Profile picture
, 15 tweets, 6 min read
Exclusive: For yrs ES&S, top voting machine maker in US, has been saying its vote tabulators and election-management systems are not connected to the internet. That appears not to be true. Researchers say they found what appear to be 35 online. vice.com/en_us/article/…
The systems, spread across 10 states, have been sitting online for months, in some cases yrs. These include systems in nine Wisconsin counties, in four Michigan counties, and in seven Florida counties—all perennial battleground states in presidential elections.
Some of the systems have been online for a yr and possibly longer. Some disappeared from the internet after the researchers notified an information-sharing group. But at least 19, including one in Florida’s Miami-Dade County they say, were still connected to the internet this wk.
The systems are sitting behind Cisco firewalls, which is how researchers found them. ES&S acknowledged to me that these critical systems are connected to internet-facing firewalls but says this doesn't mean the systems are connected to the internet, because they're not "pingable"
Election officials around the country have long been repeating this assertion--that voting machines and backend election-management systems aren't, and never have been, connected to the internet. Neither is true, say the researchers, who accuse ES&S of misrepresenting the facts.
It's not just that the systems are online -- they using four year old FTP software that hasn't been supported by the software vendor since Jan. 2017. And then there's this 👇
A great and dedicated group of election security experts/researchers worked on this investigation throughout the last year, led by @kskoglund. The group included ten individuals, but all want to remain behind the scenes, so a silent thank you to them.
@kskoglund But a loud shout to the great editorial team at @vice, one of the best I've ever worked with, especially my editor @emanuelmaiberg who stayed up all night in solidarity. @jason_koebler @derektmead @katiedrumm
@kskoglund @VICE @emanuelmaiberg @jason_koebler @derektmead @katiedrumm ES&S tweeted FAQ in response to story I published today. It states that election-management systems are "not permitted" to be connected to internet but it doesn't actually say they aren't. Instead it says they are not "exposed" to the internet, carefully parsing words.
What this means is that the election-management system is connected to the internet, but with the firewall in front of it, it has a veil that prevents anyone from looking it directly in the eye. But it's still there. And you can see it because you can see the veil.
It makes little difference how long election systems are connected to the internet; any connectivity at all opens them to potential attacks. “For a skillful, motivated attacker, it doesn’t matter much if [the system is connected] two minutes or a whole year.
"But for a less skilled fool, less motivated attacker, the fact that they are there for a year, it lowers the bar,” election security expert Harri Hursti told me. “It actually buries the bar under the ground to carry out attacks with less skill.
"[And] you have a way longer time when the hack can be carried out and the evidence of the attacks [hidden]. What you are describing is a bad behavior amplified by sloppiness and complete negligence of security.”
An update for story I published yesterday about critical election stystems connected to the internet: 4 systems in Indiana, Tennessee, Nebraska, and Florida are now offline. However, one in Miami-Dade County, Florida, which has 1.4 million registered voters, is still online.
Update from researchers: as of today they only see 3 election system FTPs still online (down from 35). But there's a problem; counties appear to just be turning off FTP and are not actually disconnecting the firewalls that still have backend EMS/tabulators connected to them.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Kim Zetter

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @KimZetter see all

Profile picture
Kim Zetter
@KimZetter
Google workers gave $5 gift cards to get people to provide scan of their face, but didn’t say it was for developing facial recognition of dark-skinned faces nydailynews.com/news/national/…
Teams were dispatched to target homeless people in Atlanta, students on college campuses and attendees of the BET Awards in LA. They were told to go after people of color and conceal fact that faces were being recorded - instead telling them it was just a selfie.
“If the person were to look at that screen after the task had been completed, and say, ‘Oh, was it taking a video?’… we were instructed to say, ‘Oh it’s not really’”
Read 10 tweets
Profile picture
Kim Zetter
@KimZetter
Great scoop. That 2016 expulsion of Russian diplomats from compounds in SF and elsewhere wasn't retaliation for meddling in US election - the compounds were part of Russian spy op that targeted FBI communications. @zachsdorfman @JennaMC_Laugh @SeanDNaylor news.yahoo.com/exclusive-russ…
"American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI surveillance teams.
"Officials also feared that the Russians may have devised other ways to monitor U.S. intelligence communications, including hacking into computers not connected to the internet."
Read 10 tweets
Profile picture
Kim Zetter
@KimZetter
CNN says US extracted top-level spy from Russia shortly after May 2017 mtg. A Russian media outlet says Russian official Oleg Smolenkov, his wife and 3 children disappeared "without a trace" during vacation to Montenegro in June 2017. dailystorm.ru/news/sotrudnik…
The Russian article describes Smolenkov as a "state adviser to the Russian Federation" and says he "worked at the Russian Embassy in the United States, when Yuri Ushakov, now Assistant to the President of Russia, was Ambassador Extraordinary and Plenipotentiary in Washington"
Could these two events be related? Unclear, but CNN reporting that the extraction occurred shortly after May 2017 would help lead Russian government to identity of spy, if not already known. But if Smolenkov was the spy, the Russian gov likely already knew it before CNN story
Read 9 tweets

Related threads

Profile picture
Jennifer Cohn
@jennycohn1
Dear @RepCummings & @RepRaskin: TY for asking Brian Kemp & @GaSecofState to produce documents re: voting machine vendor ES&S. Pls also ask ES&S to identify the 300 jurisdictions where it has installed remote access software in election management systems. TY. #NationalSecurity 1/
ES&S has donated $30k to the Republican State Leadership Committee & recently admitted after prior denials that it has installed remote access software in election management systems in 300 jurisdictions that it won’t identify. 2/nybooks.com/daily/2018/11/…
As you can see, I directed this request to @RoyBlunt last year, but he ignored it. 3/
Read 18 tweets
Profile picture
Jennifer Cohn
@jennycohn1
The new e-book Stolen Future exposes the ties btwn voting machine vendor ES&S on the one hand & the Bush family & the hanging chads from Florida 2000 on the other. It shows how ES&S, which provided scanners for this week’s FL recount, misleads to keep the media off its back. 1/
Stolen Future is mesmerizing and infuriating. Buy it on Amazon for $3.99. Knowledge is power. @RealRussBaker 2/
Seriously, this is a necessary & quick read for everyone who cares about democracy. 3/
Read 8 tweets
Profile picture
Jennifer Cohn
@jennycohn1
Dear @marceelias, @senbillnelson, & @andrewgillum:

Thank you for fighting to ensure that votes were counted as cast in your respective races. As an election integrity advocate, writer, and attorney, I wanted to share some facts with you that I believe warrant a motion... 1/
... to enjoin certification of results before a full manual recount of all paper ballots (not just the under and over-votes) is conducted. I provide links to the sources for all such facts within and/or at the end of this Thread. 2/
First, starting in 2015, Florida became one of a small number of states to allow voting machine vendor ES&S to install cellular modems in its DS200 precinct scanners, which are used throughout the state of Florida. 3/
Read 38 tweets
Profile picture
Venture Capital
@kelly2277
🔥Evidence Shows Hackers Changed Votes in the 2016 Election But No One Will Admit It 🔥theroot.com/evidence-shows… via @TheRoot
💥Nobody has pointed THIS out💥The Director of National Intelligence said the intel community’s assessment “found that Russian actors did NOT compromise VOTE-TALLYING systems. That assessment has not changed.” Emphasis is mine. LISTEN TO ME 👇Definition of MANUAL vote tallying🗳
📡 The DNI did NOT address whether votes were manipulated in Electronic Tabulation Technologies that may transmit results over PUBLIC TELECOMMUNICATIONS NETWORKS. 📡
Read 7 tweets
Profile picture
Jennifer Cohn
@jennycohn1
@amyklobuchar wants to hear from the “major voting machine vendors that skipped yesterday’s hearing.” Who could she be referring to? Hint: ES&S (44% US election equipment), whose scanners include CELLULAR MODEMS & who has sold systems w/ REMOTE ACCESS SOFTWARE, was a no show. 1/
2/ I discuss ES&S—and its sale of popular DS200 scanners containing cellular modems, its sale of election management systems w/ remote access software, & its new ExpressVote touchscreen barcode balloting systems that counties are flocking to buy—here. medium.com/@jennycohn1/st…
3/ I discuss the former Georgia Election Director—who defeated a paper trail bill months b4 taking a job w/ voting machine vendor Diebold (a company founded by white collar felons) & who is now an ES&S VP selling the ES&S ExpressVote EVERYWHERE—here. medium.com/@jennycohn1/ge…
Read 3 tweets
Profile picture
Jennifer Cohn
@jennycohn1
Dear @Susan_Hennessey, It is irresponsible to continue PRETENDING we have a system that allows us to know whether or not our "official" election results are legitimate. THREAD.
1. The TERRIBLE TRUTH is that neither you, nor I, nor any other voter knows what happened INSIDE the electronic voting machines, election management systems, and tabulators used to count our votes.
2. ALL voting machines can be hacked through the internet, even if the voting machine itself isn’t connected to it.
freedom-to-tinker.com/2016/09/20/whi…
Read 36 tweets

Trending hashtags

#HLVS #iHateCapitalism #HandAudits #AntiWar #SAFEAct #CapitalistLies #Buildings #Tehran #PeoplesRepublicOfChina #Soviet #election #CapitalismIsCorruption #RedArmy #Georgians #SocialismIsTheCure #SexSlaves #MissPavlichenko #DuncanBuell #ComradeStalin #NoAntiSemitism #VVSG #honesty #Iraq #genocides #ValentinaTereshkova
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!