Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Part 2: Full Scope of Dominion Voting Machine Hack in Federal Court is FAR Worse than Just the BIC Pen Hack – Audit Logs Can Be Edited
Gateway Pundit ^ | Brian Lupo

Posted on 01/26/2024 9:09:26 AM PST by Red Badger

In Part 1 of this series on the explosive testimony and demonstration of University of Michigan Professor Dr. J Alex Halderman in the federal lawsuit Curling v. Raffensperger, The Gateway Pundit covered more in-depth the ease of exploiting the “BIC pen hack” and, further, the simple and inexpensive creation of voter, poll-worker, and, most importantly, technician Smart cards to attack the Dominion ICX BMD or ballot marking device.

Part 1 can be read here.

https://www.thegatewaypundit.com/2024/01/part-1-full-scope-dominion-icx-hack-federal/

But there was much more revealed in Judge Totenberg’s courtroom regarding the vulnerabilities of these electronic voting devices.

To summarize Part 1, Dr. Halderman was able to use a simple BIC ball-point pen to reboot a Dominion ICX BMD by simply inserting it into the power button on the back of the machine and hold it down for five seconds. This rebooted the machine into Safe Mode and allowed Super User access, granting the attacker almost unlimited abilities to manipulate data on the machine.

Professor Halderman was also able to use a Smart card purchased for $10 online and a $20 USB Smart card Reader from Amazon to program voter cards that could be used over and over again, county-wide. He also made a poll-worker card and, most importantly, a technician card that would also grant “Super User access.”

We learned that commands to manipulate the Dominion ICX BMD could be automated – simply insert the card and it will do the rest. Further, nothing was needed that wasn’t public information to complete the programming.

These cards would require some expertise to program, but once the counterfeit cards are made, anyone could insert it into the machine and exploit the vulnerability automatically.

Here again is the transcript from the court hearing and Professor Halderman’s testimony.

PDF AT LINK..................

But there has to be a way that these attacks could be detected, right? Not necessarily.

No Evidence of Exploitation Dr. Halderman then demonstrated how he can delete portions of the system’s audit log in order to delete any evidence that he had accessed and modified the system. Dr. Halderman testified:

Professor Halderman: “So now I’m back in the technician menu…and what I’m going to do is I’m going to go to the file manager and open the ICX’s audit log file. This is one of the log files that the machine creates, and I’m going to open it with the on-screen text editor.

What I have just done with the technician card is I have loaded this technician card with the automated commands that I want to run in a way that they appear in the audit log. But I’m going to open the audit log and edit it with the on-screen text editor.

I’m actually going to highlight a portion that came from my card and hit the cut button to move it to the machine’s clipboard. And I’m going to save the audit log just to show you that I can delete portions of the audit log with the on-screen text editor.

Dr. Halderman described it as deleting log entries “that would otherwise be evidence of some malfeasance.” He can cover his tracks from anyone being able to discover the access he had and what he was able to do to the Dominion ICX BMDs.

Seemingly for demonstrative purposes, Dr. Halderman performed each step manually, but he testified that it can be done “programmatically”. Insert the card and let the machine do the rest. He also testified that he can quickly insert a command that would “take the other automated commands out of the log file that were copied from my technician card and execute them.”

The Bash Bunny Next, Dr. Halderman demonstrated perhaps the most serious of the vulnerability exploits, in this author’s opinion, at least.

The following demonstration was not done live in court, but rather through a continuous video recording utilizing the Fulton County Dominion ICX BMD (ballot marking device). This video was played live before the court.

The “attacker” in the video reached behind the printer that accompanies the Dominion ICX BMD and unplugged the USB cable and plugged in what is called a Bash Bunny. The device looks like a big USB stick, but with the Bash Bunny, the “attacker” is “able to load it with a sequence of commands that it will then send to the device as if it were a keyboard.”

“…The Bash Bunny will start driving the device, and you can see that it is moving through a sequence of things on the screen. This is the USB device controlling it.

And it is going to go through and modify settings, as I describe in the report. It is going to then open a terminal, get superuser access, and take steps to install malicious software that is stored on that same USB device.

Now, the USB — the malicious software is a version of the ICX application that we have — we have extracted from the machine and slightly modified it to add some malicious functionality. And the Bash Bunny device is installing the malicious version of the application on the machine and replacing the version that regularly would function.”

All of this was done automatically. The “attacker” simply plugged in the USB device and it completed its installation and replacement of the software in less than two minutes. Once the Bash Bunny is programmed, there is no special skill required to initiate this attack.

The Bash Bunny costs about $100 and can be utilized without removing or tampering with any of the seals on the Dominion ICX BMD. As Dr. Halderman testified, an “attacker” can utilize a cable coming off the printer to connect the Bash Bunny rather than removing a seal and connecting it directly to the Dominion ICX BMD. That connection is not typically sealed, according to Dr. Halderman.

Part 3 of this series will follow.

During the testimony of Dr. Halderman, attorney David Oles was not permitted to ask any questions of Dr. Halderman. Oles represents co-plaintiff Ricardo Davis of VoterGA.org. Yesterday, The Gateway Pundit reported that Oles was able to get proffers submitted to the court regarding Dr. Halderman and Dr. Philip Stark’s testimonies.

The trial that includes this explosive testimony and live demonstration is currently underway in the Northern District of Georgia in Judge Amy Totenberg’s court.


TOPICS: Crime/Corruption; Government; Politics/Elections; US: Georgia
KEYWORDS: dominion; raffensperger; raffenspergervideo; votefraud; votingmachines
Navigation: use the links below to view more comments.
first previous 1-2021-4041-49 next last
To: Red Badger

Yet all have refused to fix any of this for the 2024 elections....


21 posted on 01/26/2024 10:18:16 AM PST by G Larry (It's RACIST to impose SLAVE WAGES on LEGAL immigrants and minorities by importing ILLEGAL Laborers)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lockbox

They aren’t defects.

They are features. )))


22 posted on 01/26/2024 10:23:46 AM PST by T. Rustin Noone (Igitur qui desiderat pacem, praeparet bellum)
[ Post Reply | Private Reply | To 11 | View Replies]

To: taxcontrol

Those are all helpful things. I would add that only open-source voting software would be allowed. That would provide an army of people examining the code for vulnerabilities and back doors such as being able to modify logs, delete log entries, and hide your tracks.

But those fixes do not address the problem that the equipment is attached to a printer and that printer cable can be used to attach nefarious tools like the Bash Bunny.


23 posted on 01/26/2024 10:29:43 AM PST by ProtectOurFreedom (“Occupy your mind with good thoughts or your enemy will fill them with bad ones.” ~ Thomas More)
[ Post Reply | Private Reply | To 19 | View Replies]

To: fuzzylogic

“My main concern is somebody or some group, backed by massive funding, being able to find a vulnerability to specifically NOT disclose it. “

Absolutely. Look at the amount of money that was offered to Kari Lake to drop out of politics for a couple years. She could have been a very rich woman.

That is EXACTLY why all vote machines should use open-source software. The code would be available to the public for scrutiny.


24 posted on 01/26/2024 10:31:42 AM PST by ProtectOurFreedom (“Occupy your mind with good thoughts or your enemy will fill them with bad ones.” ~ Thomas More)
[ Post Reply | Private Reply | To 20 | View Replies]

To: taxcontrol

I’m 100% in agreement.

I DO worry about putting the government (FEC) in charge of developing such software, though. The government is probably less trustworthy than Dominion.


25 posted on 01/26/2024 10:33:33 AM PST by ProtectOurFreedom (“Occupy your mind with good thoughts or your enemy will fill them with bad ones.” ~ Thomas More)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Political Junkie Too

Good plan, but won’t the government know how you voted and harass, persecute and destroy you as they see fit? Or grant you all sorts of new benefits if you voted the “right” way?


26 posted on 01/26/2024 10:35:49 AM PST by ProtectOurFreedom (“Occupy your mind with good thoughts or your enemy will fill them with bad ones.” ~ Thomas More)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Red Badger

BTW, this is a well known way of hacking into networks.
This is why most companies do NOT allow USB thumb drives to be connected to an internal network.

Modern systems (Dominion is NOT modern) mandate after reboot that you use 2nd level authentication to get in.
My home network does exactly this.


27 posted on 01/26/2024 10:36:07 AM PST by Zathras
[ Post Reply | Private Reply | To 1 | View Replies]

To: ProtectOurFreedom

There’s the historical argument for software security though - security through transparency (open source) or security through obscurity (closed source).

I’ve seen far too many deep-rooted vulnerabilities that have been in the wild for years before somebody realized a problem. This includes widely used libraries from open source (SSL, Log4J, etc.). When I was at an RTOS company we experienced a major issue, respective to security, because of Intel hardware. This forced a massive problem for our customer base. The only solution was to use a software implementation of what was being done by hardware - but some embedded systems our customers had relied on the performance. Their choice was to have their devices fail (due to load) or be insecure - this happening to them years and years after device deployment.

I’m at the point where I just can’t trust software driven voting, open or closed source.


28 posted on 01/26/2024 10:45:46 AM PST by fuzzylogic (welfare state = sharing of poor moral choices among everybody)
[ Post Reply | Private Reply | To 24 | View Replies]

To: ProtectOurFreedom

There’s the historical argument for software security though - security through transparency (open source) or security through obscurity (closed source).

I’ve seen far too many deep-rooted vulnerabilities that have been in the wild for years before somebody realized a problem. This includes widely used libraries from open source (SSL, Log4J, etc.). When I was at an RTOS company we experienced a major issue, respective to security, because of Intel hardware. This forced a massive problem for our customer base. The only solution was to use a software implementation of what was being done by hardware - but some embedded systems our customers had relied on the performance. Their choice was to have their devices fail (due to load) or be insecure - this happening to them years and years after device deployment.

I’m at the point where I just can’t trust software driven voting, open or closed source.


29 posted on 01/26/2024 10:45:46 AM PST by fuzzylogic (welfare state = sharing of poor moral choices among everybody)
[ Post Reply | Private Reply | To 24 | View Replies]

To: ProtectOurFreedom
Not necessarily.

First, it would be the credit card company that ties the voter card/pin to the person, not the government.

Second, the actual votes can be purged once the election is certified.

Third, the government would need a warrant to demand that the voter information be turned over, and I can't see a basis for such warrant.

The purpose of my plan is to take the tallying of votes away from local officials and let it be done automatically the way credit card transactions are processed each day. The main objective is to eliminate the Democrat tactic of holding back their dense urban city tallies until they know how many votes they need to win.

This also ensures that ballots cannot be stuffed by repeatedly scanning the same ballot over and over. The voter's PIN would be marked as used after the first vote is cast.

-PJ

30 posted on 01/26/2024 10:47:35 AM PST by Political Junkie Too ( * LAAP = Left-wing Activist Agitprop Press (formerly known as the MSM))
[ Post Reply | Private Reply | To 26 | View Replies]

To: taxcontrol
1) FEC should sponsor the development of an open source, public code only, suite of election software. (voting roll, ballot tracking, ballot tabulation, reporting, etc)

2) That the code should undergo a regular challenge where vulnerabilities are exposed and penetration of the system is tested on a bi-annual frequency.

3) There be a law passed that requires the use of the open source voting system.

It is easy to go even farther. Image used to initially load the machine can be an ISO, and the SHASUM of the ISO can be published and validated by any person with a laptop with a CD Drive. Similarly, any binary used should have a public signature that can be validated. You can even have software what will automatically check binaries and shut down the machine if tampering is detected.

None of this is rocket science.I would also recommend that the operating system of the machine be an SE-enabled version of Linux.

Any device with the correct hardware specs should be able to act as a testing platform, and ALL code MUST be OPEN SOURCE.

If you want us to trust computers, they all must be completely transparent in all aspects. Any hidden components are instantly suspect.

31 posted on 01/26/2024 10:48:00 AM PST by zeugma (Stop deluding yourself that America is still a free country.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Political Junkie Too
I hope the judge in this case agrees. The judge is the sister of long-time NPR judicial correspondent Nina Totenberg, FWIW. -PJ \/ t2s0vc
32 posted on 01/26/2024 10:53:59 AM PST by cuz1961 (USCGR Vet, John Adams Descendant , deal with it.)
[ Post Reply | Private Reply | To 18 | View Replies]

To: Red Badger

Thanks.
BFL


33 posted on 01/26/2024 11:05:27 AM PST by Faith65 (Isaiah 40:31 )
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma; taxcontrol; Political Junkie Too

All of these solutions are good.

But, do they address the problem of thoroughly corrupted voter rolls?

I’ve often proposed that voter rolls be zeroed out every four years after quadrennial federal elections. Every voter must appear in person at the registrar’s office with valid government Real ID proof of your identity and birth certificate or passport. The ID should show citizenship.

If you are an invalid or shut-in, the registrar can dispatch a person to your residence to re-register you.

The efforts to clean up the voter rolls are a fools errand. Anybody who has ever set out to clean up corporate databases knows how difficult this is. While you cannot simply zero-out all corporate dates, there is absolutely no reason you cannot do that with other rolls.

This would probably immediately purge 25% of people from the rolls — fictitious people who never lived at the claimed address (such addresses often have 100 people registered from there), dead people, people who have moved away.

You also need to be able to cross-check the new rolls across states to be sure people are not registered in two or more states.

The solutions to election integrity are not difficult. What’s missing is the political will and Republicans who can stand up to the ridiculous charges of “racism” and “voter suppression” from the Democrats. The fact that the Democrats level these charges all the time agains simple fixes that do not require much of citizens is prima facie evidence the Democrats want to continue (and expand) cheating.

Unfortunately, I do not see ANY Republican champions in Congress who have made election integrity the hill to die on.

Open borders (which enable massive-scale election fraud) and election mischief by Democrats are the undoing of our nation.


34 posted on 01/26/2024 11:15:43 AM PST by ProtectOurFreedom (“Occupy your mind with good thoughts or your enemy will fill them with bad ones.” ~ Thomas More)
[ Post Reply | Private Reply | To 31 | View Replies]

To: Lockbox

Seems MI is tired of being strung along like a fool. Draft John James again and get rid of Whitmer and Gilchrist before Biden destroys MI


35 posted on 01/26/2024 12:00:31 PM PST by cnsmom
[ Post Reply | Private Reply | To 11 | View Replies]

To: T. Rustin Noone

Bingo! We have a winner!


36 posted on 01/26/2024 12:53:11 PM PST by Lockbox (politicians, they all seemed like game show hosts to me.... Sting…)
[ Post Reply | Private Reply | To 22 | View Replies]

To: Red Badger

Only chance to stop the Dominion voting machine is everybody bring a big magnet.


37 posted on 01/26/2024 1:04:27 PM PST by Vaduz
[ Post Reply | Private Reply | To 1 | View Replies]

To: Vaduz

Tasers......................


38 posted on 01/26/2024 1:09:56 PM PST by Red Badger (Homeless veterans camp in the streets while illegal aliens are put up in hotels.....................)
[ Post Reply | Private Reply | To 37 | View Replies]

To: Red Badger

Seems to me that any device used to reprogram/corrupt/mess up/ etc. a voting machine could be said to be used for only that purpose; unlike other devices for multiple uses & thus be ruled illegal to use. Am I wrong? What else might a machine like this be used for?


39 posted on 01/26/2024 1:41:17 PM PST by oldtech
[ Post Reply | Private Reply | To 13 | View Replies]

To: Red Badger

Yeah and back ups


40 posted on 01/26/2024 2:03:55 PM PST by Vaduz
[ Post Reply | Private Reply | To 38 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-49 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson