/u/stonetear = Paul “I have full access to the server” Combetta.
She believed her 2008 campaign had failed her — not the other way around — and she wanted ‘to see who was talking to who, who was leaking to who,’ said a source familiar with the operation,”
March 25, 2014 – Podesta Email, Re: Google Account recovery phone number changed:
That was me [Eryn Sepp is Podesta’s secretary]. Changed it from CAP cell phone to your current personal cell phone #. Did that on Sunday when I was downloading Herb’s files to your CF thumbdrive (also added it to your “google drive” that has a good deal of space on it).
June 2014 — Seth Rich joins the DNC as the national data director.
July 23, 2014 — Stonetear crowdsources e-mail scrub via Reddit – however, specifically asks about hiding email addresses – not whole emails. Also claims he has separate storage.
December 10, 2014 – /u/stonetear Reddit Post: “Auto-delete/retention policy and ‘save’ folder”:
> Hello- I have a client who wants to push out a 60 day email retention policy for certain users. However, they also want these users to have a ‘Save Folder’ in their Exchange folder list where the users can drop items that they want to hang onto longer than the 60 day window.
> All email in any other folder in the mailbox should purge anything older than 60 days (should not apply to calendar or contact items of course). How would I go about this? Some combination of retention and managed folder policy?
December 22, 2014 – Clinton Email: “Re: Could you talk today or over the weekend?”
Sorry. Can’t tell what happened with the email elves. I can do tonight after 8:00 or anytime tomorrow before 4:30.”
A PHONE CALL?! TO HIS PERSONAL CELL PHONE?!
December 22, 2014 – /u/stonetear Reddit Post: Bypassing two-factor authentication with domain name?:
> Hello- I have a firewall (200D) which seems to be allowing domain users (Whether authenticated via RADIUS or LDAP) to bypass the request for their token by logging in with domainame\username for the SSL VPN. If they use just username, they get the token prompt.
> As stated above, I have been testing with both RADIUS and LDAP authentication to the domain controllers, but the behavior seems to be the same with either.
> I’ve been doing a bunch of searching but am coming up empty so far. Before I open a case with Fortinet, I figured I’d ask here. Thanks in advance!
> Edit: They can bypass the token via the web portal as well as the Forticlient by logging in as domain\username
> Two-factor authentication systems aren’t as foolproof as they seem. An attacker doesn’t actually need your physical authentication token if they can trick your phone company or the secure service itself into letting them in.
> The two-step authentication systems on many websites work by sending a message to your phone via SMS when someone tries to log in.
> All an attacker has to do is call your cell phone company’s customer service department and pretend to be you. They’ll need to know what your phone number is and know some personal details about you. These are the kinds of details — for example, credit card number, last four digits of an SSN, and others — that regularly leak in big databases and are used for identity theft. The attacker can try to get your phone number moved to their phone.
> Heck, an attacker might not need access to your full phone number. They could gain access to your voice mail, try to log in to websites at 3 a.m., and then grab the verification codes from your voice mailbox. How secure is your phone company’s voice mail system, exactly? How secure is your voice mail PIN — have you even set one? Not everyone has! And, if you have, how much effort would it take for an attacker to get your voice mail PIN reset by calling your phone company?
> The intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic, said DNC officials and the security experts.
February 19, 2015 – Podesta Email: Subject: 2 things:
> Though CAP is still having issues with my email and computer, yours is good to go.> jpodesta p@ssw0rd> I warn you, the Windows 8 system is VERY different from what we had back at the WH. Might require a tutorial. It’s an operating system that is best with touch screens, which we obviously don’t have. If you need tech’s help, they’re at x5683. Otherwise, I can show you some tricks when I get in. I have it on my home computer, and it took a while to get used to completely.> Second thing, because of the snow day, my makeup passport appt is tomorrow at 8 am nearby State. No clue how long this takes. If you haven’t seen it, earlier I sent you your schedule in an attachment. First thing is Roger Altman at 10:45 am. I’ll have my phone the whole time and will check email often.
March 5, 2015 – Podesta Email: Re: Thought:
> When I worked for the leadership we had a records retention policy to actively destroy all emails after 3 or 6 months . Each office made up its own policy. Reporters should be asking congress and individual members what their policy is ? Do they use private accounts for biz ? Why does fioa not apply to them ?
>> We are. Limited Success.
March 16, 2015 – Podesta Email: FW: Email retention/deletion:
> Good people of American Progress: As we flagged for you last month, we are in the process of implementing CAP/AF’s longstanding records retention policy (attached) for email. This process requires your participation.
> Over the next three months, you are required to identify and designate any Retention Category emails (defined below) in your possession. Beginning on June 16, all email older than two years that is not designated for preservation will be automatically and permanently deleted.
> What is a Retention Category email?
> * For most employees, Retention Category emails are limited to emails containing important institutional records or knowledge that is not recorded elsewhere.
> o This is a limited category, including only emails containing information (not memorialized elsewhere) that you believe will continue to be of importance to CAP/AF’s work, even 2+ years after receipt. For instance correspondence setting forth guidelines for ongoing projects, memoranda describing major efforts, documentation of significant decisions with ongoing implications, etc. o Please be selective. Most employees should have few Retention Category emails.
> o Legal and Tech will be conducting team briefings in the coming weeks, but please contact us at any time with questions. * Emails relevant to any actual or potential legal proceeding or government investigation must be preserved. However, outside of a small number of intellectual property issues, CAP/AF is not involved in any investigation or proceeding. If that changes, the legal team will let you know.
> * Legal, financial, HR, and administrative records are preserved under separate policies that apply the legal, finance, HR, and admin teams. What should I do with Retention Category emails? * In the coming weeks, Tech will create a “Retention” folder in your Outlook. Emails in the retention folder will be preserved indefinitely, and will not be automatically deleted.
> * In the meantime, we encourage you to begin identifying and marking Retention Category emails, either by flagging them or by dragging them into a new Outlook folder of your own creation. Once Tech has created a “Retention” folder for you, you can drag your marked emails into it.
> Going Forward / Going Back
> * You have three months to go through your inbox, sent mail, and organizational folders to identify old retention category emails. Starting on June 16, email older than 2 years that is not in your Retention folder will be permanently deleted, on a rolling basis.
> * Going forward, you should move Retention Category emails into the Retention folder as needed. You will be able to create organizational subfolders within the Retention folder.
> * Do not place non-Retention Category emails in the Retention folder Legal and Tech will be going to-to-team to answer questions and help with implementation. But feel free to ask us questions at any time.
July 19, 2015 – Podesta Email: Fwd: Lost Phone:
Milia, I know you are with friends/family, but if you see this before Eryn, can you try to call Diamond Cab. I don’t have a phone obviously, and want to try to get to the cabbie as early as possible. Thanks John.
July 19, 2015 – Podesta Email: Re: Eryn Found The Phone!:
> On Sunday, July 19, 2015, Eryn Sepp <email@example.com> wrote:
Danke! Added to my version of John’s contacts but not sure it will update in his gmail. Can you check? Let’s both add to JDP Info doc as well. I have to change his Georgetown password this week, too. We’ll sync it all up this week before I’m incapacitated.
> > On Jul 19, 2015, at 9:04 AM, Milia Fisher <firstname.lastname@example.org wrote: > >
So glad to hear it!! I feel so badly that I missed these messages and
> I wish I could have helped. Very glad that Eryn was able to jump in.
> > > As Eryn said, we’ll keep checking voicemails to make sure that you’re
> not missing too much today and tomorrow. We can also ask folks to call
> you on your HFA landline today and my phone or the landline tomorrow.
> Here’s the landline number so you can give it out. +Eryn so she also
> has it.
“We can also ask folks to call you on your HFA landline today and my phone or the landline tomorrow.“
BECAUSE PODESTA DOESN’T HAVE HIS PHONE ON HIM, AND EVERYBODY IMPORTANT USES THAT CELL NUMBER!!!
July 30, 2015 – /u/stonetear Reddit Post: “VPN log report?”:
Hello- Is there any way to spit out a simple VPN connection report? Ie, who logged in, and when? I’ve been able to cobble something together from the raw log files, then filtering/massaging in Excel, but it’s a real pain in the rear. We have several customers that would like to be able to get a weekly or monthly report on remote user logins. Is a syslog server setup/config or FortiAnalyzer the only way to do this?
September 2015 – Josh Uretsky joins Bernie campaign as national data director, recommended by Seth Rich (according to Sanders in a Dec 2015 interview).
Oct 26, 2015 – /u/stonetear Reddit Post: “Attachment report?”:
I have a customer who wants to be able to run a weekly or monthly report that shows all emails sent that have attachment(s) over X megabytes, along with the from/to/date info, in a format that is at least semi-management friendly. Third party software is fine, though I imagine this is doable via PowerShell/message tracking… however I have been striking out so far. Environment is Exchange 2010 SP3. Any suggestions are welcome!
December 17, 2015 — DNC officials discover the person who accessed information was connected to the Bernie team and demand discipline of the individual.
December 19, 2015 — Podesta Email: “Amy Dacey: Here’s What Happened With NGP VAN, The Sanders Campaign, And The Clinton Campaign“
*Here’s what happened with NGP VAN, the Sanders Campaign, and the Clinton Campaign**By AMY DACEY* [This is as close to a confession as you’re going to get]*And here are the steps we are taking to address the problem*The Democratic National Committee, through its software partner NGP VAN, provides tools for Democratic campaigns that are invaluable and second to none. This week, there was error with that system, however, which led to an incident involving the Sanders campaign.We want to lay out exactly what happened so that people better understand why the DNC needed to suspend the Sanders campaign’s access to our system and how we’ve been working to fully resolve a serious problem — and get everyone back to work electing a Democrat to the White House in 2016.On Wednesday morning, NGP VAN applied a new software patch to the DNC’s voter database system, and because of an error in the code, users were capable of accessing some limited, yet extremely valuable information belonging to other campaigns for a very brief window of time. Even though the glitch opened access, users still needed to take deliberate steps to seek out such information.*It’s important to make a few things clear from the start. At no point were donor records, financial information, or volunteer data exposed between campaigns. At no point was any data exposed to the public. With the correction of the glitch and further audits by NGP VAN, we are confident now that the data within the system is secure* Once NGP VAN had taken steps to contain the glitch, the DNC directed NGP VAN to conduct a thorough analysis to:– Identify any users who may have accessed information from another campaign inappropriately.– Pinpoint exactly what actions any such users took in the system, and– Report these findings to the DNC so we would know what, if any, data was actually acquired.As a result of this analysis, NGP VAN found that campaign staff on the Sanders campaign, including the campaign’s national data director, had accessed proprietary information about which voters were being targeted by the Clinton campaign — and in doing so violated their agreements with the DNC.These staffers then saved this information in their personal folders on the system, and over the course of the next day, we learned that at least one staffer appeared to have generated reports and exported them from the system.None of this is in dispute. It’s fully documented in the system logs. And these details reveal nothing less than a serious violation of the agreements governing the use of this data. Underscoring that fact is the point that the Sanders campaign has fired their national data director and indicated further disciplinary actions may be taken pending the results of their own investigation.*When we understood what initially happened, we asked the Sanders campaign to tell us who exactly accessed Hillary for America information, share their understanding of what data was accessed, describe what was done with that information, and detail how the campaign intended to discipline the staffers involved.* On Thursday, further NGP VAN analysis revealed that it was very likely that a user had taken data out of the system during the breach. Upon learning that, the DNC had to suspend the Sanders campaign’s access to the voter file to ensure the integrity of the system. This action was not taken to punish the Sanders campaign — it was necessary to ensure that the Sanders campaign took appropriate steps to resolve the issue and wasn’t unfairly using another campaign’s data. This temporary suspension was well within the DNC’s authority. Moreover, the DNC was left with little choice in the matter when the Sanders campaign declined to respond in a timely manner to the requests for assistance with an investigation.On Thursday, the Sanders campaign did move to fire its national data director. But we still weren’t provided the information we needed from the campaign until late in the evening on Friday. Once they complied with our prior request and provided documentation that we were then able to review, we immediately restored the Sanders campaign’s access to the voter file— as was always our intention and as we had advised well before they sued the Committee.And the information obtained so far shows that the DNC’s concern to have a full, thorough inquiry was fully justified: As confirmed by the Sanders campaign in the account given the DNC Friday evening, one of the employees of the campaign involved in the misconduct tried to delete the notes they made recording their accessing of Clinton campaign data to hide his activities.The next step is to continue to investigate the incident with the help of an independent auditor. This is necessary to confirm, as the Sanders campaign has assured us, that the data that was inappropriately accessed is no longer in possession of the Sanders campaign. The Sanders campaign has agreed to fully cooperate with the continuing DNC investigation of this breach.The DNC has also instructed NGP VAN to conduct a review process of their internal procedures to identify how this mistake was allowed to happen and prevent further such mistakes. The DNC is currently beginning the process of securing an additional, independent audit by a data security firm of NGP VAN’s procedures.We are glad that all parties are moving forward and that the candidates and Democrats can refocus on engaging voters to show how our party will continue growing the economy and keep Americans safe.Amy K. Dacey [Seth Rich’s boss] is the CEO of the Democratic National Committee.*
Hi all- I’ve attached JDP’s MTP memo for your review in advance of tomorrow’s 7:20 am prep call. It contains background, logistics, and run of show…
I also sent him blog posts from Jennifer [Palmieri] and from Amy Dacey for additional background on the data breach. Pasted below.
Four Questions Bernie Sanders Needs to Answer
By Jennifer Palmieri [Working for CAP would mean she needed to comply with retention policy stated earlier, and this is the closest thing to a confession you’ll receive as well!]
We’re glad that the Sanders campaign and DNC reached an agreement last night and that the Sanders campaign has agreed to an independent audit of the data breach.
This saga – and having our campaign’s hard work violated by the Sanders’ campaign – has been disturbing to our campaign and the volunteers who worked hard to build a strong organization. But it has also been a distraction from the issues that the American people care about. We think those issues should be the focus of the debate tonight: issues like raising wages, access to healthcare, and keeping America safe. However, given news that Senator Sanders and his team apparently want to make this topic the centerpiece of their debate strategy, here are some questions that should be on the table.
*1: Why’d your campaign say you didn’t store anything?
The Sanders campaign was able to access (and save) 24 different lists of proprietary Clinton campaign information, as seen in their NGPVAN activity logs.
Let’s be clear about how the VAN system works: when you look at the log, “saving” means an attempt to store the data to your own account–and there are reports that there were preliminary attempts to export the data into excel sheets. They knew what they were doing. Which brings me to my next point.
*2: Why’d your campaign claim it was an accident?*
In an interview with Bloomberg yesterday, Tad Devine claimed this was all a “mistake.” A mistake? NGPVAN’s audit found that Sanders staffers conducted 25 targeted searches of Clinton campaign data, just like the example above. Let me reiterate what this being a “mistake” would mean. Take a look at this pull out from the audit activity logs.
For this to be a “mistake,” the Sanders campaign would have had to accidentally…
– Searched for the voters we’ve identified as being unlikely to support Hillary Clinton in the South Carolina primary
– Saved that list into their own account folder
– Searched for the voters we’ve identified as supporters who are very likely to turn out to vote in the South Carolina primary
– Saved that list into their own account folder
– Searched for the voters we’ve identified as supporters who are unlikely to turn out to vote in the South Carolina primary
This is just a sample.
They pulled *21 more lists.* That seems hardly accidental to me.
*3: Why did the Sanders campaign claim that only **one staffer was involved in accessing Clinton campaign data?*
Contrary to their claims, there were four staffers involved.
In fact, from the audit logs provided by NGPVAN, the staffer they fired [Uretsky] wasn’t even the person involved in accessing the most data.
*4. Why did your campaign claim that the “one staffer” was junior level?
* In initial reports, the Sanders campaign claimed that the “single staffer” involved in accessing Clinton campaign data was at the junior level. Tad Devine even went so far as to say that he’d never met the guy. Josh Uretsky, the staffer who was fired, was the campaign’s most senior data strategist.
Our data director is involved in our strategic, day-to-day decision making. That’s a pretty broad interpretation of junior.
To most voters, this will all seem pretty arcane. They care about raising wages for their family. They care about security for their family. They care about who’s going to keep them safe. They certainly don’t spend much time thinking about campaign data theft. With that said, if Senator Sanders intends to make his campaign’s theft of our data a rallying point, he should have to answer these questions.
His campaign took advantage of a security flaw to access and retain proprietary Clinton campaign information. We don’t know if they still have it. Those are all facts. No amount of misdirection changes those facts.
We look forward to tonight’s debate.
The email above mentions the four staffers guilty of accessing the DNC Database – Seth Rich is missing! The four staffers are “UretskyJ”, “anikseresht”, “HawleyBrett”, and “talani”.
Why is Seth Rich’s name missing? Because he was the one giving the four staffers the credentials required! HE WAS THE (IMPLIED) INSIDE MAN! THE DNC DIDN’T KNOW IT AT THE TIME, BUT SANDERS SURE CAME TO LEARN THAT INFO (WHICH IS WHY HE THOUGHT RICH WAS A MOLE)!
1) Josh Urutsky was hired on Seth Rich’s recommendation.
2) Sanders knew it was Uretsky accessing the system. Sanders knew Rich recommended Uretsky.
3) DNC wasn’t stealing data, they were stealing votes. Sanders was under the umbrella of the DNC. Rich found out about the voter fraud and colluded with Uretsky.
4) Sanders found out both (he thought he still had a chance of winning the primaries), and gave them up to Amy Dacey, who was Seth Rich’s boss but didn’t know about Rich’s involvement at the time. Dacey then confronts Rich, passes all the info to Podesta and the rest is history:
January 2016 — Sanders claims (in May 17 interview) that his Nevada HQ had shots fired and nearby employee apartments ransacked.
March 19, 2016 – Podesta Email: Re: Sоmeоne has your passwоrd:
Milia, can you change – does JDP have the 2 step verification or do we need to do with him on the phone? Don’t want to lock him out of his in box!
>> This is a legitimate email [No it’s not, you fucking moron]. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account. He can go to this link: https://myaccount.google.com/security to do both. It is absolutely imperative that this is done ASAP.
>> IP Address: 126.96.36.199
>> Location: Ukraine
So after two years from the initial email being sent out by /u/stonetear, two-factor authentication still hasn’t been set up?
AND HIS IT HELP DESK THOUGHT A SCAM ATTEMPT WAS REAL?!
May 3, 2016 – Bernie pulls off surprise primary victory in Indiana Primary
May 14-15, 2016 – Enraged Bernie supporters shut down Dem HQ in Nevada after a weekend of violence, vandalism
May 17, 2016 – Bernie wins Oregon primary (final Democrat primaries, including California, would be in June. Stuck fork in Sanders, because he was done by mid-June)
May 21, 2016 – WikiLeaks Director Gavin MacFadyen reportedly receives DNC email transfer from Seth Rich
May 24, 2016: “Midwest Deputy or Director” DNC Email:
Midwest Deputy or Director position is open. If you know of anyone who would be a good fit, let me know.
May 25, 2016 – Date of the last email in the DNC Email Archive released by Wikileaks.
“THE TRAP IS SET”.
Why? Because the Midwest Deputy/Director position is available the day before, Seth (who wasn’t implicated in the initial NGP VAN investigation) is able to download the next day’s worth of emails. Had the DNC known initially of his involvement, Seth would have been fired. They later found out about Rich from Sanders, before the position became secretly open.
June 6, 2016 — /u/MeGrimlock4 final post.
June 14, 2016 — DNC hires Crowdstrike to find the “Russian hackers” who have been hacking the DNC for over a year. Claims that the past week has included purges to staff to weed out hackers.
July 3, 2016 — DNC is served with a class action lawsuit
July 5, 2016 — Seth Rich is invited to Hillary Clinton’s campaign team according to Joel Rich in an August 16 interview. The Clinton team announced Rich received an invite to join their team as plausible deniability. The hit was already placed and they were laying the groundwork of reducing motive. An invite like this could only have come from Sanders’s people – after all, who would be the recommendation?!
JULY 10, 2016 – DEATH OF SETH RICH
JULY 25 – 28, 2016 – DNC CONVENTION
July 22, 2016 – Wikileaks publishes 19,252 emails and 8,034 attachments from the DNC, including emails from seven key DNC Staff members. The leaked DNC emails have a date range of January 2015 to May 25, 2016 (KEY DATE RANGE)
September 2016 — Wikileaks Craig Murry claims to have met a “disgusted” DNC staffer that was one of multiple sources of the legally obtained leaks (revealed in a Dec 14, 2016 interview)
October 2016 – Wikileaks publishes Podesta emails
Tl;Dr: If this timeline is accurate it means someone ransacked employee apartments two weeks after the DNC accuses Sanders campaign of taking data off premises. This sounds like the real Watergate. Criminally implicating Bernie “30 pieces of silver” Sanders.
Interestingly, there are two “leaks” here. DNC / Podesta.
DNC was leaked by Seth Rich.
Podesta was leaked through Ukrainian hacking (or so he thought). This was only possible because Eryn Sepp, his secretary, didn’t follow up on securing his personal phone with two-factor authentication over the course of two years.
Russians (allegedly) only knew of Podesta’s emails, not DNC.
DNC blaming Russia for an entirely separate leak.