Profile picture
Richard DeMillo @rad_atl
, 32 tweets, 5 min read Read on Twitter
1/Thirty Ways to Exploit GA's election system vulnerabilities not requiring an internet connection. @BrianKempGA and election officals endlessly repeat system is not connected to the Internet therefore secure.
politics.myajc.com/news/state--re…
It doesn't matter. Here's 30 reasons why.
2/Before we begin be aware that SOS is remarkably ambiguous about what "no Internet" means. No DIRECT connection, no connection during ELECTIONS, never even DURING TESTS, NEVER EVER NOT EVEN A CHANCE, voting machines ONLY, ALL system parts...These are distractions. Don't matter.
3/First of all, none are true. Simplest counter example: We know that KSU servers holding critical programming were not only connected to Internet, they were misconfigured to allow open access, had been indexed by Google and therefore seen/accessed by millions. But let's go on..
4/Internet aside, voting system components are connected together on local area networks (LAN) yielding cyber vulnerabilities that don't need an Internet connection. A Trojan horse hiding on one inject code by placing autoruns in root directories. Worms propagate this way.
5/How would malware get into a LAN? Many vulnerabilities below answer this but the easiest way is to attach an unauthorized wireless access point to the LAN. Impossible? This was observed at KSU & other election centers & at least 1 vendor lied about remote access software.
6/Election results sent over analog phone lines assuming that analog is not digital and therefore secure. Can be seen at English Street facility. Analog lines use Common Channel Signaling SS7 to set up calls. SS7 is digital and hacked since 1995. Useful for man-in-middle attacks.
7/What can you do once you're rattling around a LAN? If there are administrative shares, an attacker can get access to every file system on the network.
8/Proxies and reverse proxies can be started that fool trusted apps into thinking they are talking to local programs.
9/At the time the systems boot up, drivers are loaded for shared resources. Rootkits replace those drivers with listeners and loggers.
10/Removable media (memory cards for example) are loaded from machines on the LAN and are used to create an communication channel to target machines. Software can be transferred in this way.
11/Shellcode can be executed by any target machine. It just has to be transferred but that can be done at any time over low bandwidth channels.
12/Every operating system has cron like daemons that can be used to sync events without consulting a central Internet connected server for command-and-control
13/Speaking of daemons, we know nothing about the toolsets developers used to mount virtual resources. Developers ARE connected to Internet. If their tools are compromised so is every machine on which they're installed. Daemon tool sets are a vector for supply chain compromise.
14/Compromised supply chains are significant because EVERY computer including the voting computers are born on the Internet.
15/Diebold software in 2003 was discovered on an open FTP server.
16/Mass market vendors of equipment install standard software packages at the point of sale. The PC towers used in Georgia are purchased from those vendors.
17/Aging equipment like the machines used in GA are repaired from repurposed parts purchased on the open Internet. Even if you trusted the existing supply chain, repaired machines enjoy no such trust. Contaminated memories were discovered at DEFCON 26.
18/System and application software and system firmware are updated on industry schedules and delivered by the Internet (or on removable media that are programmed by Internet connected computers)
19/Configuration management of system components does not manage the mismatching of old and new components, middleware, drivers, and firmware. Certification documents do not reflect current system status. This is relevant because dependencies between components are unexamined.
20/Data poisoning. In the run-up to the GA 06 election in 2017. 5 epollbooks were stolen but never recovered. Memory cards were stolen too. Access to the epollbooks would have allowed arbitrary data manipulation. If reintroduced would poison the databases.
21/Facilities management. In addition to WAPs, KSU post-event documents show unlocked data closet with unmarked connection to public network. The name of the network was redacted. Unauthorized personnel could have moved a cable from one jack to another.
22/The KSU facility was located in a repurposed house. Publicity video documents lack of physical access controls. No reception or guard at front door. Once inside, no separation of areas with restricted access.
23/The KSU Center for Election Systems used an open Twitter feed to signal events to county election officials, thereby bypassing the need for an Internet based command center. No idea how SOS handles this now that KSU staff has been absorbed by SOS.
24/Prior to election critical technology events, global DDOS attacks crippled a sizeable number of hosts worldwide. Ensuing confusion is often used as cover for localized attacks, but there are no published logs of election system staff activities during these events.
25/Physical access to voting machines unrestricted at some sites. Election workers left for the day leaving unauthorized personnel with equipment. Machines secured only with loose cables and tamper-evident seals that are easily defeated by people with minimal training.
26/Insider threats bypass network safeguards altogether. Non all insider attacks are the results of malicious behavior of insiders. For example a compromised account is an insider threat.
27/Data loss. In the event of count disruptions, workers restart machines without regard to data loss and invoke manual processes to continue the count.
28/Shifting sands: ES&S GEMS server software depends on JET database engine. JET security vulnerabilities are well documents: cvedetails.com/vulnerability-…
29/Shifting sands pt. 2: Hard coded encryption keys and unencrypted files containing passwords.
30/No checks: Have checks been carried out to see if code bases are contaminated? Proprietary programs using now insecure hashes mentioned in powerpoint but undocumented.
@threadreaderapp unroll
@threadreaderapp # unroll unroll
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Richard DeMillo
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @rad_atl see all

Profile picture
/1 Thanks to Brad for informed discussion. We’ve heard about other virtues of ballot verification that are not impacted by these results but lets focus: it is likely that most humans are unable to verify the correctness of ballots cast moments before.
bradblog.com/?p=12829
2/It’s not a matter of ballot design, verification logistics or other practical considerations. The most likely explanation is fundamental limit on human cognition. Limitation presents special problems for secure voting, including post election audits.
3/If confirmed by other experiments, it’s the limited nature of working (short term) memory that is at fault. That would present not only problems for verifiability but also for usability and accessibility for disabled voters.
Read 9 tweets
Profile picture
1/Just listened to my colleague Wenke Lee school Georgia's SAFE Commission on election system cyber security. Advanced Persistent Threats, stealthy exploits,redundancy, resilience & the ability to reconcile to a paper ballot. It's now part of public record. All the high points.
2/I hope they were all listening.
Unfortunately no. More on this later.
Read 3 tweets
Profile picture
1/I've been asked how malware capable of undetectable manipulation can find its way onto computers used in GA elections. 2 Windows systems are used. Windows CE for Diebold touchscreen voting machines and desktop versions of Windows for tabulation. Here are the vulnerabilities.
2/ Windows CE is the mobile version of Windows used in hand held devices around the year 2000 (remember?) Windows CE basically has no security features at all. These are the vulnerabilities. Windows CE is an obsolete Microsoft product. It has not been strengthened.
3/Hackers cracking familiar desktop Windows OS try to take over when the computer is first turned on when various tests are run and necessary software is loaded. If something bad happens here, abandon all hope. You'll never find the malware bc its hiding deep b4 even the OS loads
Read 9 tweets

Related threads

Profile picture
Media Bias? What Media Bias? pjmedia.com/election/media… #Election via @pjmedia_com
If you subscribe, to the digital edition of the New York Times, you'll soon notice that just about every headline or subhed will contain some reference to President Trump.
It almost doesn't matter what the ostensible subject of the article is; the hed must include some aside about "the age of Trump," even if the story is about golf or gardening. Because, you see, everything is political today.
Read 5 tweets
Profile picture
ICYMI: Arkansas Dem @GregLeding under Fire After Profane and Intimidating Confrontation with Female Opponent
pjmedia.com/election/arkan… #Election via @pjmedia_com
A Republican candidate in Arkansas says her opponent for a state Senate seat, Democrat Greg Leding, physically intimidated her after a debate earlier this week, getting in her face, spewing profanities, and promising her she will be defeated.
At least one Republican Party employee has called the altercation at the Fayetteville forum an "assault," the Arkansas Times reported, as Leding, the incumbent, put his hand on challenger Dawn Clemence before stomping off.
Read 3 tweets
Profile picture
1) This is a useful reminder to those of us who are more than TIRED of WAITING.

There will be NO ARRESTS before the #ELECTION (11/6/2018), at least from Jeff Sessions/DOJ. There CANNOT BE ARRESTS, prosecutions, or unsealed..
#ANON #Qanon #GreatAwakening #DrainingTheSwamp
2) indictments right before the #ELECTION by DOJ or its constituent parts.

The Hatch Act (5 U.S.C. §§ 7321-26) would prohibit the timing of arrests to affect an election.

Specifically, 5 U.S.C. § 7323(a)(1) holds that “[A]n employee may not use his...
3) official authority or influence for the purpose of interfering with or affecting the result of an election.”

There would be no doubt that, say, arresting Crooked Hillary this week or next week would be the use of official authority to affect the result of an election. ..
Read 10 tweets
Profile picture
Bored with the #internet? It's a common feeling. Let's take a look at a few internet alternatives to while away those hours where you pretend you're working...
#AlternativeInternet no 1: The 1972 portable microfiche reader. It's like a library in your briefcase. You still have a briefcase, right?
#AlternativeInternet no 2: Dial-A-Disc (1980). It also tells you the cricket score up to 7pm - double bubble!
Read 12 tweets
Profile picture
It couldn’t be any clearer what Republicans in states like GA and TX are doing. They are purposely undermining voting rights for Black and Latino Americans. Here’s how they’re doing it:
1. #GA Republicans are holding up the voter registration of 53,000, mostly Black people. The state’s Secretary of State Brian Kemp who oversees the voting roll is in a race for governor against Democrat @StaceyAbrams: nbcnews.com/politics/elect…
2. Florida has barred ex-felons who have completed their sentences from voting in the state denying 1.5 million people the right to vote. A referendum on the ballot in November would restore voting rights to these people: nytimes.com/2018/09/26/mag…
Read 9 tweets
Profile picture
Thread (1/7): @TheEconomist published a Special Report Titled "Fixing the #Internet", which relied on #Centralisation as its core lens

Huge victory for a technical community that has spent decade explaining how the architecture & ethos of the internet are under attack.

6 arts!
2. "But like Sir Tim, many people have recently become more critical of it (...) At the heart of their disenchantment, this special report will argue, is that the internet has become much more “centralised” than it was even ten years ago."
economist.com/special-report…
3. #Decentralisation is ultimately a question of #democracy. As digital technology penetrates society ever more deeply & the two become ever more intertwined, the rules of the former will increasingly govern the latter" economist.com/special-report…
Read 7 tweets

Trending hashtags

#Bartoleme #Extract #NSAuron #misdirection #uncool #function #excellent #prolly #USA #platforms #Socialist #FakeDemocracy #IPCC #coal #Producers #Collusion #Soros #Pentagon #mmm #violence #Howard #GA06 #British #vinyl #Some

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!