135 SHARES Facebook Twitter

I have been in technology for twenty years. There is nothing more terrifying than losing a flash drive that you failed to encrypt. I believe that is what likely may have happened, and that is why we see the latest DNC leak. Even worse, there is enough data to presume that one certain individual was the keeper of that flash drive, although I cannot be certain.

What’s really going on here?

I am not one to comb through other people’s stuff, but this was leaked to the whole world, not an email sent to the wrong person. The data that might be in a leak like this could change the election. It is better to look through it so I can understand what is in there. So, I did. I downloaded the leaked file, all 600 Meg worth. Extracted it in a safe container that it could not get out of and started digging. What I found was TERRIFYING to me.

As a Technology professional myself I saw an eerie resemblance to something I see almost every day. Random files scattered in one folder with dates that range over a period of years. No real structure, no organization, no real thought in the layout of the files.

The folder is full of files that are too large to email, conveniently ready to be printed (PDF), and they are often zipped up to save space (compressed). I see database exports, files that would need to be put on a flash drive to move from one system to another, documents ready to printed or ready to shared on an overhead projector for presentation.

Incompetence, Negligence or Malice?

I see what could be the inside of one of my own flash drives. That is what is terrifying, this leak shows how careless handling of a flash drive can cause real problems for an organization.

The worst part is I found an email, inside of a text file called “exception.txt” It appears to be a text only copy of an email exchange between DNC Senior System Administrator, Ian Reynolds and the company that handled network security scans.

It is called “exception” because they apparently had to get an exception for a possible problem the company found. The details of the email are not at all sinister. The fact that the email was saved in this fashion means it was somehow important enough to backup on a flash drive or needed to be moved to an off-net system to create a paper trail for audit purposes.

Based on that email you might presume that Ian Reynolds is likely connected to this leak at some level or another. Either due to incompetence, negligence or malice. Why do I say that?

An email exchange between Mr. Reynolds and the security company would only be accessible by him. No one else could get this email, unless of course, he forwarded it or a Systems Administrator used their rights to get to the email.

Questions raised

Which is POSSIBLE, but why would someone only save his part of the email? To frame him, not likely, but still possible. It is also possible that the email was put on the drive and the drive was owned by someone else, but the data on the drive is consistent with what you would find on a System Admin’s flash drive.

To definitively draw a conclusion, I would need more proof, of course, but if I were responsible for the security of the DNC he would be in my office in the morning answering some questions… I am sure they will get to the bottom on this eventually, and we will know for sure if this was caused by malice, incompetence or negligence.

In the end, I guess what’s good from Donald Trump is right for everyone, so please keep misplacing those Flash Drives.

As a career technology professional, I think leaking information, regardless of morality, is a cardinal sin. If our clients cannot trust us to keep their secrets; who can they,trust? Mishandling a client’s data is inexcusable and unforgivable even if the client is the EVIL DNC (which would never be my client)!

H/T SemperFiNews