"To underline the lack of security at the ballot-programming level, ... Halderman displayed a screenshot of the “Who We Are” section of the webpage for Governmental Business Systems (GBS), an Illinois-based company that programs ballots 4 ... Michigan." 1/archive.thinkprogress.org/how-easy-would…
2/ "(They noted that GBS’s website didn’t even have basic Transport Layer Security encryption enabled.) This website offered names of all of GBS’s employees, along with their email addresses. From this, they pointed to the administrative assistant as a possible target."
3/ "But with the email addresses for every person in the company on display, it would be easy enough to find one person likely to be convinced enough by a professional-looking email purporting to come from Gmail, Facebook, LinkedIn, or Twitter to click on a link or attachment."
4/ "From there, a sophisticated hacker could introduce malware into the central programming of the ballots. Each vote would run through malware, ensuring a preferred candidate always wins."
5/ Thanks to #RealityWinner (and NOT the FBI & DHS, which want to conceal everything from the public), we already know that Russia sent spear phishing emails to VR Systems, a supplier of electronic poll books.
6/ "In September 2017, The New York Times reported that current and former intelligence officials said at least two other providers of elections services, in addition to VR Systems, had been breached by hackers in 2016.” fivethirtyeight.com/features/what-…
7/ How much do you want to bet one or both of those other two vendors are involved in programming the ballot files for voting machines? I'd say the odds are pretty good. But to be clear, I am speculating. It is unclear that our own govt is keeping what happened classified.
8/ "One potential stand-in for the EAC is the [DHS], which offers an array of cybersecurity information, tools, and services. Last summer, when news broke that Arizona and Illinois voter-registration data had been breached by Russian hackers, ...
9/ ... the DHS underlined the array of services (such as vulnerability scanning) it offered at no cost to states."
10/ “At first there was a trickle of interest, maybe three states. Then it was eleven, then twenty, then by election day almost all the states had interacted with the DHS in some way or other,” Smith said. ("One way or another?" That isn't all that reassuring frankly.)
11/ Plus vote tallying is usually done at the local level, not the state level. The National Committee for State Legislatures says there are 10k local election jurisdictions in the US...

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jennifer Cohn ✍🏻 📢

Jennifer Cohn ✍🏻 📢 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jennycohn1

15 May
Dear @julianbarnes: I am concerned that the "most secure election ever" narrative has eclipsed your crucial reporting from Oct. 2020. If Russians got inside our election system again, that is NOT secure. Even if they did not pull the trigger this time, what about 2022 & 2024?! 1/
An update to your story wld be really important. Because of the Big Lie, everyone, including the Ds, has gone to sleep on election security. They have not even reintroduced the #SAFEAct to require robust manual election audits of ALL federal races, not just what Rs choose. 2/
Thank you for your important work. #ProtectOurVotes #SAFEAct 3/
Read 8 tweets
15 May
Maybe u shld ask @julianbarnes if he’d like to retract his reporting from October2020 if this was the “most secure election ever.” I doubt he wld. Election reporting systems & election mgmt systems (used to program voting machines) are often networked. They infiltrated networks.
That does NOT mean they pulled the trigger. But if they got in, that is also NOT secure.
Image
Read 5 tweets
15 May
The FBI’s & DHS’s policy was to NOT tell the public, states, or Congress of county & vendor election-system breaches. They let counties & vendors decide whether to disclose. It was #RealityWinner who exposed this dangerous policy. Ds AND Rs in the Senate criticized the policy. 1/
The FBI later changed its policy to notify states (though not the public or Congress) of election system breaches. They did it due to the outrage over their concealment of breaches. Counties and vendors were not voluntarily coming forward to warn that they had been breached. 2/
The change in policy would not have happened without #RealityWinner. But the policy is still dangerous bc it does not require that the FBI or DHS notify Congress or the public of county or state breaches. That is still up to the election offices. 3/
Read 7 tweets
15 May
“Russia ... has in recent days hacked into state & local computer networks in breaches that could allow Moscow broader access to American voting infrastructure.” - 10/22/20 1/ nytimes.com/live/2020/10/2…
If true, 2020 was NOT a secure election. Russia penetrated our election infrastructure again. Russia either sat it out or we overwhelmed their efforts. But there is every reason to worry that they may be still inside our election system. Waiting. @RonWyden #SAFEAct 2/
“Officials say Russia’s ability to change vote tallies nationwide is limited” Meaning they could CHANGE VOTE TALLIES IN SOME PLACES TOO. 3/
Read 20 tweets
14 May
I never forgot this either. @rad_atl was referring to an actual conversation. Remember how Russia sent spearphishing emails w/ Trojan malware to Florida election officials? What if some of those officials used the same computer 4 emails as for the election management system?! 1/
2/
3/ Election management systems are used to program the ballot definitions for voting machines before each election (the programming is transferred from the EMS to individual voting machines via USB sticks or memory cards. They also aggregate precinct totals on election night...
Read 18 tweets
13 May
Susan Hennessey literally went out of her way to wrongly LEGITIMIZE Trump’s presidency. I wld know bc I called her out and saved a screenshot. Are we now in the staged opposition phase of the strangulation of our democracy?!
She did it here too.
Hennessy was wrong. Wyden is right. “People are always saying, no votes were changed [in 2016]. Nobody knows that! Because we wouldn’t know that unless we have a real forensic analysis ... & that hadn’t been done.” Sen. Wyden, member of the US Intelligence Committee, 10/23/19
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(