header

header

Saturday, January 27, 2024

Part 3: Full Scope of Dominion ICX Hack in Federal Court is FAR Worse than Just the BIC Pen Hack

 Thus far in this series from The Gateway Pundit, Dr. J Alex Halderman, a University of Michigan Professor of Computer Science, was able to exploit critical vulnerabilities of the Dominion ICX BMD (ballot marking system) voting machine in federal court as part of a demonstration in the long-running Curling v Raffensperger lawsuit.

In Part 1 of this series, we covered the explosive testimony and demonstration of University of Michigan Professor Dr. J Alex Halderman in the federal lawsuit Curling v. Raffensperger. The Gateway Pundit covered the ease of which one could exploit the “BIC pen hack” and, further, the simple and inexpensive creation of voter, poll-worker, and, most importantly, technician Smart cards to attack the Dominion ICX BMD or ballot marking device (about $30).

In Part 2 of the series, we covered the ability to hide evidence of manipulation by deleting audit logs and automating the “attack” by simply inserting a technician card or a USB “Bash Bunny” device, which costs about $100.  Dr. Halderman testified in court that all of the information one would need to program those devices to attack a Dominion ICX BMD is “remarkably” available to the public.

You can read those parts of the series here:

Part 1 – BIC Pen hack and voter/pollworker/technician card hacks

Part 2 – Ability to cover evidence trail and Bash Bunny hack

No One Will Know…

After the Bash Bunny installation of malware in under two minutes without breaking or removing any seals, Dr. Halderman demonstrated in his video a mock election.  He had five ballots that were a “yes” or “no” contest.  All five were marked with “yes” and verified as “yes” votes on the human-readable text.  However, when the votes were tabulated, the results were two votes for “yes” and three votes for “no” despite the ballots all reading “yes.”

Anyone with Tinnitus (Ringing Ears) Should See This - They Hide This from You

Healthy Living Reports

9 out of 10 Adults Can't Pass This Basic Logic Test, How About You?

Bleacher Breaker

Type 2 Diabetes? Do This Immediately (Watch)

Life Love Health

Further, this attack could be programmed to initiate only on certain ballots.  Dr Halderman testified:

“Instead of cheating on every ballot, you could program malware to cheat on every second ballot, every third ballot, et cetera.  So that if a voter noticed a problem and complained and then was instructed to go back to the machine, try again, we’ll see if it is a problem with the machine.  When the voter repeated the same selections, the ballot would come out correctly.”

This would inevitably make the attack almost undetectable at the local level as most poll-workers would likely assume a voter simply made a mistake rather than thinking the machine was compromised.

This could also be used to program the Dominion ICX BMD to either subvert the Logic and Accuracy testing by starting only after a certain number of ballots have been created, or to detect it’s being tested based on the date and time.  It can also be programmed to only become active on Election day.  Oh, and it can also delete itself after an election so that it passes any audits or testing of the machine that are conducted, according to Dr. Halderman.

According the testimony, Vulnerability #7 is that “there isn’t an effective cryptographic protection in the ICX to validate that the applications installed on it actually are genuine software that comes from Dominion.”

Here again is the transcript from the court hearing and Professor Halderman’s testimony.

Around the Web

Want to Silence Constant Ear Ringing? Try This. [Works Like Magic]

doctors-health-quest-secrets

Anyone With Tooth Decay Should Watch This (They Hide This From You)

The Daily Survivor

Anyone with Type 2 Diabetes Should Watch This!

Life Love Health

The Super Spreader Event…

All of the above attacks involve physical access to the BMD system and are rather centralized to just the Dominion ICX BMD that was attacked.  However, Dr. Halderman described an attack that doesn’t require physical access and can seemingly be far more widespread.  He testified that these attacks were “particularly concerning.”

“These vulnerabilities provide a way to install malware by piggybacking, essentially, on the normal pre-election processes that are used to install the ballot information onto all of the BMDs prior to an election.”

Dr. Halderman described the pre-election process that is undertaken before each election, where every Dominion ICX BMD is loaded with an election definition file.  This file tells the BMD what is supposed to be on the ballot for that jurisdiction.

Around the Web

Tinnitus Discovery Leaves Doctors Speechless [Try Tonight]

doctors-health-quest-secrets

Anyone With Tooth Decay Should Watch This (They Hide This From You)

The Daily Survivor

Brain Surgeon: Ear Ringing? When the Ringing Won't Stop, Do This (Watch)

HealthMD News

Election definition files are created for the entire state at the Center for Election Systems in the Secretary of State’s office using an election management system.  The computers used to create these files are running Dominion software and are “disconnected”, or, presumably, “air gapped”.  The definition files are copied onto USB sticks and then sent to the counties to be installed on their election management system, which is also “disconnected.”

An attacker could “make certain modifications to the election definition file in a way that allows the attacker to overwrite other files on the BMD when the election definition is loaded.”

This attack would not be readily observable by the user, but once installed, the attacker would “get the ability to overwrite another part of the data on the system.”

Around the Web

Here's What New Walk-in Shower Should Cost You In 2024

HomeBuddy

Too Much Belly Fat? Do This Tonight!

Healthy Natural

Exotic "Rice Method" Liquifies Fat Cells Almost Overnight (Watch Now)

Fitter For Free

This attack could grant superuser access without as much as a prompt.  Automatically.  And because it originated in the election definition file, this would infect every Dominion ICX BMD in the county the attack targeted.

Dr. Halderman testified that this type of attack could originate with an “election insider” or someone who broke in or obtained physical access to the election management system computer.  All that would be required is to simply switch out the election definition file and put one created by the attackers in its place.

 

The Façade of “Security”

Lastly, Dr. Halderman testified that the version of Microsoft Windows being run on the Election Management System servers was a 2015 version that had not received any security patches.  Further, the Windows Defender anti-virus software was also significantly outdated:

Around the Web

Drink This Before Bed, Watch Your Body Fat Melt Like Crazy

The Happy Life

Surgeon: Brain Scan Uncovers the Real Root Cause of Tinnitus (Ear Ringing)

HealthMD News

Discover How One Simple Shift Can Reduce Your Blood Sugar Tonight

Expert Diabetes

“The antivirus software installed on the machine, Windows Defender, had antivirus definitions that were more than a year out of date, and as a result of that, the system contained a large number of known and unpatched vulnerabilities and not [sic] antivirus updates that would cover even known malware, let alone malware specially crafted for the purpose of attacking the server.

Among the vulnerabilities in Windows that were not patched was a known vulnerability that Microsoft had categorized as critical that would allow malicious software to automatically launch and install itself from a USB stick, exactly the sort of vulnerability that would enable a Stuxnet style attack if an infected USB stick was attached.”

He then reiterates that the EMS servers have a “known and unpatched vulnerability in Windows.”

Around the Web

Bizarre Rice Method Burns Fat Every 24 Hours (Watch Now)

Fitter For Free

Turbo Intimacy: 15-minute Action, 5x Longer Power for Multiple Rounds!

Trending Stories

Here's What New Walk-in Shower Should Cost You In 2024

HomeBuddy

More to come as this case progresses…

During the testimony of Dr. Halderman, attorney David Oles was not permitted to ask any questions of Dr. Halderman.  Oles represents co-plaintiff Ricardo Davis of VoterGA.org.  Yesterday, The Gateway Pundit reported that Oles was able to get proffers submitted to the court regarding Dr. Halderman and Dr. Philip Stark’s testimonies.

The Culling vs. Raffensperger Lawsuit: Evidence of Voting Machine Vulnerabilities and Fulton County 2020 Election Issues Entered into the Federal Record | The Gateway Pundit | by Brian Lupo

The trial this explosive testimony and live demonstration is currently underway in the Northern District of Georgia in Judge Amy Totenberg’s court.


https://www.thegatewaypundit.com/2024/01/part-3-full-scope-dominion-icx-hack-federal/

No comments:

Post a Comment