Will the innovations never cease? Yesterday I described several, eh, unique capabilities pioneered by the Obama campaign in the area of campaign contributions.
Among them, failure to do even basic credit-card validation; accepting untraceable prepaid credit cards... [etc.]
Anyhow, an anonymous tipster mentioned that checking out the source code of the Obama donation website... would reveal some interesting logic. Specifically that IP addresses of the donors can be easily spoofed through a hidden field in the form. The tipster's guess was (and I concur) that the Obama campaign is recording the spoofable IP address... not the real IP address as delivered by the web server.
It's web security 101, folks. Because IP addresses map back to the original source network (your ISP, your company, etc.), the web server's log-file records the actual source IP address of the request. They certainly don't record anything that the requester provides as the genuine address.
Put simply, there's no reason to include a hidden form field for IP address. It is there for one reason alone: IP forgery -- forging the computer addresses of donations to disguise their true sources.
The net result is that IP addresses recorded in this manner can't truly be resolved to a real location. Genius!
Just chalk it up to yet another startling innovation from the minds of the most creative geniuses on Earth. When it comes to accepting money from all comers, that is.
Ace of Spades reminded me of this outfit today when it noted a strange cleanup performed by the Obama campaign.
...when this story began leaking last week, I went back and checked on this again. The weird part? The campaign donation page had been moved from "donate.barackobama.com" to "contribute.barackobama.com". After poking around a little more, I found that donate.barackobama is being hosted by Blue State Digital. This is a firm founded by former Howard Dean 2004 staffers and they run Obama's digital operation.
Meanwhile, barackobama.com and contribute.barackobama.com are hosted by a company called Akamai Technologies out of Cambridge, Mass. As best I can tell through various caching sites, this change from "donate" to "contribute" was made sometime in the last month. The question becomes why? My suspicion is that, as the Washington Examiner claims, the White House knew this report was coming out (they actually claim the White House was trying to block it) and they were trying to fix some of these issues.
Furthermore, donate.barackobama.com is not universally forwarded to contribute.barackobama.com. You can still see some examples of old pages here:
• https://donate.barackobama.com/page/event/detail/gp2j9b
• https://donate.barackobama.com/page/event/search_simple
• https://donate.barackobama.com/page/event/create
• https://donate.barackobama.com/page/contribute/o2012-August1RaleighReception
• https://donate.barackobama.com/page/contribute/o2012-EastEndForObama
My best guess is they are running custom 301 redirect scripts through an htaccess file. They appear to have missed redirecting some of these older pages. You can even donate through this old site. Again, why? This is sloppy and leads me to believe this was a hastily-made change with only two months remaining in the campaign.
I'm still digging into this along with a few others to see what else we can find. If you notice something, shoot me a line on twitter.
Hey, have I mentioned a company named Blue State Digital that appears to be at the nexus of this fundraising skulduggery... both in 2008 and 2012?
Their Democrat fundraising sites appear specifically designed to accept illegal donations including structured contributions to evade limits, foreign donations, anonymized prepaid cards, and so on.
Perhaps Darrell Issa could subpoena Blue State Digital's entire management and engineering teams immediately and start asking questions.
In fact, I'll write the questions for him.
8 comments:
THE CHICAGO MACHINE IS AS CORRUPT AS THEY COME.
HAS BEEN FOREVER.
GAVE THE WHITE HOUSE TO JFK - WHO HAPPENED TO BE THE SON OF CAPONE'S PARTNER, AND LONGTIME MART OWNER JOE KENNEDY.
THIS SCAM IS JUST A NATURAL OUTGROWTH OF THEIR UTTER CORRUPTION.
AKIN TO FAST AND FURIOUS.
Doug You are AWESOME.
Bust their balls brother.
We want prosecution of Criminals in Government.
So Doug, even with the new setup could not a foreign or otherwise improper doner use a proxy? Whenever we Canadians want to watch Hulu we do that.
Could this be detected by dumping the server's data and looking for common IP addresses?
Yep, ascertain the web server logs and compare actual IP address submitted to those retained by the input hidden fields ... let's see the proof that nothing fishy is going on here.
Just wrote Congressman Issa an email, encouraging him to read your article and take you up on your offer!
Is this the way they will flip the vote count too? Remember, if one votes on a machine,it will counted by software that can be manipulated and is totally untracable.
Maybe you should contact Mr. Issa's office ASAP.
So Doug, even with the new setup couldn't a remote or overall ill-advised doner utilize a substitute? At whatever point we Canadians need to watch Hulu we do that.
Would this be able to be distinguished by dumping the server's information and searching for regular IP addresses?
Post a Comment