#InfoSec people will immediately know why #Cloudflare's Project Athenian — provided suspiciously free-of-charge for “election security” — is alarming.

Cloudflare terminates #TLS when your request reaches its edge servers, then makes its own TLS request to the destination server.
@NSAGov @CISAgov never warned us #Cloudflare was routing election data over its CDN — certainly subject to inspection/retention — ostensibly to prevent #DDoS attacks.

Sure, nobody got DDoS'd. But it's not beyond the realm of possibility they MITM'd/reverse proxied votes …
… in fact, the diabolically brilliant thing about using #Cloudflare is that the state election systems wouldn't have retained user IPs, so if they or their buddies wanted to do anything tricky, the evidence in the possession of the state would've be minimal…
… so far, my research indicates #Dominion was *also* conveniently using #Cloudflare (and also to a lesser extent, it appears some states were using #Amazon #Cloudfront).

And what's this?

A bunch of ❝@Georgetown❞ guys presented on election hacking at #DEFCON last year? Hmmm…
… oh, look who spoke at the #DEFCON election hacking event. Mr. “Most-Secure-Election-Ever” @CISAKrebs @C_C_Krebs.
… this is probably the point in the story where I should tell you that #Cloudflare, which ran the content delivery network for “dozens” of states' elections, basically *is* the US government. Specifically, @DHSgov.

@CISAKrebs @C_C_Krebs' false bravado makes so much sense now.
… that moment of decryption, when #Cloudflare decrypts the data from your #TLS session at the edge of their cloud, carries it across their network, then re-encrypts it as a session from them to the destination server (your election board) is where it's vulnerable to fiddling.
… these cities are where #Cloudflare's Global Anycast Network edge servers are located in #NorthAmerica. Conveniently, they're a stone's throw from most of cities where election irregularities are being asserted. Positively ripe for abuse if you have the motive, means, & access.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Ky Olbert 🇺🇸

Ky Olbert 🇺🇸 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @KyleOlbert

17 Nov
NOVEMBER 4: Ex-#Pennsylvania governors @GovRidge, @GovEdRendell preach “patience” during vote count.

(They were both at the top of #PA politics during the enormous #Adelphia Communications scandal. Odd… and then Ridge went on to head @DHSgov.) post-gazette.com/news/politics-…
This tweet is really just for the benefit of the good Governors, in case they think nobody’s been paying attention.
… after @GovRidge’s time at @DHSgov, he was replaced by Michael @ChertoffGroup.

Funny thing: #Chertoff — who co-authored the PATRIOT Act — started the “Transatlantic Commission on Election Integrity” in 2018 w/ @AndersFoghR. Their pals @JoeBiden & @JohnKerry were both members.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!