That could explain the USB devices also - PXE boot to USB to run Windows, do its thing pull the USB and reboot. Easy - I do it often for scrubbing pcs of hard to remove malware.
What pedeITA said... but conceptually you're on target.
Boot from PXE -> write image to separate (hidden) partition -> boot to hidden partition and run without leaving a trace on the primary partition. Send all the data to a network device and nuke itself on next reboot, leaving the untouched primary- and none's the wiser.
Or boot entirely from a PXE server using a disk that is remotely mounted. Nothing is written to Hard Drive except what they want to write, they could run entirely different OS, and Programs with a back door built in. If they designed it right it could read literally everything from the disk to keep the network traffic down, but instead of running the software it would run a cracked version of it from the network, with their C&C builtin. They could use the database tools on the disk to alter the database anyway they wanted.
There'd be evidence on the router logs, and evidence on the splunk servers. This is why they are fighting to the death to keep those away from the public eyes.
Agreed, but unlikely here- we're talking full windows with MSSQL. You'd need better than 1GB/s network to make it remotely stable, let alone usable- and that box didn't have 10G ethernet.
Imagine the following, you could slim it down to mere few dozen Mega Bytes.
The network boot points to a custom wrapper, a minimal Linux load, that then runs the OS on the Disk as a Virtual Machine. The custom linux load contains any one of, or even all three of the following, a crack for the election program, a database tools program to alter the voter database, or a slim remote administration tool such as VNC.
The Database, is on the disk, The OS is on the disk. The Program is on the Disk.
They only need to be able to use remote command and control to run the Database tool found on the machine. They could also do it without remote command control by using a program set to flip votes according to a pre-determined algorithm. They don't have to pass the OS over the network, nor the programs, nor the Database. Just have the VM Trick the OS into thinking it's C:\program files\NAME OF VOTING SOFTWARE\VOTINGSOFTWARE.exe is located elsewhere where it runs a crack first before executing the program. I've seen cracked games run where the crack is measured in the 100-200KB. They could easily write a crack thats only a few hundred KB to a couple MB.
In short these machines could be hijacked by an OS Wrapper that simply tells it that the Disk is mostly where they think it is except for 1-2 files. This could simply add either remote command and control, or a remote algorithm, that takes excess trump votes and flips them to Biden. Mostly recording the accurate ones, but flipping enough to turn it to Biden.
I could probably kludge something that does exactly that in less than 50MB. Over 10mb connection it wouldn't take more than 3 minutes to load, and then it could act as a local PXE boot for all the other machines, meaning I only have to transfer that 50MB once.
SUMMARY FOR NON-TECHNICAL PEOPLE
If these devices booted from the network which they are prohibited from doing. Instead of running the clean software they could be running dirty software that writes tainted results of their choosing instead of the real results of the election. The Router and Splunk Logs would likely have this information.
Sorry i typed quickly - what i was thinking - have something like Serva running already locally off a USB. That is the master - then all local PXE boots possibly could be configured to pull from there. When all is done pull the sticks.
That could explain the USB devices also - PXE boot to USB to run Windows, do its thing pull the USB and reboot. Easy - I do it often for scrubbing pcs of hard to remove malware.
What pedeITA said... but conceptually you're on target.
Boot from PXE -> write image to separate (hidden) partition -> boot to hidden partition and run without leaving a trace on the primary partition. Send all the data to a network device and nuke itself on next reboot, leaving the untouched primary- and none's the wiser.
Or boot entirely from a PXE server using a disk that is remotely mounted. Nothing is written to Hard Drive except what they want to write, they could run entirely different OS, and Programs with a back door built in. If they designed it right it could read literally everything from the disk to keep the network traffic down, but instead of running the software it would run a cracked version of it from the network, with their C&C builtin. They could use the database tools on the disk to alter the database anyway they wanted.
There'd be evidence on the router logs, and evidence on the splunk servers. This is why they are fighting to the death to keep those away from the public eyes.
Agreed, but unlikely here- we're talking full windows with MSSQL. You'd need better than 1GB/s network to make it remotely stable, let alone usable- and that box didn't have 10G ethernet.
Imagine the following, you could slim it down to mere few dozen Mega Bytes.
The network boot points to a custom wrapper, a minimal Linux load, that then runs the OS on the Disk as a Virtual Machine. The custom linux load contains any one of, or even all three of the following, a crack for the election program, a database tools program to alter the voter database, or a slim remote administration tool such as VNC.
The Database, is on the disk, The OS is on the disk. The Program is on the Disk. They only need to be able to use remote command and control to run the Database tool found on the machine. They could also do it without remote command control by using a program set to flip votes according to a pre-determined algorithm. They don't have to pass the OS over the network, nor the programs, nor the Database. Just have the VM Trick the OS into thinking it's C:\program files\NAME OF VOTING SOFTWARE\VOTINGSOFTWARE.exe is located elsewhere where it runs a crack first before executing the program. I've seen cracked games run where the crack is measured in the 100-200KB. They could easily write a crack thats only a few hundred KB to a couple MB.
In short these machines could be hijacked by an OS Wrapper that simply tells it that the Disk is mostly where they think it is except for 1-2 files. This could simply add either remote command and control, or a remote algorithm, that takes excess trump votes and flips them to Biden. Mostly recording the accurate ones, but flipping enough to turn it to Biden.
I could probably kludge something that does exactly that in less than 50MB. Over 10mb connection it wouldn't take more than 3 minutes to load, and then it could act as a local PXE boot for all the other machines, meaning I only have to transfer that 50MB once.
SUMMARY FOR NON-TECHNICAL PEOPLE If these devices booted from the network which they are prohibited from doing. Instead of running the clean software they could be running dirty software that writes tainted results of their choosing instead of the real results of the election. The Router and Splunk Logs would likely have this information.
Sorry i typed quickly - what i was thinking - have something like Serva running already locally off a USB. That is the master - then all local PXE boots possibly could be configured to pull from there. When all is done pull the sticks.
Or simply all the usb sticks were wifi dongles.
Nope, if you boot via USB, you don't boot via PXE, those are two different things
USB is a local boot device / media, you boot from the PC bootloader directly there
PXE you boot the system in this modality (Pre-Boot Execution Environment), and it connects to the boot / deployment infrastructure over the network
Here are some examples (this uses Novell but there are many ways to do it, just take the idea)
http://www.novell.com/documentation/zcm10/zcm10_preboot_imaging/graphics/preboot_process_01_a.png
http://www.novell.com/documentation/zcm10/zcm10_preboot_imaging/graphics/zcm101_imgsatsrv_pxeboot_a.png