet that it was taken and given No, they don't know for sure whether or not the data was leaked the breach so to speak the public data They flipped the little switch that says private back on there And my guess is they've probably fired to people who accidentally put it to public Probably out of an aptitude. So that's my little thoughts of some of the details on it The news is spinning it because the news needs something to talk about because we have a 24-hour news system and clicks for dollars So they're spinning it and probably have commentators discussing it at length for the next 24 to 48 hours until The next big thing happens. I feel like the content here if you like my little Deeper dives into the news click like subscribe and if you have some comments or other thoughts on this I'm I'm still curious. I'm curious about more technical details This is you know Misconfigured Amazon S3 servers and as we put more data in the cloud It's probably really important that we start thinking more about security when we put this data in there. Thanks for watching