I am confused how they even get MAC addresses for remote systems. Unless you are using IPv6, the MAC address is stripped off as soon as the packet reaches the first router. The remote MAC address is never transmitted over a router, only the IP address. Which means in order to get a MAC address you would need a sniffer installed on every local network around the planet.
It is possible they find the network and then hack in and install spyware on a computer on that local net that can sniff the address, but I don't believe even the best hackers can do this always and everywhere. This makes me think they may be using something other than a MAC address as a unique identifier for the remote machine. They just format it to look like a MAC address.
The only case I can imagine where you might be able to get a MAC address by monitoring an intermediate network is when you connect via a VPN that simulates a layer 2 network bridge.
So a lot of questions here. I would be interested to know exactly HOW they obtained this data. It would probably answer the question about what this unique identifier actually is. But I assume they will never reveal that to the public.
Well, duh, of course you are right! MAC addresses don't route! So what IS this list?!
Also - for grins, I plugged my OWN list of MAC addresses from my laptop. I happen to have a boatload of virtual adapters for various reasons (I have VM's on my laptop) as well as typical 'corporate' VPN clients (Sophos, Fortinet, etc).
The Fortinet VPN showed up, but the Sophos VPN did not.
None of the virtual device MACs showed up.
So the lack of a 'hit' on MACs is not exactly something I'd read too much into.
FYI, I have over 20 'adapters' on my laptop (ipconfig /all). Part of the reason is I installed Microsoft's sandbox app, which creates a virtual adapter for every 'real' adapter, but does this even when the 'real' adapter itself is a non-physical device. So out of the 20 adapters, only 3 have hits on the MAC db from Wireshark.
The biggest surprise is that the sophos virtual adapter is not showing up, while the Fortinet virtual adapter does.
I'm sorry to say that those MAC addresses look suspiciously like gibberish that someone typed out. Notably, many of them have the least significant bit of the first byte set. That is the "group" bit. That bit indicates that the MAC address is not for an individual network node, but rather a broadcast or multicast group. Setting that bit outside of very specific usages results in a non-functional network connection. No meaningful MAC address within this context would have that bit set.
Also, many of them have the 2nd LSB set/cleared. That's the "local" bit, that indicates whether or not the MAC address is globally unique or not. I would expect any programmatic "randomize my MAC" function would set that bit to 1. At least that bit won't have any affect on whether the network connection works or not, unlike the group bit.
And are they really all not tied to any manufacturer? I often research MAC addresses when scanning 'whats on my network' (at work) and find 'unknown' Macs. Typically, I figure out who/what it is by other means, and it's a mainstream device that just didn't show up in the online mac db's. Some of these online databases are not that great. Also, you'll see dell computers using all manner of Macs, depending on who sourced the chips that month/year. I'd say it's a futile effort implying anything from the Macs.
Dominion: Stealing elections is their job, not their hobby. I'd expect them to be pretty good at it.
I am confused how they even get MAC addresses for remote systems. Unless you are using IPv6, the MAC address is stripped off as soon as the packet reaches the first router. The remote MAC address is never transmitted over a router, only the IP address. Which means in order to get a MAC address you would need a sniffer installed on every local network around the planet.
It is possible they find the network and then hack in and install spyware on a computer on that local net that can sniff the address, but I don't believe even the best hackers can do this always and everywhere. This makes me think they may be using something other than a MAC address as a unique identifier for the remote machine. They just format it to look like a MAC address.
The only case I can imagine where you might be able to get a MAC address by monitoring an intermediate network is when you connect via a VPN that simulates a layer 2 network bridge.
So a lot of questions here. I would be interested to know exactly HOW they obtained this data. It would probably answer the question about what this unique identifier actually is. But I assume they will never reveal that to the public.
Well, duh, of course you are right! MAC addresses don't route! So what IS this list?!
Also - for grins, I plugged my OWN list of MAC addresses from my laptop. I happen to have a boatload of virtual adapters for various reasons (I have VM's on my laptop) as well as typical 'corporate' VPN clients (Sophos, Fortinet, etc).
The Fortinet VPN showed up, but the Sophos VPN did not. None of the virtual device MACs showed up.
So the lack of a 'hit' on MACs is not exactly something I'd read too much into.
FYI, I have over 20 'adapters' on my laptop (ipconfig /all). Part of the reason is I installed Microsoft's sandbox app, which creates a virtual adapter for every 'real' adapter, but does this even when the 'real' adapter itself is a non-physical device. So out of the 20 adapters, only 3 have hits on the MAC db from Wireshark.
The biggest surprise is that the sophos virtual adapter is not showing up, while the Fortinet virtual adapter does.
I'm sorry to say that those MAC addresses look suspiciously like gibberish that someone typed out. Notably, many of them have the least significant bit of the first byte set. That is the "group" bit. That bit indicates that the MAC address is not for an individual network node, but rather a broadcast or multicast group. Setting that bit outside of very specific usages results in a non-functional network connection. No meaningful MAC address within this context would have that bit set.
Also, many of them have the 2nd LSB set/cleared. That's the "local" bit, that indicates whether or not the MAC address is globally unique or not. I would expect any programmatic "randomize my MAC" function would set that bit to 1. At least that bit won't have any affect on whether the network connection works or not, unlike the group bit.
Thanks for this extra level of detail. I didn't know about the IG stuff! https://packetsdropped.wordpress.com/2011/01/13/mac-address-universally-or-locally-administered-bit-and-individualgroup-bit/
That's InfoSec 101...
The most BASIC protection.
But if I can locate the machine with that MAC address, wouldn’t that be something? What about 10 or 20 or 100 or more?
If they camouflaged or aliased them in some way, then it won’t help unless there’s something else not being revealed.
but the real evidence here is that it was definitely done, votes were switched.
What you mean is, totally ignoring the mac address info, there is other evidence that votes were switched?
Not really being smart enough as it's just very easy to do.
maybe, probably
And are they really all not tied to any manufacturer? I often research MAC addresses when scanning 'whats on my network' (at work) and find 'unknown' Macs. Typically, I figure out who/what it is by other means, and it's a mainstream device that just didn't show up in the online mac db's. Some of these online databases are not that great. Also, you'll see dell computers using all manner of Macs, depending on who sourced the chips that month/year. I'd say it's a futile effort implying anything from the Macs.
Cool. I use a Mac. It's a bit out of date. Still running "El Capitan".
https://maclookup.app/
Why would Dell care?