I need to qualify my remarks-I must sound as if I know all about these Dominion Democracy Suite EMS systems and am an expert on them, and I am not.
However, I have worked for decades in systems that store millions of images and distribute them to queues for people to work on and perform tasks on. And I know these systems quite well.
I found this image below online (and apparently originated with Dominion) that describes a typical Dominion Democracy Suite EMS system, and it nearly exactly mirrors the types of systems I have worked with, so to reverse engineer it is not that much of a stretch for me. It looks nearly exactly the same, right down to the polling machines and ballot scanners that send images to the system.
My systems and the Dominion systems are nearly identical not only in form and construction, but in function.
Grrr.
I hate it when I am right.
After I posted, I thought I should actually watch the Arizona Senate hearing on July 15, 2021 with the CyberNinja Team. I hadn't seen it, only a summary, so I went and watched it at: 7/15/2021 Live Arizona AZ State Senate Hearing on the 2020 Election Audit in Maricopa County. (NOTE: This takes you right to the computer forensic analysis portion by Ben Cotton, and bypasses the chain of custody and material security of the non-computer things like ballot images.)
Since it is a rainy day and I am not going anywhere, this seemed like a good time to do this. I wanted to hear it from the horse's mouth, and it is disgusting to hear, from an IT perspective. From the video:
- They have eight accounts on this particular Dominion Democracy Suite EMS system.
- They have an overall Admin account (when Dominion set up the system originally) called "EMSAdministrator" that uses a password (Probably something like "Password1!" ). That password has never been changed.
- They have an Adjudication Admin account that uses the same password, Password1!
- They have a Verification Admin account that uses the same password, Password1!
- They have an Adjudication Admin account...that uses the same password, Password1!
- They have a Tabulation Admin account...that uses the same password, Password1!
- They have a Pollworker account...that uses the same password, Password1!
And so on. I think you get the idea.
Good computer security means changing the vendor supplied password out of the box. The vendor probably set up the other admin accounts as well at the same time, and those should have been changed.
Furthermore, each account should be limited only to the functions to be performed by that user and no more.
Lastly, nobody should be using the Admin Accounts. If there are 150 county employed people, every damn one of them should have had an account with their own expected permission sets and their own passwords. For auditing purposes, if nothing else.
This is horrible, Horrible, HORRIBLE Information Technology practice as done by Maricopa County. In my area of expertise, if something went wrong and in the investigation it was discovered I had set up the systems as they did in Maricopa County, it would be a fireable offense. And nobody would defend me, even people who might be my allies. Because they couldn't.
Then there is the issue of the security of items passed with a chain of custody.
The CyberNinjas (who have even been decried and ridiculed by some on this very forum) took several steps to acquire items from the county and do their analysis, not to mention those decrying their analysis as a fraud while embracing the two politically allied "independent" investigations contracted by Maricopa County hacks that did NONE of these things:
- They had cameras filming the entire time during the transfer to record actions.
- They used Hardware Write Block technology to make exact copies of all drives, which generates an MD-5 hash. If anything is changed, that MD-5 hash will change. This is standard practice in legal cases and will be accepted to refute charges of tampering by investigators.
- The originals are stored in a government certified safe system with the hash.
- They kept all computers, drives, and hardware in a locked cage, with armed guards and 24x7 surveillance.
- If a device or drive had to be removed from the secure location, it was signed out, and when it reached the desk of someone performing an analysis, it was signed in.
I found this fascinating, because the exercreble Secretary of State Katie Hobbs has said they would not use this equipment turned over to CyberNinjas because they could not verify that it had not been tampered with. Ben Cotton made the incisive observation that they had been handed over to his team by Maricopa County without taking forensic hardware write block images themselves.
It was also worth noting that Maricopa County said they had their own separate teams of investigators who said they found no issues at all, and Ben Cotton observed that if they had allowed these "independent" teams access and they did not make Hardware Write Block copies with an MD-5 hash...how was she going to approve those devices for use after they did their analysis?
Furthermore, Ben Cotton asked why they did not see or note any of these irregularities in their "independent" analyses that they said they executed?
And one more thing-there are certain analyses they cannot perform because they do not have the hardware dongles require for another layer of security. Maricopa County says the vendor Dominion has the passwords to burn those harware dongles and will not release those passwords.
Things that make you go "Hmmm."
Maricopa County officials are lying, evil scum.