The report on vulnerabilities is linked at the bottom. For more fluffy and non-technical info, and source about the Bic Pen demonstration, maybe take a look at this Politico article, a very brief one from a local news station, about the Bic Pen. I'm sure no one will report it strait and fully. They like to distract and deflect by focusing on speculating people's motivations and feelings as well as grouping people to discredit them. Standard lame gaslighting.
The Gateway Pundit reports on this as well, including their argument that the FBI Thwarted the Investigation and targeted whistleblowers to hide it.
The Report
The expert evaluated the ImageCast X (ICX) BMDs that all in-person voters in Georgia must use, without paper trail. This is the 'ballot marking device' that produces that questionable QR code. It is simply an Android touch-pad sitting next to a printer it is connected to, and running Dominion's software.
He found many serious and inexcusable security problems with the printer and the touch-pad, not to mention the heavily criticized QR code strategy, which give no way to verify it printed what you chose.
The computer science professor, Alex Halderman, is a well known and respected security expert with a long history of warning Congress about electronic voting vulnerabilities for decades, with extravagant shows of proof. Read a little more about him here.
He found and claimed that...:
(Quick paraphrased versions glance, referring to the BMD if not specified):
- The 2020 election had the Georgia BMDs configured in a particular way even non-technical people could exploited them.
- There are many avenues to install malicious malware.
- The printers can be infected to secretly print the wrong choices.
- When connected to the election management systems (EMSs), even briefly, an infected BMD could infect all others through the EMS.
- Using the EMS, while the BMDs are connected, you could manipulate, re-configure, or infect the the BMDs.
- Compromised BMDs can alter voters' votes while subverting ALL the procedural protections practiced by the state, including acceptance testing, hash validation, logic and accuracy testing, external firmware validation, and risk limiting audits.
- The Android touch-pads have a root terminal app installed, bypassing all security.
- Similarly, they have administration software that likewise bypasses security.
- The audit logs can be simply modified with the on-screen text editor.
- Unplugging the printer and putting a USB device in its place is a viable attack.
- All BMDs and ICP scanners in the country share the same set of cryptographic keys, making faking election results using these devices across the country, as easy as finding one of these devices or a single Poll Worker Card and PIN.
- Election workers could have looked on their ImageCast Precinct (ICP) scanners and peek at recent voters' choices with just brief access.
Even worse, his main conclusions claimed...
- These devices and the entire Dominion system architectures were so baddy designed, that they seemed designed without security. He suggests this fixing them, after-the-fact, isn't reasonable. They need redesigned from the start with a focus on security.
- These IDX BMDs are as insecure, if not worse, than the Diebold systems they replaced (TS abd TS-X DREEs). They have similar security failures.
- Despite the addition of a paper trail, malware could still change the votes and most election outcomes without detection.
- Georgia's risk-limiting-audits of one contest every two years, but even then, or with a hand count,they would miss maliciously changed votes, count.
After all this, here is the biggest concern, that should upset every voter in every state:
"Likewise, previous security testing efforts as part of federal
and state certification processes appear not to have uncovered the critical
problems I found. This suggests that either the ICX’s vulnerabilities run
deep or that earlier testing was superficial. In my professional experience,
secure systems tend to result from development and testing processes that
integrate careful consideration of security from their inception. In my view,
it would be extremely difficult to retrofit security into a system that was not
initially produced with such a process."
CISA is apparently useless and their selves, vulnerable. This isn't the first item we've found CISA giving a big thumbs up approval to a moronically flawed and insecurity election design (Maricopa County's thumb drive fiasco and their complete lack of security exposed by the 'are they connected to the Internet' investigation, which found they didn't need the Internet to be insecure.).
Georgia Secretary of State Brad Raffensperger has decided ignored the problems, and has already dismiss them, and suggesting he will make no changes, saying that the system is fine. CISA determined some of the problems to be serious and true, so he must update them with lame attempts at patching the flawed design. Raffensperger has planned on not fixing it until after the 2024 election.
My Pillow guy was right all along, about some things, apparently.
https://storage.courtlistener.com/recap/gov.uscourts.gand.240678/gov.uscourts.gand.240678.1681.0.pdf
[–]twolanterns 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - (0 children)