And ‘audit’ can only be as good as the Auditor + Access that they are given + standards they are auditing to.
I feel like (when it comes to Tech) we have people making rules & certifications that can neither hear, nor see... evil.
Remember this as we call for election “Audits”.
I feel like (when it comes to Tech) we have people making rules & certifications that can neither hear, nor see... evil.
Remember this as we call for election “Audits”.
https://twitter.com/2xwide_dreaming/status/1324900532809572353
WeHaveRisen, for instance, is pretty salty on the tech security side - in other words, bc he can HACK stuff, he knows how to assess (tech) security issues... and bc he’s a decent guy he likes to protect from malicious hackers.
I’m not a ‘hacker’, per se... but I can audit!
I’m not a ‘hacker’, per se... but I can audit!
I mention these things, bc he & I have different skill sets (etc) and it’s important that we understand our own limitations...
I say that, bc as I review docs on Dominion’s voting system... I cannot tell if the people in charge are stupid or willful with these decisions.
I say that, bc as I review docs on Dominion’s voting system... I cannot tell if the people in charge are stupid or willful with these decisions.
In some respects, I’m reminded of videos like this...
Tech Companies are inherently crafty at doing what they want and hiding it from us; they aren’t the most forthcoming about it, either.
Tech Companies are inherently crafty at doing what they want and hiding it from us; they aren’t the most forthcoming about it, either.
I say all of this bc you have to know which questions to ask (ie knowledge), if you want to get anywhere...
You also have to have access...
And outside of that, you simply need (auditor) integrity - I cannot tell if we have *any* of that... and I’ll make a quick demo.
You also have to have access...
And outside of that, you simply need (auditor) integrity - I cannot tell if we have *any* of that... and I’ll make a quick demo.
In the case of Dominion DS5.5 system and State of GA, reference this court document...
I’ll pull just a couple of key points out and maybe @We_Have_Risen will want to take a closer look at portions of his data.
law.justia.com/cases/federal/…
I’ll pull just a couple of key points out and maybe @We_Have_Risen will want to take a closer look at portions of his data.
law.justia.com/cases/federal/…
The thing that rocks my world is that it appears that these issues are willful...
For instance, there is very little effort, if any, of Dominion ‘hardening’ their systems.
See the definition below, if you are unaware what that is.
For instance, there is very little effort, if any, of Dominion ‘hardening’ their systems.
See the definition below, if you are unaware what that is.
In simple terms, every single component of the election system represents ‘vulnerability’ for unintended outcomes...
And since it’s best to eliminate vulnerabilities, ‘hardening’ is the process of (hopefully) eliminating the risk, or mitigating it.
Elimination is best...
And since it’s best to eliminate vulnerabilities, ‘hardening’ is the process of (hopefully) eliminating the risk, or mitigating it.
Elimination is best...
... when you are able to.
So in terms of ‘hardening’, it’s best to eliminate any/all software/hardware/features/processes that you DON’T NEED.
And look at an example of what is sitting on Dominion’s systems - INTERNET GAMES?! 👀
Can’t make that up...
So in terms of ‘hardening’, it’s best to eliminate any/all software/hardware/features/processes that you DON’T NEED.
And look at an example of what is sitting on Dominion’s systems - INTERNET GAMES?! 👀
Can’t make that up...
Some of you may find that more interesting than others, 😂, but for the sake of time... that stuff should *never* be on their systems!
And if it is - this lawsuit from a few months ago says that it is - then we need to investigate WHY it’s on there.
Honest mistake? Intentional?
And if it is - this lawsuit from a few months ago says that it is - then we need to investigate WHY it’s on there.
Honest mistake? Intentional?
At a bare minimum, those games are an access point for bad actors... can hack in from.
At a bare minimum!
At a bare minimum!
The game ‘vulnerability’ should just be eliminated entirely...
But there are other vulnerabilities that are essential to the process and must remain - in that case the risks must be MITIGATED (ie still talking about ‘hardening’).
Check this out: Outdated Android Systems
But there are other vulnerabilities that are essential to the process and must remain - in that case the risks must be MITIGATED (ie still talking about ‘hardening’).
Check this out: Outdated Android Systems
... see at the bottom, in the Red Box.
* Known Vulnerabilities *
No bueno, at all.
Why does it have “known vulnerabilities”? Don’t out systems have mitigation/controls for this sorta thing?
Software that is 10 years old?! 🤔
* Known Vulnerabilities *
No bueno, at all.
Why does it have “known vulnerabilities”? Don’t out systems have mitigation/controls for this sorta thing?
Software that is 10 years old?! 🤔
I don’t have to be a Cyber Security expert to know that is a problem...
Surely there are controls to prevent this from happening; why aren’t the controls preventing this?
For instance, these voting systems go through an Independent Certification/review for these things...
Surely there are controls to prevent this from happening; why aren’t the controls preventing this?
For instance, these voting systems go through an Independent Certification/review for these things...
... that certification/review is a CONTROL.
Q: So, did GA have an independent review?
A: Yes
Q: Did it include cyber security issues?
A: 😬
“Hear no evil; see no evil.”
This is getting ‘outta control’, so to speak - our ‘controls’ are not working.
Q: So, did GA have an independent review?
A: Yes
Q: Did it include cyber security issues?
A: 😬
“Hear no evil; see no evil.”
This is getting ‘outta control’, so to speak - our ‘controls’ are not working.
It’s a system that requires use of ‘flash drives’; we just heard about flash drives of votes showing up in another state... RISK
Also, even if flash drives aren’t showing up (full of votes), they are still a MAJOR RISK for exploit.
Also, even if flash drives aren’t showing up (full of votes), they are still a MAJOR RISK for exploit.
Flash Drives have their own vulnerabilities...
Has anybody checked them? I doubt it... bc the 3rd Party didn’t do it...
Outta Control!
Check this out - it includes ‘off the shelf printers’ that anyone can bring in!
Has anybody checked them? I doubt it... bc the 3rd Party didn’t do it...
Outta Control!
Check this out - it includes ‘off the shelf printers’ that anyone can bring in!
“Hear no evil; see no evil.”
What I mean by that is... auditing this system - with ALL of these issues - is mostly a waste of time.
This SYSTEM is designed to fail; completely outta control.
What I mean by that is... auditing this system - with ALL of these issues - is mostly a waste of time.
This SYSTEM is designed to fail; completely outta control.
On top of that, even if you were to ‘audit’ the 2020 election... you won’t get access!
Literally no one, besides whomever Dominion allows, is provided access to their source code!
Can’t audit what you can’t (legally) access!
“Hear no evil; see no evil.”
Literally no one, besides whomever Dominion allows, is provided access to their source code!
Can’t audit what you can’t (legally) access!
“Hear no evil; see no evil.”
I have been in ‘oversight’ roles professionally - I understand ‘risk’, mitigation... and I have audited!
These are not control failures (as we’d expect to see); this system is outta control.
In other words, it appears that this system of controls isn’t designed to...
These are not control failures (as we’d expect to see); this system is outta control.
In other words, it appears that this system of controls isn’t designed to...
... protect the integrity of our elections!
It appears to be designed... so that we “hear no evil; see no evil.”
It’s CYA, in my opinion. They can say...
“Yes we certified the equipment”, for instance.
It appears to be designed... so that we “hear no evil; see no evil.”
It’s CYA, in my opinion. They can say...
“Yes we certified the equipment”, for instance.
(Paraphrase)
Q: “Well... how about security features? I hear these things about encryption; does this system have encryption?”
A: “Yes”
Q: How do you know?
A: “Bc they told me.”
😑
Q: “Well... how about security features? I hear these things about encryption; does this system have encryption?”
A: “Yes”
Q: How do you know?
A: “Bc they told me.”
😑
Mr. Cobb is the Director of the 3rd Party that certifies the equipment for State of GA...
He didn’t test/check the encryption? Does he even know what ‘encryption’ is?
The certification is a bad dream; all of this is like a bad dream. And these issues were *known*!
He didn’t test/check the encryption? Does he even know what ‘encryption’ is?
The certification is a bad dream; all of this is like a bad dream. And these issues were *known*!
States cannot possibly audit this... as there are too many problems to pinpoint ‘causation’ - these machines need to be confiscated & people need to be investigated.
Check the logs, remember? That is how you find the hidden stuff...
And it appears they know it... and delete.
Check the logs, remember? That is how you find the hidden stuff...
And it appears they know it... and delete.
All of this was known; all of it is preventable!
... anywhere that uses that voting system is at high risk for rigging.
This stuff is intentional & needs to be confiscated!
... anywhere that uses that voting system is at high risk for rigging.
This stuff is intentional & needs to be confiscated!
Additional Info:
• Same system used in Michigan where 6000 of Trump’s votes swung to Biden...
• see WHR thread for some tech stuff
• Same system used in Michigan where 6000 of Trump’s votes swung to Biden...
• see WHR thread for some tech stuff
https://twitter.com/we_have_risen/status/1325129915709104129?s=21
These are my last points on Dominion (for a while), but these points are CRITICAL for context!
As of right now, the ‘news’ is blaming the MI vote swing on ‘software glitch’ - that ‘glitch’ maybe different, depending on where you get your ‘news’.
This one blames an ‘update’...
As of right now, the ‘news’ is blaming the MI vote swing on ‘software glitch’ - that ‘glitch’ maybe different, depending on where you get your ‘news’.
This one blames an ‘update’...
... and that causation, that it was the result of a software ‘update’, is coming from an ‘Expert’ in academia.
Is Halderman right? I don’t know...
But I’d expect an ‘expert’ to determine that after an update, the system should be tested... for assurances!
Is Halderman right? I don’t know...
But I’d expect an ‘expert’ to determine that after an update, the system should be tested... for assurances!
Instead, that ‘expert’ mentions nothing of the systematic failures that must have (also) occurred, if a software ‘update’ caused the ‘glitch’.
Kinda strange.
... goes on to blame the local/small software company and give thumbs-up to Dominion.
freep.com/story/news/pol…
Kinda strange.
... goes on to blame the local/small software company and give thumbs-up to Dominion.
freep.com/story/news/pol…
THE NEWS IS FAKE!!!!
There is no way in hell that ‘expert’ can truly arrive at correct causation, unless they have the skill & access to the software source code.
And Logs.
And no one gets access!
We need to confiscate the machines.
(End)
There is no way in hell that ‘expert’ can truly arrive at correct causation, unless they have the skill & access to the software source code.
And Logs.
And no one gets access!
We need to confiscate the machines.
(End)
I lied - one more thing.
Michigan just spent $11m on this stuff in 2018-19! They were given funds and had plenty of time to get this right.
NO EXCUSES - KNOWINGLY
michigan.gov/documents/sos/…
Michigan just spent $11m on this stuff in 2018-19! They were given funds and had plenty of time to get this right.
NO EXCUSES - KNOWINGLY
michigan.gov/documents/sos/…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
