Still watching the video on & off, the Dominion machines hadn't had a Windows or virus definition update since August 6th 2019, the same day the Dominion software was installed on said machines. The auditors were not allowed to look at the modems or routers used by Maricopa county to verify illegal access from the outside either, so they can neither verify nor deny that these machines weren't hacked.
It looks like they held out on accepting updates on purpose to make it easier to breach the operating system & fuck with it from the outside.
Oh and Maricopa county passed Election Assistance Commission certification off as an excuse for not updating. I'm not familiar with the cert system they're talking about but I can't imagine it would seriously mandate no fucking anti-virus updates as a condition of certification.
But as it turns out, even if that were true, they broke the conditions for certification anyway by installing four new exes anyway, with 45 exes modified & 377 new dlls installed & 1,053 dlls modified after the Dominion software was booted onto the machine.
So either these machines were made vulnerable by dumb certification standards & were exploited from the outside through the internet or they broke it themselves, meaning in either scenario that these machines were not up to standard. Your poison, your choice.
Apparently the Cybersecurity and Infrastructure Security Agency, an arm of Homeland Security, released a public guide on how to hold a secure election, which was not followed by Maricopa county for the sake of keeping their EAC certification. Here it is:
https://www.cisa.gov/sites/default/...lection-security-resources-guide-may-2019.pdf
Wayback Machine
The same password was used for all administrative & user accounts on the Dominion voting machines as well. These were established the same day as the Dominion software was installed.
And there was no accounting for who owned what user/admin account either. Usernames on these machines are not tethered to real people at all. No log aggregation for user access either. Nothing to monitor user activity whatsoever.
These Dominion machines are the Wild West of voting.
And now the meat of the story, the two bootable hard drives. Ben Cotton explains that having a secondary bootable drive gives you the ability to boot outside of the election configuration & get access to the election network. It's clearly not part of the system proper, & it has non-Maricopa county data. It also has data that appears to originate from Washington & North Carolina. Neither of the audits ordered by Maricopa county discovered this.
The Election Management System server had 865 directories & 85,673 election related files deleted between 10/28/20 11/05/20 which included s-logs that record vote tabulations, scanned images & log files. The way these files were treated can't be accounted for, they have no record of being hashed with an MD5 hash to preserve the integrity of the file or where they ended up. Other files deleted are .dvd files which show the results of election totals from each tabulating device.
The Election Management System server had six total drives grouped into two logical drives. Second logical drive was called the D drive & that contained the entire election database both historically & for the 2020 general election.
9,571 directories & 1,064,746 election related files deleted between 01/11/20 & 16/03/21. This includes S-logs, scanned ballots and .dvd files.
Maricopa county also used high pro-scanners, large capacity scanners with significant amount of files deleted off of three of these. On one of them there was 304 directories with a total of 59,387 files on 03/03/21, a month and a half before they were turned over to the auditors. High Pro 3 had been scrubbed the same day it was turned over, just before it was forfeited. 1,061 directories & 196,463 files were scrubbed. High pro 4 had a similar volume of deletion on 03/03/21. High Pro 2 was untouched. No chain of custody regarding deleted files.
The earliest security log on the EMS server was 05/02/2021. There were 3 distinct time periods in which log entries were overwritten. On 02/11/21, 462 logs were overwritten. On 03/03/21, 37,686 logs were overwritten. On 04/12/21, 330 logs were overwritten. The EMS server has a user defined setting that allows you to define the quantity of logs are retained before they're overwritten. This one was set to a 20 megabyte limit, once the system reaches that limit, it uses a first-in & last-out system to save logs, meaning as new logs are made, the oldest log gets deleted.
These overwrites are the result of someone running a script to look for a blank password for all the accounts on the system. The typical system only had 16 accounts total. This was all done by the EMS admin account. But since, there's no person tied to this account and everyone has the same password, there is no telling who's responsible for running this script.
Except there's historical data from the MTAC video feeds. They matched the video feed to the time these scripts were written to find people at the keyboards of these machines.
These individuals have been identified but no names or photos are being released. That means @Menotaur might get his retarded wish granted for a lawsuit with perps to put to the crime after all, before he moves the goal posts again that is. Remember that retaining this data for 22 months is Federal mandate, which means deleting it is a felony.
However, this issue of having no accountability is not a unique issue & is in fact widespread.
02/01/21 the sequel logs on the EMS indicate that the RTR admin scrubbed the general election results from the database on the EMS server. The lack of log entry means they couldn't find any logged entry which corresponded to this activity. The Windows security logs don't have corresponding log entries. This was right before the two audits commissioned by the county were due to be commenced on 02/01/21. So determining whoever had accessed to the RTR admin account when the same password is shared with everyone becomes difficult.
A log file on the Dominion software shows that someone went on the system & clicked on something to delete everything & deleted successfully including files on the nas directory where all the results, images & all other details for the election are contained. This happened the day before an audit started.
The audit also uncovered anomalous anonymous activity with logged IP addresses & host names, not only that but the anonymous logins are only given to matching credentials on an approval list. These anomalous logs however, don't have an IP address or host names logged with no validation after logging in. There are hundreds of these anomalous logs with no credentials.
Without the routers & modems used, there is no telling if these were legitimate or not, or where they came from, but it is known that it was a remote access.
The audit imaged 770 devices & gathered over 114 terabytes of forensics data.
They preserved that in a forensics image file that they could use without risk of modifying or changing anything on the original machines. They did this by turning the image file into a virtual machine to monitor the boot processes without a connection to the internet or without exposing any voter data to unauthorized users. They discovered 59 ports, most of which were typical to a Windows OS. There were some unexpected high port activity related to logons & DNS. Remote & terminal services were enabled.
As part of the analysis they did a complete check on the callouts and attempts to connect from the EMS server to internet. Maricopa county claimed that the EMS was completely isolated but it attempted to connect to the internet multiple times. They found most of these were normal for a Windows OS but couldn't confirm anything further since Maricopa county is cagey on divulging details to the audit.
No presence of zero day malware in memory during bootup in EMS server confirmed.
Next we'll talk about internet history. Maricopa county commissioned two separate audits that found no connections to the internet. The unallocated space examined in this audit tells a different story, with multiple connections to the same website occurring after the installation of the Dominion software. One includes three visits to the same site in the same day that is neither a private IP or URL. Because things were overwritten over time, there is not a complete history of internet activity.
What this proves is that this EMS server was not isolated from the internet from the time it had the Dominion software installed to the time it was audited.
The purging of this database occurred on the day before the audit. The IP address of 192.168.100.11 belonged to a private election network & used it as a proxy to access a series of web pages through it, indicating that it was a configurator, file server or something like that.
A particular URL of import, M_Network_WirelessLan*html was accessed on the 30th of October 2019. No information has been received about any wireless LAN configurations from Maricopa county during the audit, but here you have someone accessing that URL from the EMS client to access what can only be fathomed by the auditor as a wireless LAN configurator on that date. The EMS Admin 01 account was used for this purpose. The shared passwords & user accounts make it impossible to tie this action to any of the people involved.
Not every relevant device to this investigation was supplied for the audit.
The last visit to Microsoft's website was on 03/02/21.
The auditors go on a tangent to describe how extreme & obstructionist the resistance to this audit was. The auditor says the examples given so far are only a sample of thousands of connections to the internet. The device they're discussing was produced to them on a 4TB external hard drive, this was presented as a forensics image of the original, but when observed it was found that all the evidence produced on the 4TB external hard drives they were in actuality operational system clones & was not preserved in a forensics manner. Whether or not the unused portions of these drives were configured in such a way as to prevent comingling of data cannot be accounted for. These details are presented as caveats as to the findings which prove regular connections to the internet. In other words, Maricopa county are tards who may have presented tainted data that's unreliable.
In conclusion, IT forensics-man Ben Cotton states that this election was not secure at all by any measure of vulnerability assessments & he considers it a total failure on all fronts.
In summation:
Shared passwords
Shared user accounts
Remote access enabled
Dual-boot exploits available
Zero-day exploit not required
Script kiddy could've used metasploit to hack these servers in 10 minutes
