Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
erratarob.bsky.social Profile picture
@ErrataRob
Sep 23, 2021 53 tweets 15 min read Read on X
Scrolly
1/n In two days, they'll present the Maricopa audit live at 4pm Eastern. I plan on live tweeting it, as responses to this tweet, so you can bookmark this and check back Friday.

I'm certain there will be no value to my tweets, so you probably shouldn't.
2/n The report leaked early, so naturally I read it and wrote up a response discussing the cybersecurity bits.
blog.erratasec.com/2021/09/check-…
3/n Most of the news about the Cyber Ninjas is concerned about whether the results come out right (Biden vs. Trump). This is probably the most important part.

But my expertise is in the cybersecurity parts.
azcentral.com/story/news/pol…
4/n Can I just tell you jerks who leaked the draft how much I hate you forcing me to stay up until 4am? Couldn't you have waited until the morning??
5/ Current status. Don't watch. It'll be a waste of time and just get your blood pressure roiling.
player.invintus.com/?clientID=6361…
6/ Yes, polls say voters don't trust elections.

But it's because politicians are fanning the flames of doubt. They are obviously dishonest in saying they are merely responding to voter desires -- they are the ones creating them.
7/ Dr. Shiva, the fraud who continues to claim to have "invented email" despite clear evidence that email predated his "invention" by many years. One easy proof is early Internet (Arpanet) standards.
datatracker.ietf.org/doc/html/rfc561
8/ Anybody can see that this looks like an email from years before his "invention". It's not just email where he is a fraud, but all sorts of other things, like alternative medicine.
9/ Shameless: "Inventor of Email" among his qualifications.
10/ Dr. Shiva is going through a list of "anomalies". It's important to distinguish that these anomalies are he can't explain (because he's not competent or didn't look enough).

These are not things he does understand that he knows indicates something bad happened.
11/ Here's an example of how there are explanations for things Dr. Shiva doesn't understand. He sees "duplicates" happen in a spike after an election. But there's reasons for this.
12/ Here's another example of the "anomalies" pointed out by Dr. Shiva being debunked in real time.
13/ After Dr. Shiva's presentation they gave him a chance to verbally list all his qualifications. He said "I invented email in 1978".

Note: the Queen of England sent her first email in 1976.
14/ Now we have Doug Logan. He's a CISSP!!
15/ The reason CISSP is problematic is situations like this. It shows you know enough to find the "router" configuration in Windows, but not enough to know that just because they configured a router doesn't mean the router exists -- that it's not used for purely local Ethernet.
16/ Logan is currently on the Section 6 ballot issues, I'm just hanging around until the Section 7 cybersecurity issues. In this section I pay attention to people like @HarriHursti who knows an impressive amount about ballots.
17/ Now for the parts I do understand, Ben Cotton's testimony. He also has a CISSP. He also has various certifications from his own company.
18/ Note that unlike Dr. Shiva, Both Logan and Cotton are somewhat competent. What we see is a partisan driven effort to search for dirt on the 2020 election, which leads to overstretch and making mistakes. These mistakes don't mean they are incompetent.
19/ Ah, yes, he talking about 192.168.100.1 which according to his expertise existed on the network.

He's confused. A single local segment Ethernet doesn't use the local router. But they still need a router to be configured. So a router that doesn't exist is configured.
20/ As I debunk in my blogpost, this entire slide is garbage.
blog.erratasec.com/2021/09/check-…
21/ The fundamental flaw is trying to apply generic, non-specific cybersecurity requirements to air gapped networks. This is inappropriate.
23/ He's now pointing out to discovering .exe files after the certification date. As I explained in my blogpost, .exe's get created all the time. Maybe they have an actual issue, but the way they describe the issue doesn't show understanding of these alternate explainations.
24/ He's now claiming the "preservation" laws/regulations mean that the Windows operating-system security logs must be retained. Nobody I know agrees, and they haven't sufficiently made their claim that the law covers this.
25/ They found a system with a second hard-drive and get all excited by the anomalies.

There's actually nothing wrong here.
26/ Files are supposed to be deleted from the C: drive from an "EMS Server".

Everything that's supposed to be preserved is supposed to be copied to the D: drive.
27/ It's the D: drive that's important. He finds deleted files there, too.

But are these files covered by the data preservation laws? He doesn't say.

Moreover, it's common to backup to external drive.
28/ This "file deletion" argument is big among Trumpists, so he creates very large number of deleted files.

But nowhere does he actually show that any rules/laws were broken or that they weren't properly preserved. Absolute zero evidence.
29/ The next biggest argument among Trumpists is that "Windows operating-system logs" are required to preserved in that 22 month federal mandate.

Nobody I talk to agrees that system logs are covered by that mandate. It's some new interpretation by the auditors and Trumpists.
30/ He's now trying to argue there's a conspiracy to overflow the logs. This is meaningless.

If the logs were covered by preservation laws, they'd be copied off to the D: drive, and wouldn't left to rot on the C: drive.
31/ His audience is clapping, as if they believe this unproven allegation of a conspiracy to overflow the logs.
32/ Again, more data missing that they can't explain.

Remember: These audit results are not about what they found. Instead, it's listing all the things they couldn't find -- which Trumpists point to as where their proof is.
33/ "Without access to the router data, network data, I cannot tell if this is a legitimate access or an malicious access".

First, they aren't anomalous, there's not reason to suspect foul play, it's just that he's not enough of an expert to understand them.

....
34/ Second, no, the network data wouldn't do anything to explain them. The issues aren't related. He is lying.
35/ This is actually pretty normal to find ports you can't explain.
36/ It's normal for a computer to reach out to the Internet even if it's on an isolated network.

If these remote connections succeeded, this would be a big thing. But no such finding was made.
37/ He's not clear where this information came from.

Processes attempt communication all the time. He doesn't tell us how he determined it succeeded.
38/ You can't see it, but the last line says "m_nework_wireless.html". He claims this means WiFi existed when it wasn't supposed to.

That's stupid. Computers have WiFi functionality throughout the system in case you want to use it. It's still around even if you don't.
39/ This is the first slide which I'd agree shows Internet connection.

But at the same time time, this isn't one of the air gapped systems. There's no claim it shouldn't have been connected.
40/ I'm making a leap here, but it sounds like a "registration" server that's supposed to exposed to the Internet to accept registration information.
41/ His final summation, expressed in my own words, is that these are woefully behind the sorts of things you'd expect from corporate networks. And he's absolutely right.

But it's exactly what you'd expect from industrial/health networks.
42/ We can certainly debate a lot about how to improve security, but "make it look more like the typical corporate networks I analyze" is very much the WRONG answer.
43/ I can't find this document they are claiming, "CISA Guidelines for Election Systems and Equipment".

I sounds like the document says stupid things like "patch".
44/ This says in their words a point I've been trying to stress here. The auditors keeping point to their failings to explain things they should be competent to explain as "something suspicious". This is objectively bad.
45/ I agree they weren't given enough information to confidently confirm/refute whether air gapped systems were connected to the network.

But that's primarily their own fault for making demands for this data unreasonable, rather than making reasonable requests.
46/ Logan ends his testimony with recommendations going forward. It's all reasonable sounding stuff, but a lot of it is still based upon misunderstandings, like the paper used in ballots.
47/ There are bunch of things here I need to look at more, such as the claim that dns.exe (the DNS server) had two listening ports rather than one, the normal port 53 and a high port.

My knee jerk response is THIS IS TOTALLY NORMAL....
48/ DNS servers often ask as resolvers. This means they make requests. When they make a request, they open a high numbered port in order to listen for the response. It's ephemeral, it'll go away in a few minutes. But it's normal to see dns.exe listening on many ports.
49/ But I don't know exactly how Dominion uses the DNS server, so I'd have to actually investigate it before I could make a more explanation.

I just know it's not as abnormal as Cotton says.
50/ Ah! this is the explanation.
The one computer which he could actually show was connected to the Internet wasn't an election system.
51/ Dominion uses "role-based security" with individual accounts, so that's not a problem.

The fact they didn't change the passwords actually is a good finding.
52/ Closing remarks she says all the reports are here:
azsenaterepublicans.com
53/ I can't find them, but maybe her twitter account will post them.
@FannKfann
54/54
We are ajourned!!! This thread is now over! Time to stand up and get some exercise.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with erratarob.bsky.social

erratarob.bsky.social Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ErrataRob

erratarob.bsky.social Profile picture
Nov 16, 2024
🧵So let's talk about the difficulties Netflix is having streaming the Tyson v Paul fight, how the stream gets from there to your TV/computer. This will a longish thread.
In 1985 on his first fight, TV technology was based upon "broadcasts". That meant sending one copy of a video stream to thousands, often millions of receivers. A city would send the signal to a radio tower and broadcast that signal across a wide area.
In today's Internet, though, everybody gets their own stream. There is no broadcasting, no sharing of streams. Every viewer gets their own custom stream from a Netflix server. That we can get so many point-to-point stream across the Internet is mind boggling.
Read 24 tweets
erratarob.bsky.social Profile picture
Sep 17, 2024
By the way, the energy density of C4 is 6.7 megajoules/kilogram.
The energy density of lithium-ion batteries is about 0.5 megajoules/kilogram.
C4 will "detonate" with a bang.
Lithium-ion batteries will go "woosh" with a fireball, if you can get them to explode. They conflagrate rather than detonate. They don't even deflagrate like gun powder.
To get a lithium-ion battery to explode (in a fireball) at all, you have to cause physical damage, overcharge it, or heat it up.
Causing heat is the only way a hacker could remotely cause such an event.
Read 8 tweets
erratarob.bsky.social Profile picture
Jul 21, 2024
I don't want to get into it, but I don't think Travis is quite right. I mean, the original 25million view tweet is full of fail and you should always assume Tavis is right ....

...but I'm seeing things a little differently.
🧵1/n
2/n
 DON'T TRY THIS AT HOME

I'm a professional, so I can take the risk of disagreeing with Tavis. But this is just too dangerous for non-professionals, you'll crash and burn. Even I am not likely to get out of this without some scrapes.
3/n
 To be fair, we are all being lazy here. We haven't put the work in to fully reverse engineer this thing. We are just sifting the tea leaves. We aren't looking further than just these few lines of code. Image
Read 14 tweets
erratarob.bsky.social Profile picture
Jun 18, 2024
The reason IT support people are so bitter is that YOU (I mean YOU) cannot rationally describe the problem:

You: The Internet is down
IT: How do you know the Internet is down?
You: I can't get email.
IT: Is it possible that the email servers are down and the Internet is working just fine? Can you visit Twitter on your browser?
You: Yes, I can visit the twitter website.
IT: Is there any reason other than email to believe the Internet is down?
You: The last time I couldn't get email it was because the Internet was down.

The fact that IT doesn't call you a blithering idiot on every support call demonstrates saintly restraint, even if a little bit of their frustration leaks through.
A lot of good replies to my tweet, but so far this is the best:
I very much like this rebuttal. I was think of "driving a car" analogy, but this tweet says it much better.
Read 5 tweets
erratarob.bsky.social Profile picture
Apr 12, 2024
Uh, no, by any rational measure, only Trump has had respect for the forum.

Televised debates aren't about "debate" but charisma and media training, where they craft an answer regardless of whether they believe it.

Trump is the only candidate who gives sincere answers.
Trump is pure evil, the brutality of his answers appeals to ignorant brutes who reject all civilized norms.

But the yang to Trump's yin is a liberal elite like Rosen whose comfortable with the civilized norm of lying politicians who play this game of deceitful debates.
To be fair, Biden (and Obama and Bush before him) have stood up for important democratic principles, the ones that Trump flatly reject. But still, the system has gotten crusty. There's no reason to take presidential debates seriously as Rosen does.
Read 4 tweets
erratarob.bsky.social Profile picture
Mar 21, 2024
I've read through it.

It's the same as all Ben Cotton's analysis's, looking for things he doesn't understand and insisting these are evidence of something bad, that the only explanation is his conspiracy-theory.

I can't explain the anomalies he finds, either, but in my experience as a forensics expert, I know that just because I can't explain it doesn't mean there isn't a simple explanation.

For example, he points to log messages about mismatched versions. I know from experience that such messages are very common, I even see them in software that I write. It's the norm that when you build something from a lot of different software components, that they will not be perfectly synchronized.

That he would make such claims based solely on log messages of mismatched versions proves that he's really not competent -- or at least, very partisan willing to be misrepresent things.
In particular, I disagree with his description of these files. In the C#/.NET environments, creationg of new executables is common. In particular, these are represent web server files. It's quite plausible that as the user reconfigures the website, that these executables will be recreated.

I don't know for certain. I'd have to look at Dominion in more detail. I just know that if any new C#/.NET executables appear in the system that they are not automatically new software.Image
The certification process looks haphazard and sloppy to me, so it's easy for me to believe that uncertified machines were used in elections.

But nothing in Ben Cotton's report suggests to me that this happened. He's not looking for an explanation for the anomalies he finds, he already has an explanation, and is looking for things that the ignorant will believe is proof of that explanation.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(