In Half 1 of this collection on the explosive testimony and demonstration of College of Michigan Professor Dr. J Alex Halderman within the federal lawsuit Curling v. Raffensperger, The Gateway Pundit coated extra in-depth the benefit of exploiting the “BIC pen hack” and, additional, the straightforward and cheap creation of voter, poll-worker, and, most significantly, technician Good playing cards to assault the Dominion ICX BMD or poll marking machine.
However there was rather more revealed in Choose Totenberg’s courtroom concerning the vulnerabilities of those digital voting gadgets.
To summarize Half 1, Dr. Halderman was in a position to make use of a easy BIC ball-point pen to reboot a Dominion ICX BMD by merely inserting it into the facility button on the again of the machine and maintain it down for 5 seconds. This rebooted the machine into Protected Mode and allowed Tremendous Person entry, granting the attacker nearly limitless talents to govern knowledge on the machine.
Professor Halderman was additionally in a position to make use of a Good card bought for $10 on-line and a $20 USB Good card Reader from Amazon to program voter playing cards that may very well be used time and again, county-wide. He additionally made a poll-worker card and, most significantly, a technician card that may additionally grant “Super User access.”
We discovered that instructions to govern the Dominion ICX BMD may very well be automated – merely insert the cardboard and it’ll do the remainder. Additional, nothing was wanted that wasn’t public info to finish the programming.
These playing cards would require some experience to program, however as soon as the counterfeit playing cards are made, anybody might insert it into the machine and exploit the vulnerability robotically.
Right here once more is the transcript from the court docket listening to and Professor Halderman’s testimony.
However there must be a approach that these assaults may very well be detected, proper? Not essentially.
No Proof of Exploitation
Dr. Halderman then demonstrated how he can delete parts of the system’s audit log so as to delete any proof that he had accessed and modified the system. Dr. Halderman testified:
Professor Halderman: “So now I’m again within the technician menu…and what I’m going to do is I’m going to go to the file supervisor and open the ICX’s audit log file. This is likely one of the log recordsdata that the machine creates, and I’m going to open it with the on-screen textual content editor.
What I’ve simply accomplished with the technician card is I’ve loaded this technician card with the automated instructions that I wish to run in a approach that they seem within the audit log. However I’m going to open the audit log and edit it with the on-screen textual content editor.
I’m truly going to spotlight a portion that got here from my card and hit the lower button to maneuver it to the machine’s clipboard. And I’m going to save lots of the audit log simply to point out you that I can delete parts of the audit log with the on-screen textual content editor.
Dr. Halderman described it as deleting log entries “that would otherwise be evidence of some malfeasance.” He can cowl his tracks from anybody with the ability to uncover the entry he had and what he was in a position to do to the Dominion ICX BMDs.
Seemingly for demonstrative functions, Dr. Halderman carried out every step manually, however he testified that it may be accomplished “programmatically”. Insert the cardboard and let the machine do the remainder. He additionally testified that he can shortly insert a command that may “take the other automated commands out of the log file that were copied from my technician card and execute them.”
The Bash Bunny
Subsequent, Dr. Halderman demonstrated maybe probably the most critical of the vulnerability exploits, on this writer’s opinion, not less than.
The next demonstration was not accomplished reside in court docket, however quite by way of a steady video recording using the Fulton County Dominion ICX BMD (poll marking machine). This video was performed reside earlier than the court docket.
The “attacker” within the video reached behind the printer that accompanies the Dominion ICX BMD and unplugged the USB cable and plugged in what known as a Bash Bunny. The machine appears like an enormous USB stick, however with the Bash Bunny, the “attacker” is “able to load it with a sequence of commands that it will then send to the device as if it were a keyboard.”
“…The Bash Bunny will begin driving the machine, and you’ll see that it’s transferring by way of a sequence of issues on the display screen. That is the USB machine controlling it.
And it will undergo and modify settings, as I describe within the report. It’s going to then open a terminal, get superuser entry, and take steps to put in malicious software program that’s saved on that very same USB machine.
Now, the USB — the malicious software program is a model of the ICX utility that we’ve — we’ve extracted from the machine and barely modified it so as to add some malicious performance. And the Bash Bunny machine is putting in the malicious model of the appliance on the machine and changing the model that usually would perform.”
All of this was accomplished robotically. The “attacker” merely plugged within the USB machine and it accomplished its set up and substitute of the software program in lower than two minutes. As soon as the Bash Bunny is programmed, there’s no particular ability required to provoke this assault.
The Bash Bunny prices about $100 and might be utilized with out eradicating or tampering with any of the seals on the Dominion ICX BMD. As Dr. Halderman testified, an “attacker” can make the most of a cable coming off the printer to attach the Bash Bunny quite than eradicating a seal and connecting it on to the Dominion ICX BMD. That connection shouldn’t be usually sealed, in keeping with Dr. Halderman.
Half 3 of this collection will comply with.
Throughout the testimony of Dr. Halderman, legal professional David Oles was not permitted to ask any questions of Dr. Halderman. Oles represents co-plaintiff Ricardo Davis of VoterGA.org. Yesterday, The Gateway Pundit reported that Oles was in a position to get proffers submitted to the court docket concerning Dr. Halderman and Dr. Philip Stark’s testimonies.
The trial that features this explosive testimony and reside demonstration is at the moment underway within the Northern District of Georgia in Choose Amy Totenberg’s court docket.
