Dominion Voting Systems CEO Says Company Has Never Used SolarWinds Orion Platform

The CEO of Dominion Voting Systems on Tuesday said the company has never used a platform that experts believe was breached by hackers as far back as last year.

“We don’t use the SolarWinds Orion package that was the subject of the DHS report from the 13th,” CEO John Poulos told legislators in Michigan via video link.

However, a screenshot of a Dominion webpage that The Epoch Times captured shows that Dominion does use SolarWinds technology. Dominion later altered the page to remove any reference to SolarWinds, but the SolarWinds website is still in the page’s source code.

SolarWinds’s technology was exploited by actors who inserted malicious software into updates for its Orion platform, according to officials with the Department of Homeland Security (DHS) and cybersecurity experts.

The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warned that the compromise of the network “poses unacceptable risks” and ordered federal agencies that use it to revoke internet access to the affected devices.

The attack “was likely the result of a highly sophisticated, targeted, and manual supply chain attack by an outside nation state, but we have not independently verified the identity of the attacker,” the company said in a statement.

Non-Orion products don’t appear to have been compromised, SolarWinds said.

Poulos said Dominion hasn’t ever used the Orion platform. No legislators asked him about what SolarWinds technology the company does use, and Dominion didn’t respond to requests for comment.

Dominion provides voting equipment and software to 28 states.

See my prev comments on this matter.

Signing your malicious code with a random cert is trivial, but creating your own binary signed by ‘microsoft’, or ‘solarwinds’ or ‘etc’ is hard. Inserting it into their update program is harder. I know cause i have done it. Very stressful, cause its on you if something is wrong and there are insane audit trails that do not go missing.

Unsigned ‘open source’ is not even in the same ball park’

Yes Adobe (flash product) has been a clusterf#(k forever but that has nothing to do with this.

Gosh, one more time we are told by the “experts” that we should not believe our eyes when they tell us things, as they get to choose which parts of what they tell us are true and which parts are false.

I would like to see him under oath in a court of law with the threat of perjury and under cross examination make the same statement. I would wager he would take the 5th Amendment.

but creating your own binary signed by ‘microsoft’, or ‘solarwinds’ or ‘etc’ is hard. Inserting it into their update program is harder. I know cause i have done it.

You mean easier. Just because solarwinds says it was "highly sophisticated" doesn't mean it was. It was very likely trivial to get the malicious software in. The solarwinds code signing cert private keys may or may not have been protected. The attackers may have used their own code signing private key.

Adobe is very relevant. A long vulnerability track record in both cases. Those track records are not an accident or random slop.

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.