##Racine, Wisconsin was the model district used to rig the swing states.
Here is the testimony from Kline with Project Amistad about this exact “flow of Zuckerberg’s money” to Racine, Wisconsin’s mayor as the key official in the operation.
The other partners with CTCL included the Knight Foundation (the daughter of James Knight lives in Racine, ElectionGuard and Microsoft (the President is Brad Smith who grew up in Racine), and Rock the Vote (with LeBron James and Caron Butler as the key endorsers, and Caron is from Racine).
Expose the Root of the real Agenda - Racine, Wisconsin.
Look up the Mound Builders, Aztalan, Kabbalah and the Path of Souls. Racine is the closest place on Earth to the center of the Milky Way through Orion.
I need to sound the caution alarm on this story. This e-mail doesn't necessarily mean the 'sensitive equipment' were the ballot scanning machines. But it's still suspicious nevertheless, since the people asking for the hidden network are from a mail-in ballot advocacy organization.
So not only were voting machines connected directly to the Internet which they should not have been, they were using unencrypted, passwordless, clear text WiFi, which anyone with a moderate understanding of packet sniffing could intercept and conceivably spoof to report "corrections" to vote totals (provided a mechanism exists on the machines and master servers themselves).
One SSID will be hidden and it's: 2020vote There will be no password or splash page for this one and it should only be used for the sensitive machines that need to be connected to the internet.
What do you think? I'm wagering there was a route considering that AP was explicitly stated to be for internet access for sensitive machines.
Try listening to the testimonies of the very qualified poll watchers that were actually there. They testify to the machines being linked to the internet and also about the full on scale voter fraud with ballots re-entered multiple times.
OH and Biden even testified about what the DemonRats had done:-
QUOTE:- "'we have put together the most extensive and inclusive voter fraud organisation in the history of American politics" This should be enough to charge them in and of itself!
You know I've been doing computers sense 1990. That email is by far the most retarded thing I've ever seen. So the WiFi network for the critical systems has no password??? I'm a little rusty but isn't it supposed to be the other way around...? The public network for everyone has no password but the critical machines one has a crazy hard to guess password? SMH...
My take: we've been repeatedly told no voting machines were connected to the internet. This is one more piece of evidence showing otherwise, and frankly, that should be enough.
Does "sensitive machine" = "voting machine"? Not necessarily... but what else is there that would be considered sensitive? Perhaps the computers with voter role and signature matching info?
If so, that's just as bad, IMO. Registration and signature fraud is as much a part of this as vote count changes, and unlike count changes which could happen just as easily on a remote server post-upload, meaningful manipulation would have to occur onsite during the matching and adjudication.
As for the password-less Wi-Fi, what does that mean? I'm more into the app development side of things rather than system infrastructure, so I have some knowledge gaps here, but...
A wifi network without a password does not encrypt the traffic going between the wifi access point and the machine.
This does not necessarily mean that everything being sent is readable or manipulable, because the voting software itself could be doing its own encryption before it sends info over the network.
It does point to two issues here, though. First, they are using an unbroadcasted wifi name, meaning you would have to know the name and type the name in manually to connect.
This is relying on something called "security through obscurity", which is bad practice. It's essentially like a hide-a-key: you are relying on an attacker NOT knowing that you hid your key under a rock by your front door. Most attackers will know to look under the rock to find the key, and therefore you might as well not have a lock at all.
In this case, the "hide a key" is the name of the network, being shared only to a select group, but this name "2020vote" is very easily guessed.
Second, emails are not a secure way to share information like this. Any security-focused business will have policies in place against sharing passwords via email, because email is not secure and may pass through many servers outside your control once sent.
That's 2 best practices violated.
So what can someone do once connected? Again, depends.
Is the PC running Windows? If so, there are MANY possible remote admin tools, some built in, that an attacker could have access to if not properly locked down.
Even if the PC is running a minimal Linux install, the admins could have installed any number of remote admin management tools that could give full unfettered remote access to the PC to do anything you could do if physically in front of it.
But, the PCs could also be perfectly well configured and locked down, all remote admin tools disabled or properly protected. The voting software itself could have its own access control, could be wide open, or somewhere in between.
Web servers like when you visit Amazon or Google, by design, are designed to be connected to the internet AND allow the public at large to connect to them, but they are tightly controlled to only allow you to access what you are allowed to access (if properly configured and without bugs).
Is that the case here?
We just don't know. But we know several aspects were already done against best practices (i.e. sloppy) and in a court case could likely be used to argue a general trend of insecurity and poor decision making.
FINALLY, it's worth noting that it appears that Hyatt and their IT team is directly involved in setting this up. Are they allowed to be privy to this? Who might they have shared this info with? These are people that are NOT Dominion, NOT election officials, and would have full access to anything on the day of voting.
And, while this is all interesting... none of it matters, IMO.
Why? Because none of us (last I checked) are accusing outside hackers of manipulating the results, but instead are accusing states, election officials, and Dominion of manipulating the results.
Which means even if this thing were locked down like Fort Knox or the Capitol in DC, the people doing the dirty were people who would have been allowed to get in there in the first place! They don't need open networks or misconfigured remote admin tools if they already know all of their own passwords and have added themselves to their own access lists!
Anyhoo, that's my 2 cents, and I guess tldr; "everyone's kind of right about this, but also even if this is a nothingburger it doesn't actually change anything".
It doesn't. As I explained, it calls them "sensitive machines".
So... let's examine and brainstorm a little.
First... what would be considered "sensitive" during vote counting? Well... voting machines are the obvious one.
Another would be signature verification machines. Or registration machines. Or anything else needed for adjudicating ballots.
Finally, it could just mean "a couple of VIPs who want to connect their laptops to a separate network to watch YouTube videos". Possible... but (a) use of the word "machine" feels like it's specifically targeting a limited-purpose computer involved in the official process, not general purpose personal computers, and (b) why would VIPs want an unprotected but unlisted network for their personal PCs? They wouldn't.
Which brings us to... if it's not a voting machine, what else would it be? And if it's one of the "other" things like signature matching, how is that any better?
Unless you're suggesting this email was regarding some unrelated event entirely... which... I mean, on October 30th, a "Nov 3rd event", and email address of "voteathome.org"? C'mon, man!
As a tech person I'm already horrified these systems run Windows in the first place
Windows is only windows, look at SSIDs and "password". Even trained monkey could hack it with ease. I wouldn't advise such things even for electing animal overseer in ZOO. Come on,as Polish I would say "Polish electorial calculator" (https://what.thedailywtf.com/topic/13836/polish-electorial-calculator/2
) from 2014 was probably quite advanced and who knows - maybe even more secure comparing to this shit.
No evidence it was compromised ? Ok,but evidence elections shall be repeated because it was able to be hacked by trained monkey or at best by 8 years old kid for sure.
"The KI Convention Center at Green Bay’s Hyatt Regency was where the election team decided to locate the city’s Central Count and where the absentee ballots were stored":
Seems like it should be a big deal, even though they probably already knew there was wifi to the voting machines. This kind of easily "debunks" the people who say the machines aren't connected to the internet, assuming the image above is valid. Where did you get the image from? Seems to be a print out of an email to Deanna Debruler who appears to be an admin in the Green Bay city government office.
I see several voteathome email addresses. Not sure their involvement in the whole 2020 election fraud scheme.
No, no, no, fucking no. IT person here. Man this site is going to shit.
No password does NOT mean that anyone can alter the data. No password simply means that the voting machines can get on the Internet without providing a password to connect to Wi-Fi. These are two completely different things; first being access to the Internet and the second being access to the information system in order to alter votes.
Should the voting machines have access to the Internet? Questionable.
Can the voting machines have their own encryption methods and access control methods, YES!
If you don’t know, please ask when it comes to IT as this is flat out stupid.
These Machines were being managed by a Win10 system certified in March 2020 using an image deployed in February. Not a single asset was updated past August 2020.
Wifi access is not the same as Direct Access unless you’re claiming a vulnerability enables an attacker access that they would not otherwise have remotely.
Wireless access IS direct access if you know what youre doing.
It doesn't require vulnerabilities or 0day. Do you even know what a RAT (remote admin tool) is?
A RAT and wireless access gives a remote user full control over the entire system. Attacker can even remotely take over your mouse control and act like he was physically sitting at the terminal
Connecting to a hotspot does not necessarily mean anything at all about security vulnerabilities of either system. A property maintained system should have no issue, either for the network system itself being connected to or especially the systems connected to the internet through it.
This is a different thing entirely if what is being connected to is a local intranet network although from what I'm reading, that's not what is being described here. Such a connection would leave you open to much more vulnerabilities but a simple internet connection doesn't give you backend access to a device unless it's specifically set up that way.
Regardless, these machines shouldn't be connected to the internet at all, that way vulnerabilities become almost non-existent outside of some crazy CIA trojan that would phish for a specific device. They did this to disrupt nuclear reactors in Iran by destroying some Siemens devices hooked up to them, eventually an Iranian scientist hooked up to the local network with an infected laptop and it was unleashed on the broader system that wasn't connected to the internet.
I agree, A ssid implies it is talking IEEE 802.11 something something. It doesn't imply it is on anything more than a LAN tho. Still suspicious. However, doesn't say it was a ballot machine, and also all the machines in WI had paper prints that people could verify and audit. Were they in this case?
A remote admin tool gives you access to the voting information system exactly how? Is a remote admin service actually listening? Is said remote admin service (port) actually responding to your source IP address?
I’m playing devil’s advocate here. Remember, my problem with this post is that it was declared that wireless access alone was enough to compromise the voting system. That is not necessarily the case. It would be NO DIFFERENT than an open wireless system being used to provide network connectivity between your workstation and your bank. Encryption via TLS does occur and a SEPARATE authentication is necessary to the bank’s web server in order to view and make changes. Just because the Wi-Fi access is open doesn’t necessarily mean anything as far as access to the information system.
If a PC has any type of internet connection (WIFI / 4G / Cable) then a RAT can give a remote attacker full control...full control as if you were physically sitting in front of the keyboard. Once the attacker has full control the rest is easy.
And yes the RAT method is just one way this could happen. Packet sniffing the open WIFI would probably also be used.
They could also use unknown exploits and backdoors which the NSA has already admitted they create with direct help of Microsoft.
Now I am wondering why the WIFI was set to 'open (no password)'. All modern WIFI gear comes with passwords already setup for you. They would surely have had to go in and change it to 'unsecure' manually.
IT (over three decades). You are Flat Out Wrong about “unless you have physical access” and you should know once you get into a system via the internet, you can control it. That means “manipulate and/or delete data”. This is not brain surgery - it’s SOP. I hope you just misunderstood the context, because otherwise ....
Access to the information system exactly how? It doesn’t matter if you can see the traffic flowing across the network if the traffic is encrypted at the application/session layer. You have no access to it. It doesn’t matter if your network access to the voting machine means that the voting machine refuses to accept admin connections from your IP address. Access control of management ports is STANDARD practice.
Please describe EXACTLY how you intend to gain access to a voting machine over the Internet that refuses to answer from your source IP address.
The attack surface is anything on the win10 based machine if you get privileged access via any number up exploits the sky is the limit you can do anything.... read memory directly... write to it... whatever you want. A lot of places had machines with admin interfaces using default passwords too although I don’t know for sure about this exact case. Either way it’s ridiculous if you really believe there is no way to gain control just because a network channel might be encrypted.
Again, I’m simply saying that the premise of the OPs assertion is that open access to Wi-Fi by the voting system = compromise of the voting system is just wrong.
Networking is built in layers. Just because the network is wide open and not encrypting traffic does not mean that the voting applications are wide open and not encrypting traffic. If I were building a voting application, I would assume the network is untrusted because I don’t control the networks they run on. I would encrypt everything at the application level and control access at the application level. I would a limit administrative access only from a select number of trusted sources, if at all. Given the distributed nature of voting machines, I would rely upon an agent on the voting machines checking in with command and control (easy to do because of the way network address translation for IPv4 works) in order to receive orders rather than trying to figure out how to initiate contact access to voting machines that are very likely behind port translation (due to the use of IPv4).
Stuff gets compromised all the time. That is not my assertion. My assertion is that one cannot assume that the voting system is compromised simply because of how it connects to Wi-Fi. The OP’s premise is just wrong. Read the title of OP’s post.
Why do they keep lying and saying they were not online and so on then. These machines are horrible and many people have demonstrated many gaping security flaws that anyone with a user manual could exploit so the fact that they were on an unsecured network is not at all a good sign and absolutely opens the door to all sorts of nefarious activities. Not sure about MI but in many states it is illegal for them to be on WiFi period.
If I were building a voting application, I would assume the network is untrusted because I don’t control the networks they run on. I would encrypt everything at the application level and control access at the application level.
1st - you assume there is app encryption. Are you sure ? No proves it isn't no proves it is.
2nd : being real killing blow to your bullshit - communication from is not important if you can compromise source machine. Without well configured firewall or so connection to wifi means not only output out,but also input in you dumb.
Even linux have exploits,and windows... windows is one big bug. If you can compromise voting machines you don't need to compromise application even. Viruses changing bank account number when people are using internet banking are quite popular. You infect voting machines and game over. App don't need to have changed even single bit,its communication too.
You simply don't need to change things going from from application,everyone is trying to explain it to you.
Access to the information system exactly how?
for example mstc.exe - by default it is said to be disabled,but once computers are for example serviced online it could be enabled. And I would suspect it enabled on voting machines.
No password means no encryption over WiFi. So the question that remains is how any data, if at all, was transferred over said WiFi; and what kind of services/ports were open on the systems.
If the transfer of data was encrypted using VPN/HTTPS/TLS or anything, and also using decent set of standards, only then your argument (and you did mention that part) is fully correct. But that question goes rather conveniently unanswered.
My POV: The issue here isn't about WiFi being secure or not. But you should immediately start asking why WiFi was even allowed in this case. Go to any security event such as DefCon and you'll know why visitors disable their WiFi.
Edit: I'm also wondering right now if they were using channel isolation. Ever connected to WiFi in a hotel and seen someone else's Chromecast? I have, and that basically means you can view what someone else is watching. (And so much more)
I'm not sure of the validity of this e-mail, but if the machines were connected to the internet that is a crime in itself. I am pretty sure of that. And if it isn't it should be.
Sensitive information passes across the Internet ALL the time. The question is the degree of cryptography and testing of the cryptographic module (such as FIPS 140-2) that is used. I honestly don’t know if Internet connectivity of voting systems is allowed or not. I’m just pissed off at how reckless this post is.
I'm looking at this from a simpler point of view. Just the fact that it was even connected to the internet is the problem. All they need is a backdoor to log into to do anything they want. No need to try and sniff or alter anything when it's designed to give shitheads around the world intentional access.
I agree with that. I was simply trying to say that the mere fact that it could connect to the Internet without a password to get on Wi-Fi does not necessarily mean mean that the voting machine is wide open to manipulation.
I see no good reason whatsoever for a voting machine to be connected to the Internet. The mere connection is enough to call into question the veracity of votes collected by the machine.
Why can’t people hold more than one thought in their heads at the same time?
mere fact that it could connect to the Internet without a password to get on Wi-Fi does not necessarily mean mean that the voting machine is wide open to manipulation.
I'm pretty sure it isn't but I'll have to look it up later. I'm too busy looking at this obviously staged Boulder shooting and just trying to play some videogames to distract myself from the non-sense. Keep in mind, we had foreign countries hacking our entire government UNDETECTED for many months, revealed in the solarwinds hack information. If it's not illegal for voting machines to be connected to the internet, it's only because Democrat/crooked Republican politicians allowed this kind of filth to be passed because they intend to cheat elections. That's facts.
So, the defense computers that control our nuclear deterrence aren't connected to the internet in any way because .gov knows it could be hacked into, but the same couldn't happen to a voting machine connected to a wifi network without a password even? Seems dubious
The organization mentioned, VoteAtHome.org are holding a meeting at the Hyatt to round up volunteers and host poll workers for some sort of thank you event.
There were no voting machines or voting happening at the Hyatt in Green Bay on November 3rd. Private hotels are not polling places or counting places of votes.
Yes, there was absolutely shady shit happening, but this is a scam to make people look foolish.
I see numerous references from different sources that say KI Convention Center was used as the Central Count location where the absentee ballots were stored, and where ballots were actually counted.
"That count is being held at KI Convention Center": (Nov 3rd)
"The KI Convention Center at Green Bay’s Hyatt Regency was where the election team decided to locate the city’s Central Count and where the absentee ballots were stored":
Jail?? Try execution. Start with Ruby Freakman and her daughter.
##Racine, Wisconsin was the model district used to rig the swing states.
https://twitter.com/AKA_RealDirty/status/1337477357947527171
The other partners with CTCL included the Knight Foundation (the daughter of James Knight lives in Racine, ElectionGuard and Microsoft (the President is Brad Smith who grew up in Racine), and Rock the Vote (with LeBron James and Caron Butler as the key endorsers, and Caron is from Racine).
Expose the Root of the real Agenda - Racine, Wisconsin.
Look up the Mound Builders, Aztalan, Kabbalah and the Path of Souls. Racine is the closest place on Earth to the center of the Milky Way through Orion.
The only thing that surprises me is that it was only eight.
According to this email it was eight. We have no idea how many others this might have been forwarded to. Or Bcc'd.
I need to sound the caution alarm on this story. This e-mail doesn't necessarily mean the 'sensitive equipment' were the ballot scanning machines. But it's still suspicious nevertheless, since the people asking for the hidden network are from a mail-in ballot advocacy organization.
THIS
So not only were voting machines connected directly to the Internet which they should not have been, they were using unencrypted, passwordless, clear text WiFi, which anyone with a moderate understanding of packet sniffing could intercept and conceivably spoof to report "corrections" to vote totals (provided a mechanism exists on the machines and master servers themselves).
There reports of the use of a "smart" thermostat to access the internet- IT guy, does this make sense??
I remember hearing about that, too. Also, I believe the company it was connected to had Chinese connections. I did find this: https://thepatriotnation.net/audit-discovers-voting-machine-data-sent-to-china/
Using a bluetooth connection, a smartphone could be used to relay to the internet... Find the phone, find the perp...
The proof is in the Scytal servers..
What do you think? I'm wagering there was a route considering that AP was explicitly stated to be for internet access for sensitive machines.
Or that it is on a voting machine... or did I miss something?
Way to miss the forest for the trees, handshake.
Oh right, I forgot. Totally legit election with no funny business whatsoever, did I get that right?
Try listening to the testimonies of the very qualified poll watchers that were actually there. They testify to the machines being linked to the internet and also about the full on scale voter fraud with ballots re-entered multiple times.
OH and Biden even testified about what the DemonRats had done:-
QUOTE:- "'we have put together the most extensive and inclusive voter fraud organisation in the history of American politics" This should be enough to charge them in and of itself!
Biden comment about 'voter fraud organization' garners attention https://rumble.com/vau48d-biden-comment-about-voter-fraud-organization-garners-attention.html
This reminds me of something I heard once .. oh yeah, "These people are stupid."
Also: "We've got it all."
Also a lot of SOONs
You know I've been doing computers sense 1990. That email is by far the most retarded thing I've ever seen. So the WiFi network for the critical systems has no password??? I'm a little rusty but isn't it supposed to be the other way around...? The public network for everyone has no password but the critical machines one has a crazy hard to guess password? SMH...
Well this looks like a boom! I will look into these individuals! This is in my state, thank you!
This does add light to how these were set up.
So what does this mean?
My take: we've been repeatedly told no voting machines were connected to the internet. This is one more piece of evidence showing otherwise, and frankly, that should be enough.
Does "sensitive machine" = "voting machine"? Not necessarily... but what else is there that would be considered sensitive? Perhaps the computers with voter role and signature matching info?
If so, that's just as bad, IMO. Registration and signature fraud is as much a part of this as vote count changes, and unlike count changes which could happen just as easily on a remote server post-upload, meaningful manipulation would have to occur onsite during the matching and adjudication.
As for the password-less Wi-Fi, what does that mean? I'm more into the app development side of things rather than system infrastructure, so I have some knowledge gaps here, but...
A wifi network without a password does not encrypt the traffic going between the wifi access point and the machine.
This does not necessarily mean that everything being sent is readable or manipulable, because the voting software itself could be doing its own encryption before it sends info over the network.
It does point to two issues here, though. First, they are using an unbroadcasted wifi name, meaning you would have to know the name and type the name in manually to connect.
This is relying on something called "security through obscurity", which is bad practice. It's essentially like a hide-a-key: you are relying on an attacker NOT knowing that you hid your key under a rock by your front door. Most attackers will know to look under the rock to find the key, and therefore you might as well not have a lock at all.
In this case, the "hide a key" is the name of the network, being shared only to a select group, but this name "2020vote" is very easily guessed.
Second, emails are not a secure way to share information like this. Any security-focused business will have policies in place against sharing passwords via email, because email is not secure and may pass through many servers outside your control once sent.
That's 2 best practices violated.
So what can someone do once connected? Again, depends.
Is the PC running Windows? If so, there are MANY possible remote admin tools, some built in, that an attacker could have access to if not properly locked down.
Even if the PC is running a minimal Linux install, the admins could have installed any number of remote admin management tools that could give full unfettered remote access to the PC to do anything you could do if physically in front of it.
But, the PCs could also be perfectly well configured and locked down, all remote admin tools disabled or properly protected. The voting software itself could have its own access control, could be wide open, or somewhere in between.
Web servers like when you visit Amazon or Google, by design, are designed to be connected to the internet AND allow the public at large to connect to them, but they are tightly controlled to only allow you to access what you are allowed to access (if properly configured and without bugs).
Is that the case here?
We just don't know. But we know several aspects were already done against best practices (i.e. sloppy) and in a court case could likely be used to argue a general trend of insecurity and poor decision making.
FINALLY, it's worth noting that it appears that Hyatt and their IT team is directly involved in setting this up. Are they allowed to be privy to this? Who might they have shared this info with? These are people that are NOT Dominion, NOT election officials, and would have full access to anything on the day of voting.
And, while this is all interesting... none of it matters, IMO.
Why? Because none of us (last I checked) are accusing outside hackers of manipulating the results, but instead are accusing states, election officials, and Dominion of manipulating the results.
Which means even if this thing were locked down like Fort Knox or the Capitol in DC, the people doing the dirty were people who would have been allowed to get in there in the first place! They don't need open networks or misconfigured remote admin tools if they already know all of their own passwords and have added themselves to their own access lists!
Anyhoo, that's my 2 cents, and I guess tldr; "everyone's kind of right about this, but also even if this is a nothingburger it doesn't actually change anything".
It doesn't. As I explained, it calls them "sensitive machines".
So... let's examine and brainstorm a little.
First... what would be considered "sensitive" during vote counting? Well... voting machines are the obvious one.
Another would be signature verification machines. Or registration machines. Or anything else needed for adjudicating ballots.
Finally, it could just mean "a couple of VIPs who want to connect their laptops to a separate network to watch YouTube videos". Possible... but (a) use of the word "machine" feels like it's specifically targeting a limited-purpose computer involved in the official process, not general purpose personal computers, and (b) why would VIPs want an unprotected but unlisted network for their personal PCs? They wouldn't.
Which brings us to... if it's not a voting machine, what else would it be? And if it's one of the "other" things like signature matching, how is that any better?
Unless you're suggesting this email was regarding some unrelated event entirely... which... I mean, on October 30th, a "Nov 3rd event", and email address of "voteathome.org"? C'mon, man!
Windows is only windows, look at SSIDs and "password". Even trained monkey could hack it with ease. I wouldn't advise such things even for electing animal overseer in ZOO. Come on,as Polish I would say "Polish electorial calculator" (https://what.thedailywtf.com/topic/13836/polish-electorial-calculator/2 ) from 2014 was probably quite advanced and who knows - maybe even more secure comparing to this shit.
No evidence it was compromised ? Ok,but evidence elections shall be repeated because it was able to be hacked by trained monkey or at best by 8 years old kid for sure.
There was no voting or vote counting at the Hyatt Regency in Green Bay, WI look it up yourself.
Numerous references on different sources say otherwise.
Are these wrong? Where were the Green Bay counting centers if not the KI Convention Center?
"That count is being held at KI Convention Center": (Nov 3rd)
https://wtaq.com/2020/11/03/186078/
"Green Bay's central count facility for absentee ballots": (March 11)
https://upnorthnewswi.com/2021/03/11/gop-elections-hearing-held-to-accuse-green-bay-of-what-exactly/
"The KI Convention Center at Green Bay’s Hyatt Regency was where the election team decided to locate the city’s Central Count and where the absentee ballots were stored":
https://thefederalist.com/2021/03/10/how-mark-zuckerbergs-election-money-helped-an-out-of-state-democrat-get-his-hands-on-wisconsins-2020-vote/
From now on the Republican just have to get better at cheating, then they will want voter id so fast your head will spin.
Seems like it should be a big deal, even though they probably already knew there was wifi to the voting machines. This kind of easily "debunks" the people who say the machines aren't connected to the internet, assuming the image above is valid. Where did you get the image from? Seems to be a print out of an email to Deanna Debruler who appears to be an admin in the Green Bay city government office.
I see several voteathome email addresses. Not sure their involvement in the whole 2020 election fraud scheme.
Come on. Everyone knows they were just connected to the internet so the could play Minecraft while they weren’t counting ballots.
Trent has an Emmy, according to his Linkedln.
No, no, no, fucking no. IT person here. Man this site is going to shit.
No password does NOT mean that anyone can alter the data. No password simply means that the voting machines can get on the Internet without providing a password to connect to Wi-Fi. These are two completely different things; first being access to the Internet and the second being access to the information system in order to alter votes.
Should the voting machines have access to the Internet? Questionable.
Can the voting machines have their own encryption methods and access control methods, YES!
If you don’t know, please ask when it comes to IT as this is flat out stupid.
Actual IT guy here.
Physical Access is all access.
If this Machine was left on an unsecured network I would have direct access.
Less than two hours worth of YouTube videos could teach the average adult all they need to be able to quickly compromise these Machines.
You would have nothing unless you have physical access to the voting machines themselves. That is NOT what this post was declaring.
Is physical access “game over”. I agree for the most part. (unless the target is encrypted, etc.). But that is NOT was this post was declaring.
I have 20 years of IT experience. Don’t claim to be an “Actual IT guy”.
Wifi Access is the same as Direct Access.
These Machines were being managed by a Win10 system certified in March 2020 using an image deployed in February. Not a single asset was updated past August 2020.
That took me 2 minutes.
Wifi access is not the same as Direct Access unless you’re claiming a vulnerability enables an attacker access that they would not otherwise have remotely.
You are talking out of your ass.
Wireless access IS direct access if you know what youre doing.
It doesn't require vulnerabilities or 0day. Do you even know what a RAT (remote admin tool) is?
A RAT and wireless access gives a remote user full control over the entire system. Attacker can even remotely take over your mouse control and act like he was physically sitting at the terminal
This is all correct and doesn't even mention man in the middle attacks.
Voting machines don't need WiFi. They only need to count...
Connecting to a hotspot does not necessarily mean anything at all about security vulnerabilities of either system. A property maintained system should have no issue, either for the network system itself being connected to or especially the systems connected to the internet through it.
This is a different thing entirely if what is being connected to is a local intranet network although from what I'm reading, that's not what is being described here. Such a connection would leave you open to much more vulnerabilities but a simple internet connection doesn't give you backend access to a device unless it's specifically set up that way.
Regardless, these machines shouldn't be connected to the internet at all, that way vulnerabilities become almost non-existent outside of some crazy CIA trojan that would phish for a specific device. They did this to disrupt nuclear reactors in Iran by destroying some Siemens devices hooked up to them, eventually an Iranian scientist hooked up to the local network with an infected laptop and it was unleashed on the broader system that wasn't connected to the internet.
I agree, A ssid implies it is talking IEEE 802.11 something something. It doesn't imply it is on anything more than a LAN tho. Still suspicious. However, doesn't say it was a ballot machine, and also all the machines in WI had paper prints that people could verify and audit. Were they in this case?
A remote admin tool gives you access to the voting information system exactly how? Is a remote admin service actually listening? Is said remote admin service (port) actually responding to your source IP address?
I’m playing devil’s advocate here. Remember, my problem with this post is that it was declared that wireless access alone was enough to compromise the voting system. That is not necessarily the case. It would be NO DIFFERENT than an open wireless system being used to provide network connectivity between your workstation and your bank. Encryption via TLS does occur and a SEPARATE authentication is necessary to the bank’s web server in order to view and make changes. Just because the Wi-Fi access is open doesn’t necessarily mean anything as far as access to the information system.
To your first rhetorical question:
It's not about "oh just anyone can do it", but rather "the ones who were given the keys could do it"
Who was given the keys?
If a PC has any type of internet connection (WIFI / 4G / Cable) then a RAT can give a remote attacker full control...full control as if you were physically sitting in front of the keyboard. Once the attacker has full control the rest is easy.
And yes the RAT method is just one way this could happen. Packet sniffing the open WIFI would probably also be used.
They could also use unknown exploits and backdoors which the NSA has already admitted they create with direct help of Microsoft.
Now I am wondering why the WIFI was set to 'open (no password)'. All modern WIFI gear comes with passwords already setup for you. They would surely have had to go in and change it to 'unsecure' manually.
IT (over three decades). You are Flat Out Wrong about “unless you have physical access” and you should know once you get into a system via the internet, you can control it. That means “manipulate and/or delete data”. This is not brain surgery - it’s SOP. I hope you just misunderstood the context, because otherwise ....
Access to the information system exactly how? It doesn’t matter if you can see the traffic flowing across the network if the traffic is encrypted at the application/session layer. You have no access to it. It doesn’t matter if your network access to the voting machine means that the voting machine refuses to accept admin connections from your IP address. Access control of management ports is STANDARD practice.
Please describe EXACTLY how you intend to gain access to a voting machine over the Internet that refuses to answer from your source IP address.
The attack surface is anything on the win10 based machine if you get privileged access via any number up exploits the sky is the limit you can do anything.... read memory directly... write to it... whatever you want. A lot of places had machines with admin interfaces using default passwords too although I don’t know for sure about this exact case. Either way it’s ridiculous if you really believe there is no way to gain control just because a network channel might be encrypted.
Again, I’m simply saying that the premise of the OPs assertion is that open access to Wi-Fi by the voting system = compromise of the voting system is just wrong.
Networking is built in layers. Just because the network is wide open and not encrypting traffic does not mean that the voting applications are wide open and not encrypting traffic. If I were building a voting application, I would assume the network is untrusted because I don’t control the networks they run on. I would encrypt everything at the application level and control access at the application level. I would a limit administrative access only from a select number of trusted sources, if at all. Given the distributed nature of voting machines, I would rely upon an agent on the voting machines checking in with command and control (easy to do because of the way network address translation for IPv4 works) in order to receive orders rather than trying to figure out how to initiate contact access to voting machines that are very likely behind port translation (due to the use of IPv4).
Stuff gets compromised all the time. That is not my assertion. My assertion is that one cannot assume that the voting system is compromised simply because of how it connects to Wi-Fi. The OP’s premise is just wrong. Read the title of OP’s post.
Why do they keep lying and saying they were not online and so on then. These machines are horrible and many people have demonstrated many gaping security flaws that anyone with a user manual could exploit so the fact that they were on an unsecured network is not at all a good sign and absolutely opens the door to all sorts of nefarious activities. Not sure about MI but in many states it is illegal for them to be on WiFi period.
1st - you assume there is app encryption. Are you sure ? No proves it isn't no proves it is.
2nd : being real killing blow to your bullshit - communication from is not important if you can compromise source machine. Without well configured firewall or so connection to wifi means not only output out,but also input in you dumb.
Even linux have exploits,and windows... windows is one big bug. If you can compromise voting machines you don't need to compromise application even. Viruses changing bank account number when people are using internet banking are quite popular. You infect voting machines and game over. App don't need to have changed even single bit,its communication too.
You simply don't need to change things going from from application,everyone is trying to explain it to you.
for example mstc.exe - by default it is said to be disabled,but once computers are for example serviced online it could be enabled. And I would suspect it enabled on voting machines.
https://www.welivesecurity.com/2013/09/16/remote-desktop-rdp-hacking-101-i-can-see-your-desktop-from-here/
https://www.beyondtrust.com/blog/entry/how-attackers-exploit-remote-desktop-6-ways-to-step-up-your-cyber-defense
https://blog.netop.com/how-to-protect-against-rdp-hack
Also : router settings or infesting router what allows for example redirecting movement.Once you are in the network you can try attack router.
"actual IT guy here"
After reading that Im not so sure.
No password means no encryption over WiFi. So the question that remains is how any data, if at all, was transferred over said WiFi; and what kind of services/ports were open on the systems. If the transfer of data was encrypted using VPN/HTTPS/TLS or anything, and also using decent set of standards, only then your argument (and you did mention that part) is fully correct. But that question goes rather conveniently unanswered.
My POV: The issue here isn't about WiFi being secure or not. But you should immediately start asking why WiFi was even allowed in this case. Go to any security event such as DefCon and you'll know why visitors disable their WiFi.
Edit: I'm also wondering right now if they were using channel isolation. Ever connected to WiFi in a hotel and seen someone else's Chromecast? I have, and that basically means you can view what someone else is watching. (And so much more)
I'm not sure of the validity of this e-mail, but if the machines were connected to the internet that is a crime in itself. I am pretty sure of that. And if it isn't it should be.
Sensitive information passes across the Internet ALL the time. The question is the degree of cryptography and testing of the cryptographic module (such as FIPS 140-2) that is used. I honestly don’t know if Internet connectivity of voting systems is allowed or not. I’m just pissed off at how reckless this post is.
I'm looking at this from a simpler point of view. Just the fact that it was even connected to the internet is the problem. All they need is a backdoor to log into to do anything they want. No need to try and sniff or alter anything when it's designed to give shitheads around the world intentional access.
I agree with that. I was simply trying to say that the mere fact that it could connect to the Internet without a password to get on Wi-Fi does not necessarily mean mean that the voting machine is wide open to manipulation.
I see no good reason whatsoever for a voting machine to be connected to the Internet. The mere connection is enough to call into question the veracity of votes collected by the machine.
Why can’t people hold more than one thought in their heads at the same time?
It isn't fact in fact.
I'm pretty sure it isn't but I'll have to look it up later. I'm too busy looking at this obviously staged Boulder shooting and just trying to play some videogames to distract myself from the non-sense. Keep in mind, we had foreign countries hacking our entire government UNDETECTED for many months, revealed in the solarwinds hack information. If it's not illegal for voting machines to be connected to the internet, it's only because Democrat/crooked Republican politicians allowed this kind of filth to be passed because they intend to cheat elections. That's facts.
So, the defense computers that control our nuclear deterrence aren't connected to the internet in any way because .gov knows it could be hacked into, but the same couldn't happen to a voting machine connected to a wifi network without a password even? Seems dubious
Agreed. I’m not here to crap on voting methods. I’m here to say that the premise of the post is dead wrong.
And what are they gonna do about it? NOTHING
Treasonous Behavior without Consequences. It’s hard to wait for Justice—-is it not?
See? The Military didn't even have to try very hard to watch the steal in real-time. LOL
This is taken completely out of context. You can see the whole email chain here: https://greenbaywi.gov/ArchiveCenter/ViewFile/Item/431
The organization mentioned, VoteAtHome.org are holding a meeting at the Hyatt to round up volunteers and host poll workers for some sort of thank you event.
There were no voting machines or voting happening at the Hyatt in Green Bay on November 3rd. Private hotels are not polling places or counting places of votes.
Yes, there was absolutely shady shit happening, but this is a scam to make people look foolish.
I see numerous references from different sources that say KI Convention Center was used as the Central Count location where the absentee ballots were stored, and where ballots were actually counted.
"That count is being held at KI Convention Center": (Nov 3rd)
https://wtaq.com/2020/11/03/186078/
"Green Bay's central count facility for absentee ballots": (March 11)
https://upnorthnewswi.com/2021/03/11/gop-elections-hearing-held-to-accuse-green-bay-of-what-exactly/
"The KI Convention Center at Green Bay’s Hyatt Regency was where the election team decided to locate the city’s Central Count and where the absentee ballots were stored":
https://thefederalist.com/2021/03/10/how-mark-zuckerbergs-election-money-helped-an-out-of-state-democrat-get-his-hands-on-wisconsins-2020-vote/
Looks like it was absentees being stored?