Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Shawn Smith - Quis Custodiet Ipsos Custodes Profile picture
Shawn Smith - Quis Custodiet Ipsos Custodes
@ShawnSmith1776
Citizen. Patriot. Veteran. Supporter/defender of U.S. Constitution against all enemies, foreign and domestic. Abolitionist against election corruption slavery.

Nov 8, 2024, 17 tweets

🧵A lot of people here on X, in the media, in courtrooms, etc., don't seem to know what the fuck they're talking about, so let me help:

1. Griswold's CO voting system BIOS password breach was SERIOUS, and it is unmitigated.
2. It went on for four months without them noticing.

3. The public posting isn't the only problem:
- They maintained unencrypted passwords in an unencrypted Excel spreadsheet
- Stored (apparently) on their network drives
- The passwords violated CISA (gov lead for election system security) password guidance known since 2009

4. Contrary to all their initial bullshit, DepSecState Beall admitted it affected more than half the counties in CO.
5. If you compromise BIOS passwords on a critical infrastructure computer for 24hrs, you MUST assume that system has been exploited unless you can prove otherwise.

6. When you compromise the integrity of a voting system component, you must also assume that any component connected to it (by LAN cable, e.g., or HDMI cable, or by bridge of "airgap" w/removable media) is compromised.

7. Again, CISA is gov lead for election infrastructure sec., including standards/proc./reporting (Hence, Griswold's "Well I reported it!!!" (not to CO election officials or citizens, though...)). See Page 6, Fig 1 ()for an appropriate incident response. tinyurl.com/Grizfail

8. Griftwold's process:
Day 1:
- Find out (vendor?).🚨
- Pull .xlsx file from web after 4 MONTHS.📅
- Report to CISA.🏆
- Tell ZERO election officials/citizens about 🏴‍☠️voting sys.💩
Day 6:
- Shit. COGOP knows. 🚨🚨
- Tell MEDIA, still don't tell election officials.
Day 7:...

Day 7:
- Don't admit how many counties affected.
- Still letting citizens use potentially compromised voting systems - let ~citizens? vote on them.
- Send a couple people out to change a couple passwords.
- Get absolutely justifiably wrecked in media/social media
Day 8:...

Day 9:
- Media/social media wreckage makes yesterdays seem gentle. Lost Kyle Clark, FFS...
- Get upstaged by Polis, who insisted on much broader "blitzkrieg" of also completely ineffective, inadequate response, ensuring password change in affected counties, but with helicopters.

Day 9, continued:
- STILL letting citizens? use machines, and letting election officials tabulate w/affected systems.
- STILL no deployment of actual competent cyber forensic examiners or incident response teams to do anything even remotely approaching adequacy, e.g.:

The FIRST thing that should have happened:
- STOP using a machine/system with unknown security/integrity/functionality

The SECOND thing that should have happened:
- Image all affected machines and the components in their systems to collect/preserve data to enable tech analysis

The THIRD thing that should have happened:
- Tech analysis by qualified cyber forensic examiners to determine WHETHER compromise occurred, and EXTENT, TIMING, and IMPACT of compromise

(TIMING/IMPACT is REALLY IMPORTANT, b/c the breach was active DURING the CO Primary Election - could have affected Primary results)

- If you cannot RULE OUT impact to current election project, ballots, scanning, database, configs, etc., then you START OVER w/the paper ballots

And even THAT may not be enough, b/c less than 10% of voters on Ballot Marking Devices actually check their printed ballots, and BMD compromises due to EMS compromises could affect all those BMD ballots.

The FOURTH thing that should have happened:
- Removal/Containment of any compromise, IF YOU CAN (may not be possible, and it sure as hell isn't just changing passwords - you have to verify unaltered configuration of BIOS, iDRAC, MINIX OS (on Intel chipset), ALL memory/storage...

And FIFTH, ONLY IF you can confirm containment/removal of any compromise, restore/recover system and resume use.

None of that shit happened. CO basically did:
a. Detect, lie.
b. Delay, lie.
c. Pretend password changes are good enough.
d. Lie.

All without interrupting use.

So, to be clear:
Anyone telling you CO voting systems are "secure" and Coloradans' votes can be or were "counted fairly and accurately" because of Griswold's/Polis' "swift action" is either obliteratingly stupid or humping a false narrative.

Hope that helps.

* I forgot; Day 12:
- Send COAG, who knows FUCK-ALL re: cyber/voting systems, to court to argue @ParikhClay, who tested voting systems for 9 YRS, isn't an expert b/c he "doesn't know 'CO voting systems' "

It's like arguing that a banana expert "isn't an expert in 'CO' bananas."

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling