SoylentNews is people
SoylentNews
posted by
martyb
on Saturday July 23 2016, @08:20PM
from the because-information-wants-to-be-freed dept.
from the because-information-wants-to-be-freed dept.
DNC [Democratic National Committee] top dogs can't seem to wrap their brains around GPG encryption, and so now we have the chance to peruse their emails. Which is nice, but still sort of shocking that the people who want to run the country can't secure their communications. It will probably take a while before anything of great interest is found in the archive because it was just released , but if you want to help in the search, have fun.
Here is one amusing excerpt:
NOTICE: This communication may contain privileged or other confidential information. If you have received it in error, please advise the sender by reply email and immediately delete the message and any attachments without copying or disclosing the contents. Thank you.
This discussion has been archived.
No new comments can be posted.
Wikileaks Releases 20,000 DNC Email Archive
|
Log In/Create an Account
| Top
| 47 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Don't let your mind wander -- it's too little to be let out alone.
(Score: 3, Interesting) by edIII on Saturday July 23 2016, @09:35PM
It's great that they're working so hard for transparency, but I really wish they would get their heads out of their asses sometimes. There is ZERO public benefit of revealing the entire CC information for the donor (last 4 AT BEST for verification, or the BIN only). In fact, all it did was initiate a massive swamping of replacement card requests for people. Those fulfillment centers are working overtime.
For what? We donated to the DNC? All of the donors to the Democratic party have to suffer this why again? We're not the corrupt fucktards that railroaded Sanders out of the nomination. Yes, he still lost by the numbers, but they were actively working against him which is ALL WIKILEAKS HAD TO LEAK.
Wikileaks, I love you guys to death for what you do, but you revealing my name and full credit card info was uncalled for and just hurtful. I'll financially support other whistleblower networks now, thank you very much. Instead of having a good Saturday I have to download your fucking file and peruse it for my information to verify that it has happened.
However, this has given me a good idea. From now on I will buy disposable pre-paids and register them for automatic donations. IMHO, automatic transactions over time show that there is a significant base of support, versus a one-time payment from transient Big Media bullshit. My two cents, but I know I'm not giving organizations a CC number again. Especially when it might not be WikiLeaks but the FBI trying to get a list of all donors.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 5, Insightful) by Anonymous Coward on Saturday July 23 2016, @09:52PM
> Wikileaks, I love you guys to death for what you do, but you revealing my name and full credit card info was uncalled for and just hurtful.
I get that you are pissed. But the if wikileaks had the info, who knows how many others had it too. At least now you are aware of it (and if the banks are smart they've grabbed the list and are proactively cancelling those cards). The original sin here is the DNC for being so sloppy with that info in the first place. Having all that info just bouncing around their internal systems sounds like a violation of their merchant agreement with the card processing networks. Also, the mere fact of your donation puts you on a "donor list" (aka sucker list) that gets sold and resold to whoever. That's one of the main reasons I'm loathe to donate to charity, I do not want the fact of my donation becoming someone else's property.
(Score: 2, Informative) by Anonymous Coward on Saturday July 23 2016, @10:24PM
Also, the mere fact of your donation puts you on a "donor list" (aka sucker list) that gets sold and resold to whoever. That's one of the main reasons I'm loathe to donate to charity
Yep. I made a donation to my local PBS station many years ago. They sent me a "thank you" postcard with my name misspelled in a very unusual way. I then received solicitations from many other organizations with the same misspelling. That's the thanks you get for your donation. I never donated to PBS again.
(Score: 2, Interesting) by Anonymous Coward on Saturday July 23 2016, @10:53PM
That is why I always give a misspelled name when I do things like that. Same reason my Amazon email address is Amazonprimesavessometime@myemaildomain and no one gets the same contact info. It makes it much easier to determine where people get their info from. And let me tell you, I have had some weird ones. Chief among them is my local library info was eventually used to send me crap for annuities and life insurance within three months. Oh they deny selling it, but that email was only given to them and it isn't a guessable one either. I told them they should check with IT about getting hacked at their last meeting after my questions repeatedly were blown off or unanswered.
(Score: 2) by edIII on Saturday July 23 2016, @10:50PM
Ohhh, they're doing me a favor? Sorry, I couldn't feel the reach-around, they need to work on their skills.
Fair enough point, but then why didn't WikiLeaks wait 24 hours after turning over every CC # to their respective financial institutions? Either my CC wasn't in it, or they're thinking I can do it myself, or that *somebody else* was doing it.
That's a fantastic point you make..... if anybody is actually doing it.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2, Insightful) by Anonymous Coward on Saturday July 23 2016, @11:50PM
> Ohhh, they're doing me a favor?
No they are not doing you a favor. They just aren't doing you an evil.
(Score: 3, Informative) by Thexalon on Sunday July 24 2016, @03:16PM
It absolutely is a violation. One of the basic rules of PCI-DSS is that credit card information is *never* to be stored completely and unencrypted on a hard drive, and certainly not passed around via unencrypted mail.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 2) by takyon on Saturday July 23 2016, @10:32PM
http://m.theregister.co.uk/2016/07/22/wikileaks_keep_fighting_the_man_by_er_publishing_the_personal_details_of_ordinary_citizens/ [theregister.co.uk]
To add to what the other poster said, who do you think gave WikiLeaks these docs? Probably Russian hackers.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 3, Informative) by butthurt on Sunday July 24 2016, @02:40AM
There may be more to it [hackread.com]
The Verge says [theverge.com] there are Social Security numbers too.
(Score: 2) by butthurt on Monday July 25 2016, @01:28AM
I searched for "visa" and looked at 3 of the 183 results. The mails I looked at had each donor's name, address, occupation, employer, employer's address, phone number, user-agent, IP address, amount of contribution, card type, and last four digits from the credit card. They don't have the full credit card information, hence they can't directly be used for fraudulent credit/debit transactions. For what it's worth, they may be PCI-compliant. In the few e-mails I looked at, there was no mention of passport or Social Security numbers.
When people donate to American political parties, the information sometimes becomes a public record. I'm uncertain what exceptions there are. I imagine that the information that must be disclosed is more limited than what's contained in these messages.
While I didn't see an assertion that all the e-mail messages had been exfiltrated from the server, nor did I see an assertion that all the messages that were exfiltrated have been released through Wikileaks. Hence it would be hasty to extrapolate from the 183 matches for "visa" and conclude that probably fewer than a thousand donors have been victimised in this attack.
(Score: 4, Interesting) by The Mighty Buzzard on Sunday July 24 2016, @03:15AM
Honestly, Ed, that's a good idea for ALL online financial activity. I've written several billing systems over the years and I wouldn't trust a single damned one of the online card processors with a permanent card. Mind you, this is coming from a guy who keeps all his cash in his pocket/mattress because he doesn't trust banks and never uses anything but cash, money orders, or prepaid cards for transactions.
My rights don't end where your fear begins.
(Score: 2) by hemocyanin on Sunday July 24 2016, @05:40AM
It's totally relevant to know who donated for a couple reasons:
1) It will make people think twice about donating. Getting politicians off bribes willingly is like getting a heroin addict off smack -- it takes external forces.
2) We know who to boycott.
(Score: 2) by melikamp on Sunday July 24 2016, @05:41PM
Are you worried about credit card info? Why? It's public already. It's much worse than that. Think about your (and everyone's) entire credit/debit card transaction record: where, when, what, and how much. This data set exists and is extremely valuable, and therefore, with utmost certainty, it is already in the hands of (at least) the government, the law enforcement, and the organized crime. A lot of people still fail to recognize a simple fact of life: as it stands, there is no way to prevent the duplication of a valuable data set.
By distributing this particular data set, Wikileaks does little if anything to erode your personal privacy and security. The culprit is your credit card company: they assemble, keep, and share this information already, even before the leaks start. And they cannot protect the data set from leaking, no one can. And so an informed consumer tacitly consents to the entire transaction record being shared when they sign up for a credit card. To add insult to injury, this record is not made public, but instead is available pretty much exclusively to the parties who will abuse it: marketers, spammers, law enforcement, criminals. By making a record like this public Wikileaks actually levels the playing field a bit.
If we want privacy of financial transactions, we need to recognize it has to be built into the payment system (see cash). And if a financial institution keeps a record tied to user's name, it should simply be made public.