Exposed: Cambridge Analytica's Project Ripon and "The Database of Truth"

Last edited Mon Mar 26, 2018, 03:47 PM - Edit history (5)

(Where did Bannon get the state voter files? Did any of them come from Russian hacking?)

https://twitter.com/VickerySec

Link to tweet

https://gizmodo.com/aggregateiq-created-cambridge-analyticas-election-softw-1824026565

The files were unearthed last week by Chris Vickery, research director at UpGuard, a California-based cyber risk firm. On Sunday night, after Gizmodo reached out to Jeff Silvester, co-founder of AIQ, the files were quickly taken offline.

SNIP

AIQ’s contract with SCL, a portion of which was published by The Guardian last year, stipulates that SCL is the sole owner of the intellectual property pertaining to the contract—namely, the development of Ripon, Cambridge Analytica’s campaign platform.

The find led UpGuard to unearth a code repository on AIQ’s website. Within it were countless files linking AIQ to the Ripon program, as well as notes for active projects for Cruz, Abbott, and the Ukrainian oligarch.

In an internal wiki, AIQ developers also discussed a project known as The Database of Truth, a system that “integrates, obtains, and normalizes data from disparate sorces, including starting with the RNC Data Trust.” (RNC Data Trust is the Republican party’s primary voter file provider.) “The primary data source will be combined with state voter files, consumer data, third party data providers, historical WPA survey and projects and customer data.”

The Database of Truth, according to the wiki, is a project under development for WPA Intelligence, the political firm run by Chris Wilson, former director of research, analytics & digital strategy for the Cruz 2016 campaign.

SNIP

https://www.upguard.com/breaches/aggregate-iq-part-one

Coming amidst a firestorm of scrutiny about how political operations can use and harvest consumer information, including from social media networks like Facebook, the UpGuard Cyber Risk Team can now reveal that a large code repository originating from AggregateIQ, a Canadian political data firm active in the 2016 US presidential race, was left publicly downloadable online. Revealed within this repository is a set of sophisticated applications, data management programs, advertising trackers, and information databases that collectively could be used to target and influence individuals through a variety of methods, including automated phone calls, emails, political websites, volunteer canvassing, and Facebook ads. Also exposed among these tools are numerous credentials, keys, hashes, usernames, and passwords to access other AIQ assets, including databases, social media accounts, and Amazon Web Services repositories, raising the possibility of attacks by any malicious actors encountering the exposure.

This exposure reveals how applications and web assets apparently developed by AggregateIQ (AIQ), a small firm of twenty employees based in Victoria, British Columbia, were customized for the failed 2016 presidential campaign of Senator Ted Cruz (R-TX), as well as for Texas Republican Governor Greg Abbott and a number of foreign political parties and figures. The Cruz connection raises obvious questions about the relationship of AggregateIQ to Cambridge Analytica (CA), a controversial London-based data analytics firm which was paid $5.8 million dollars by the Cruz campaign for services rendered in his unsuccessful bid for the GOP presidential nomination.