I ask this question because after I discovered an openly exposed live database containing a copy of Mexico’s national voter registration rolls (the “Padron”) (and appropriately notified Mexico’s electoral authority)...
I soon thereafter made an additional discovery of a different similar database apparently limited to the Sinaloa region of Mexico and being hosted on servers under apparent control of the PRI political party.

(the first, national db had been a different political party, “MC”)
The second db, the PRI affiliated one, contained a large amount of additional data tables I did not widely mention. I do not speak or read Spanish very well. My two years of high school Spanish classes have not stuck with me.
Those additional tables of data (in the same PRI database as Sinaloa region voter rolls) was medical data. My lack of Spanish language skills meant it would have been inappropriate for me to speculate on why that data was there, how it was being used, and for what purpose.
If that PRI database with Sinaloa voter tables was under the ultimate control of Cambridge Analytica or related entities, the world must act immediately to fully understand what the kind of research was being actively conducted there in at least May 2016.
I fear it may have been experimentation and not mere analysis of existing records.

Neither are ok, but if the former is what was happening humanity has a duty to find it, stop it, and impose consequences to the people who caused it, wherever they are worldwide.
That medical data included records in the realm of infectious disease (one real example from memory: dengue fever) and tracked down to the individual patient level.

I cannot say there was anything definitively unlawful shown with regard to medicine, but it now worries me.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Chris Vickery

Chris Vickery Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @VickerySec

19 Oct
When a news site immediately loads up a big privacy consent popup box blocking the article which was displayed in the title and thumbnail image of the link it displayed to get the click, that is malicious and false advertising. It's not ok. It is wrong.
If you want to display ads along the side of your news article, ok whatever that's fine and I expect a profit generating site to fairly use advertising space.
But you are not allowed to deceptively lure clicks to read something, and then falsely claim that "always necessary" cookies exist or try to coerce me into allowing even further invasive data to be siphoned away contrary to my interests. That is abusive and harmful conduct.
Read 5 tweets
18 Oct
To explain:

It is dangerously foolish to trust that an entire file system with “non-repudiatable time stamp” as safe from manipulation.

This is because if a malicious entity knows what hashing technique is being used, and...
...has any ability to affect a file system’s content before or during the hash capture, the malicious entity can choose what the final calculated hash is determined to be.

Realistic example (but hypothetical) scenario:
1. PC has Kaspersky antivirus installed.
2. RU military intelligence flexes muscle to force Kaspersky into updating antivirus definitions minutes prior to (or during) covert hash capture or calculation of that PC.
3. The definition update is consistent and universally applied to all customers, but...
Read 6 tweets
18 Oct
An evolution of this tactic is made possible by reliance on outdated hash signature approaches to detection. Modern computing power and hash collision generation techniques mean that an attacker can trick law enforcement into believing innocent files are illegal imagery.
Hash based detection alone is no longer a strong way to uniquely identify files if there is any potential incentive or motive for malicious trickery to be involved.
Unfortunately there are going to be several layers of blanket denialsand reluctance to accept this as true. The detection software makers do not want to admit any flaw past or present and would like to continue their streams of profit.
Read 9 tweets
17 Oct
In my head, I think of this as a "Lavos Bits" approach to botnet regeneration.
#ChronoTrigger #itsAVideoGameReference #snes #rpgs
For the non-90s nintendo nerds in the audience- Lavos is the primary villain's name in one of the most revered single-player video games of all time.
To defeat Lavos's Core, the floating "Bit" device to the left must first be eliminated (a less important 2nd Bit is on right).
The left Bit will regularly heal itself, the other Bit, and the Core pod until the player can inflict lethal damage to it between waves of heals.
This becomes worrisome when combined with the Lavos Core pod's ability to resurrect the Bit devices at will.
Read 4 tweets
17 Oct
Who has thoughts on the legal effect of "total Declassification of any & all documents[...]" by a sitting US President related to a wide category of investigations he refers to as the "Russia Hoax"?
Asking because it occurs to me there exist a number of documents I provided copies of, at their request, to a bipartisan Senate Committee at the time when they were "conducting an investigation into Russian interference in the 2016 presidential campaign".
There are still bits of information and details reflected in those files which I have not been able to discuss in a public manner due to a personal goal to limit the number bad faith legal threats I receive...
Read 4 tweets
12 Oct
Sounds like an admission of knowingly violating anti-eavesdropping and wiretap laws at the state and federal level across the entire United States.

Also suggests intention to continue the activity in the foreseeable future for purposes of profit (a thing of value).
It's worth pointing out that commercial profit is generally something gained by companies in order to further the same and/or similar efforts.

I wonder if the Google legal department had opportunity to review that language...
...and weigh in with any potential concerns which could result from conducting an enormous campaign of arguably illegal eavesdropping?
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!