Posted on 01/26/2024 9:09:26 AM PST by Red Badger
In Part 1 of this series on the explosive testimony and demonstration of University of Michigan Professor Dr. J Alex Halderman in the federal lawsuit Curling v. Raffensperger, The Gateway Pundit covered more in-depth the ease of exploiting the “BIC pen hack” and, further, the simple and inexpensive creation of voter, poll-worker, and, most importantly, technician Smart cards to attack the Dominion ICX BMD or ballot marking device.
Part 1 can be read here.
https://www.thegatewaypundit.com/2024/01/part-1-full-scope-dominion-icx-hack-federal/
But there was much more revealed in Judge Totenberg’s courtroom regarding the vulnerabilities of these electronic voting devices.
To summarize Part 1, Dr. Halderman was able to use a simple BIC ball-point pen to reboot a Dominion ICX BMD by simply inserting it into the power button on the back of the machine and hold it down for five seconds. This rebooted the machine into Safe Mode and allowed Super User access, granting the attacker almost unlimited abilities to manipulate data on the machine.
Professor Halderman was also able to use a Smart card purchased for $10 online and a $20 USB Smart card Reader from Amazon to program voter cards that could be used over and over again, county-wide. He also made a poll-worker card and, most importantly, a technician card that would also grant “Super User access.”
We learned that commands to manipulate the Dominion ICX BMD could be automated – simply insert the card and it will do the rest. Further, nothing was needed that wasn’t public information to complete the programming.
These cards would require some expertise to program, but once the counterfeit cards are made, anyone could insert it into the machine and exploit the vulnerability automatically.
Here again is the transcript from the court hearing and Professor Halderman’s testimony.
PDF AT LINK..................
But there has to be a way that these attacks could be detected, right? Not necessarily.
No Evidence of Exploitation Dr. Halderman then demonstrated how he can delete portions of the system’s audit log in order to delete any evidence that he had accessed and modified the system. Dr. Halderman testified:
Professor Halderman: “So now I’m back in the technician menu…and what I’m going to do is I’m going to go to the file manager and open the ICX’s audit log file. This is one of the log files that the machine creates, and I’m going to open it with the on-screen text editor.
What I have just done with the technician card is I have loaded this technician card with the automated commands that I want to run in a way that they appear in the audit log. But I’m going to open the audit log and edit it with the on-screen text editor.
I’m actually going to highlight a portion that came from my card and hit the cut button to move it to the machine’s clipboard. And I’m going to save the audit log just to show you that I can delete portions of the audit log with the on-screen text editor.
Dr. Halderman described it as deleting log entries “that would otherwise be evidence of some malfeasance.” He can cover his tracks from anyone being able to discover the access he had and what he was able to do to the Dominion ICX BMDs.
Seemingly for demonstrative purposes, Dr. Halderman performed each step manually, but he testified that it can be done “programmatically”. Insert the card and let the machine do the rest. He also testified that he can quickly insert a command that would “take the other automated commands out of the log file that were copied from my technician card and execute them.”
The Bash Bunny Next, Dr. Halderman demonstrated perhaps the most serious of the vulnerability exploits, in this author’s opinion, at least.
The following demonstration was not done live in court, but rather through a continuous video recording utilizing the Fulton County Dominion ICX BMD (ballot marking device). This video was played live before the court.
The “attacker” in the video reached behind the printer that accompanies the Dominion ICX BMD and unplugged the USB cable and plugged in what is called a Bash Bunny. The device looks like a big USB stick, but with the Bash Bunny, the “attacker” is “able to load it with a sequence of commands that it will then send to the device as if it were a keyboard.”
“…The Bash Bunny will start driving the device, and you can see that it is moving through a sequence of things on the screen. This is the USB device controlling it.
And it is going to go through and modify settings, as I describe in the report. It is going to then open a terminal, get superuser access, and take steps to install malicious software that is stored on that same USB device.
Now, the USB — the malicious software is a version of the ICX application that we have — we have extracted from the machine and slightly modified it to add some malicious functionality. And the Bash Bunny device is installing the malicious version of the application on the machine and replacing the version that regularly would function.”
All of this was done automatically. The “attacker” simply plugged in the USB device and it completed its installation and replacement of the software in less than two minutes. Once the Bash Bunny is programmed, there is no special skill required to initiate this attack.
The Bash Bunny costs about $100 and can be utilized without removing or tampering with any of the seals on the Dominion ICX BMD. As Dr. Halderman testified, an “attacker” can utilize a cable coming off the printer to connect the Bash Bunny rather than removing a seal and connecting it directly to the Dominion ICX BMD. That connection is not typically sealed, according to Dr. Halderman.
Part 3 of this series will follow.
During the testimony of Dr. Halderman, attorney David Oles was not permitted to ask any questions of Dr. Halderman. Oles represents co-plaintiff Ricardo Davis of VoterGA.org. Yesterday, The Gateway Pundit reported that Oles was able to get proffers submitted to the court regarding Dr. Halderman and Dr. Philip Stark’s testimonies.
The trial that includes this explosive testimony and live demonstration is currently underway in the Northern District of Georgia in Judge Amy Totenberg’s court.
Tell me like I’m a small child, or a golden retriever, how none of this came out in Dominion’s lawsuit against Newscorp?
It wasn’t meant to. Newscorp has been suborned..................
I can’t remember, but didn’t fox settle that case, or was it an actual award by the court. If they settled than they probably didn’t fight it.
If this news got out, it would have changed everything the LAAP-dog media said about the motivations for January 6th just as the indictments against President Trump were coming down.
-PJ
Is that the same suit against Fox? They seemed happy to roll over and pay $750M or something like that?
There was more revealed in the courtroom WRT
vulnerabilities of electronic voting. To summarize:
<><>Dr. Halderman used a simple BIC ball-point pen to reboot a Dominion ICX BMD by simply inserting it into the power button on the back of the machine and hold it down for five seconds.
<><>This rebooted the machine into Safe Mode and allowed Super User access, (voter fraud unlimited) granting the attacker almost unlimited abilities to manipulate voting data on the machine.
<><>Professor Halderman was also able to use a Smart card purchased for $10 online and a $20 USB Smart card Reader from Amazon to program voter cards that could be used over and over again, county-wide.
<><>He also made a poll-worker card and, most importantly, a technician card that would also grant “Super User access.”
<><>commands to manipulate the Dominion ICX BMD could be automated – simply insert the card and it will do the rest. Further, nothing was needed that wasn’t public information to complete the programming.
<><>These cards would require some expertise to program, but once the counterfeit cards are made, anyone could insert it into the machine and exploit the vulnerability automatically.
I am of the opinion that:
1) FEC should sponsor the development of an open source, public code only, suite of election software. (voting roll, ballot tracking, ballot tabulation, reporting, etc)
2) That the code should undergo a regular challenge where vulnerabilities are exposed and penetration of the system is tested on a bi-annual frequency.
3) There be a law passed that requires the use of the open source voting system.
Here is a high-tech solution.Let a company like Visa or MasterCard manage the elections.
The process would go like this:
This should make it very difficult harvest ballots, since PIN numbers can't be made up or reused. The voter will know if their absentee/mail-in ballot was processed or not based on whether the PIN was used or not.
- Citizen registers to vote.
- County processes the voter registration.
- Credit card company sends a voter card to the citizen. The voter's PIN is sent in a separate mailing within 90 days of the next election. This card is a permanent voter registration until such time as the voter leaves the jurisdiction or dies.
- For each election:
- For in-person voting:
- The voter checks in and swipes their voter card into the reader. They enter their PIN.
- If the PIN is accepted, the voter signs the precinct log book and receives a local voting sheet, computer code, or whatever device is used to vote. The PIN is marked as used.
- The voter proceeds to vote.
- For absentee/mail-in voting:
- The voter completes the absentee/mail-in ballot and signs the ballot. The voter also writes their voter card number and PIN on the ballot.
- The voter seals the ballot in a return envelope and signs the envelope.
- The voter mails in the ballot or drops it in a ballot box.
- The ballot is received by the county and entered into the tabulation system. The PIN is marked as used.
- The voter receives a confirmation notice that their ballot was processed. This could be either via text message, automated phone call, or direct mail based on the voter's designation when registering.
- The credit card company tabulates the ballots immediately, using the same technology that processes billions of credit card transactions each day.
- Election results are published within two hours after the polls close in a state. The credit card company nullifies all the PIN numbers.
- Ninety days prior to the next election, the credit card company resets all the PINs to new numbers and mails the new PINs to voter for use in the next election.
The technology exists to do this now.
-PJ
p
Gee, amazing all those defects were found, almost as if there were planned 🤔🤔🤔
Nah, not a chance. It was the most secure election in the history of mankind.
Hak5 BASH Bunny for $119.95
The groundbreaking payload platform that introduced multi-vector USB attacks has evolved.Here's a video about BASH Bunny. Introducing the Bash Bunny Mark II - Story Time with @Hak5DarrenPull off covert attacks or IT automation tasks faster than ever with just the flick of a switch. The NEW Bash Bunny Mark II goes from plug to pwn in 7 seconds — so when the light turns green it's a hacked machine.
Now with faster performance, wireless geofencing, remote triggers and MicroSD support, the Bash Bunny is an even more impressive tool for your Red Team arsenal.
Simultaneously mimic multiple trusted devices to trick targets into divulging sensitive information without triggering defenses. The Bash Bunny is truly the world's most advanced USB attack platform.
Two years ago, the BASH Bunny added a MicroSD Card XC slot ultra high capacity, up to 500 GB today (spec goes to 2 TB). It has built-in Blue Tooth which adds RF to a vote machine that should NOT have any RF capability. The Bash Bunny can sit there idle waiting for a certain Blue Tooth device to be activated in the vicinity. It can inject keystrokes.
How can a guy producing products made solely to commit electronic crimes not be in jail? Probably the same way that crowbar and hammer makers (or gun manufacturers) don't go to jail
Thoughts?........................
Little boy, the case was settled before any of this could come out...
See #12. This should be the smoking gun, but it doesn’t prove cheating was used. It shows the tools the attackers can use, how the attach can be executed, reveals horrendous vulnerabilities in the election equipment, and shows how audit logs can be modified to delete evidence.
To our experts. Is it possible to modify logs without that modification access itself being logged?
I just checked out the BASH bunny
a very cool piece of kit, amazing what you can do in such a small package.
everyone should know that if you can have physical access to a computer like this you can own it.
Fascinating concept. We use technology in far more complex ways each day, this problem could solved. There could be methods attached to ensure security and audit. A wise entrepreneur would make this happen, assuming the desire to to actually fix the problem is there.
It’s clear the use of current technology (dominion) is not secure. I hope the judge in this case agrees.
The judge is the sister of long-time NPR judicial correspondent Nina Totenberg, FWIW.
-PJ
I agree that the technology already exists for a secure election. What is missing is the backbone / will in the state legislatures to implement a secure voting system.
A few minor changes to this specific proposal:
Pins must be 8 characters
Voter rolls are locked the day after the new president is inaugurated and all voters must re-register.
No mail in ballots without a signed request for a ballot and a legal (ie under penalty of perjury) statement claiming a voting disability (out of the country, shut in, military service, etc.)
I used to agree with this. My main concern is somebody or some group, backed by massive funding, being able to find a vulnerability to specifically NOT disclose it. Then use it as desired.
It’s just far more difficult to commit widespread fraud with paper ballots and manual counting, with lots of eyes. Otherwise, it can be done with a click, seen by nobody.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.