When your computer is powered on, among the first parts to "wake up" is the BIOS. This is like a nerve center, or the medulla of your brain.
The BIOS has pre-saved instructions to hand off control to another section of the computer which holds an operating system, usually it's Windows installed on a hard drive within the computer. We call these sections "environments." This is like the medulla (low level functioning) handing off control to your cerebral cortex (high level functioning).
The BIOS has options on which environment to hand off control to. The choice is determined by a pre-programmed boot order. The boot order says "Try booting to X first. If X is not there, try booting to Y."
One type of environment is called PXE, pronounced "Pixie" in the IT industry. PXE exists so the BIOS can boot to an environment through a network connection instead of a hard drive. The BIOS detects the ethernet connection, then detects a remote PXE server to talk to, then hands off control to the remote server at the other end of that network connection. The hard drive is out of the loop.
The PXE hand off must be pre-configured in BIOS. It is not a default (from factory) setting in BIOS. PXE must manually be enabled, and the boot order must manually be set to boot to PXE.
In the case of the election server, if a bad actor does not want to remotely boot through PXE, he can just disable the connection to the remote PXE environment. No one will notice as the machine boots to its local hard drive. However, if the connection is establish, just reboot the system and it's instantly running from a remote environment located anywhere.
You just said why. Generally, unless you are on a massive, massive network, the same hardware that runs your router is also going to host your DHCP server, DNS server, time server, etc.
So even winding this train of thought back further, they could have changed the time at the server, thus making all the connected devices potentially record events as occurring at a different date/time than they actually did. The whole fact that these voting devices were networks just opens up such a can of worms, it's insane.
Its way beyond insane. I've worked with computers sense I built my 386DX16 in 1990. You gave a pretty good rundown. I'm wondering maybe if they didn't use DHCP and/or other dynamic protocols because they weren't sure they could control that part of the network at all locations like in red counties so they coded it to go to a specific IP or series of IPs. If so then that should provide a real world location that all this traffic went to.
It's a broadcast query, as the IP address settings are not known at the time.
Basically, the for a DHCP request (which is how both PXE and assigning your laptop an IP address over DHCP work), the computer yells to everything that will listen "Hey, I'm here, give me an IP address." (The actual message is called DHCPDISCOVER).
The computer will accept the first DHCPOFFER it hears back.
The PXE boot settings are optional additional fields that can be set on the DHCP server.
To clarify, broadcast basically sends a message to the IP address 255.255.255.255 (an IP address where every bit is 1). Everything on the network that sees the message has the opportunity to respond to this.
They swear up and down it isn't connected to anything. And of course, it obviously isn't supposed to be. So even if you get ahold of the system to audit and it's outside the bad actor's contrrol at that point, no worries - the auditors will power up without an ethernet connection (because that's obviously what one should do) and it boots into the perfectly normal unadaulterated legit preapproved os.
But if on election day you just happen to have these systems connected, then they boot through some server in China.
Fucking brilliant. And you don't even have to sneak in and risk loading a cheating OS which needs you to sneak in afterwards to switch them. You just sneak in to switch out / configure the boot specs. Maybe don't even need to sneak anywhere to do that.
I applauded the Taliban on 9/11, it was a well orchestrated op
And I applaud these cheating fucking dems, this shit is clean
...but I look forward to both being glassed all the same.
The PXE hand off must be pre-configured in BIOS. It is not a default (from factory) setting in BIOS. PXE must manually be enabled, and the boot order must manually be set to boot to PXE.
You'd be surprised, although like you said, it's usually the last item in the boot order...
You don’t necessarily need to manually set PXE to boot first. For instance, if you are imaging a Dell pc, if you hit F12 on boot you can manually pick the boot device, whether PXE or USB stick or specific drive. Dell Can also Preconfig the bios at the factory to enable PXE boot so that it would show as enabled when you hit F12 by default. While interesting, there is an element of plausible deniability here.
You can also run DHCP of a small toaster or even pocket pc computer off a dumb switch which would collect no logs and scurry the server out the back door without anyone being the wiser. Routers can also not be set up to collect logs so that potentially can be a trap as well. If it contains basic logs you might see some SYN/ACK handshakes with either external public addresses or internal private addresses. This would probably require sone explanation if the machines were not to be networked at all.
But a few plug yanks on the ethernet runs with a direct run or a dumb switch in my scenario and no one would be the wiser. If I was going to attempt to pull this off, I would put a different configuration and boot off a USB drive. The fact that they insert drives for vote dumps means the process is already expected. If the scenario presented was put in place as suggested to PXE boot, thats a whole lot of extra steps that doesn’t seem very intuitive and overly complicated.
A alternate boot to a usb drive with a vote shaving algorithm would in my mind be easier to get away with. Drive goes in pocket and in the trash after the tallies are uploaded. This is just me riffing of course, not knowing how this all works with these machines. I assume there has to at least be some sort of central database that even a hand recount would catch if votes were being flipped or weighted
Yes, all these methods of initiating a network boot are possible. However, we don't need to explain how they PXE booted the server, we just need to explain why we're looking at photos confirming PXE was enabled. It didn't come from factory that way, which would be easily verifiable through the service tag. Dominion may be corrupt and careless, but paying the manufacturer to customize the BIOS of their election management systems to boot from a network may be too stupid even for them.
I do think they were probably booting "servers" in other locations through USB. But in some regions they wanted to push the WMI remotely because their regular foot soldiers on the ground were not the best and brightest. Think Ruby Freeman and her daughter.
Anything is possible, but I am questioning this as some sort of smoking gun. There still has to be some continuity of data rather than a separate system or there’s a huge gap a hand recount will
Immediately uncover…
I work for the company that made the server.
I'll translate this into normie speak:
When your computer is powered on, among the first parts to "wake up" is the BIOS. This is like a nerve center, or the medulla of your brain.
The BIOS has pre-saved instructions to hand off control to another section of the computer which holds an operating system, usually it's Windows installed on a hard drive within the computer. We call these sections "environments." This is like the medulla (low level functioning) handing off control to your cerebral cortex (high level functioning).
The BIOS has options on which environment to hand off control to. The choice is determined by a pre-programmed boot order. The boot order says "Try booting to X first. If X is not there, try booting to Y."
One type of environment is called PXE, pronounced "Pixie" in the IT industry. PXE exists so the BIOS can boot to an environment through a network connection instead of a hard drive. The BIOS detects the ethernet connection, then detects a remote PXE server to talk to, then hands off control to the remote server at the other end of that network connection. The hard drive is out of the loop.
The PXE hand off must be pre-configured in BIOS. It is not a default (from factory) setting in BIOS. PXE must manually be enabled, and the boot order must manually be set to boot to PXE.
In the case of the election server, if a bad actor does not want to remotely boot through PXE, he can just disable the connection to the remote PXE environment. No one will notice as the machine boots to its local hard drive. However, if the connection is establish, just reboot the system and it's instantly running from a remote environment located anywhere.
If done right, no one notices.
You just said why. Generally, unless you are on a massive, massive network, the same hardware that runs your router is also going to host your DHCP server, DNS server, time server, etc.
So even winding this train of thought back further, they could have changed the time at the server, thus making all the connected devices potentially record events as occurring at a different date/time than they actually did. The whole fact that these voting devices were networks just opens up such a can of worms, it's insane.
Bingo.
Thank you for the explaination
Its way beyond insane. I've worked with computers sense I built my 386DX16 in 1990. You gave a pretty good rundown. I'm wondering maybe if they didn't use DHCP and/or other dynamic protocols because they weren't sure they could control that part of the network at all locations like in red counties so they coded it to go to a specific IP or series of IPs. If so then that should provide a real world location that all this traffic went to.
What a mess.
You're correct, another reason they don't want to turn those over...
I see you. ThanQ.
Not necessarily. An attacker could bring their own dhcp server and the host will boot on whatever DHCP config it receives first.
It's a broadcast query, as the IP address settings are not known at the time.
Basically, the for a DHCP request (which is how both PXE and assigning your laptop an IP address over DHCP work), the computer yells to everything that will listen "Hey, I'm here, give me an IP address." (The actual message is called DHCPDISCOVER).
The computer will accept the first DHCPOFFER it hears back.
The PXE boot settings are optional additional fields that can be set on the DHCP server.
To clarify, broadcast basically sends a message to the IP address 255.255.255.255 (an IP address where every bit is 1). Everything on the network that sees the message has the opportunity to respond to this.
This is brilliant.
They swear up and down it isn't connected to anything. And of course, it obviously isn't supposed to be. So even if you get ahold of the system to audit and it's outside the bad actor's contrrol at that point, no worries - the auditors will power up without an ethernet connection (because that's obviously what one should do) and it boots into the perfectly normal unadaulterated legit preapproved os.
But if on election day you just happen to have these systems connected, then they boot through some server in China.
Fucking brilliant. And you don't even have to sneak in and risk loading a cheating OS which needs you to sneak in afterwards to switch them. You just sneak in to switch out / configure the boot specs. Maybe don't even need to sneak anywhere to do that.
I applauded the Taliban on 9/11, it was a well orchestrated op
And I applaud these cheating fucking dems, this shit is clean
...but I look forward to both being glassed all the same.
Thanks for the explanation. Very helpful.
Emphasis mine:
You'd be surprised, although like you said, it's usually the last item in the boot order...
You don’t necessarily need to manually set PXE to boot first. For instance, if you are imaging a Dell pc, if you hit F12 on boot you can manually pick the boot device, whether PXE or USB stick or specific drive. Dell Can also Preconfig the bios at the factory to enable PXE boot so that it would show as enabled when you hit F12 by default. While interesting, there is an element of plausible deniability here.
You can also run DHCP of a small toaster or even pocket pc computer off a dumb switch which would collect no logs and scurry the server out the back door without anyone being the wiser. Routers can also not be set up to collect logs so that potentially can be a trap as well. If it contains basic logs you might see some SYN/ACK handshakes with either external public addresses or internal private addresses. This would probably require sone explanation if the machines were not to be networked at all.
But a few plug yanks on the ethernet runs with a direct run or a dumb switch in my scenario and no one would be the wiser. If I was going to attempt to pull this off, I would put a different configuration and boot off a USB drive. The fact that they insert drives for vote dumps means the process is already expected. If the scenario presented was put in place as suggested to PXE boot, thats a whole lot of extra steps that doesn’t seem very intuitive and overly complicated.
A alternate boot to a usb drive with a vote shaving algorithm would in my mind be easier to get away with. Drive goes in pocket and in the trash after the tallies are uploaded. This is just me riffing of course, not knowing how this all works with these machines. I assume there has to at least be some sort of central database that even a hand recount would catch if votes were being flipped or weighted
Yes, all these methods of initiating a network boot are possible. However, we don't need to explain how they PXE booted the server, we just need to explain why we're looking at photos confirming PXE was enabled. It didn't come from factory that way, which would be easily verifiable through the service tag. Dominion may be corrupt and careless, but paying the manufacturer to customize the BIOS of their election management systems to boot from a network may be too stupid even for them.
I do think they were probably booting "servers" in other locations through USB. But in some regions they wanted to push the WMI remotely because their regular foot soldiers on the ground were not the best and brightest. Think Ruby Freeman and her daughter.
Anything is possible, but I am questioning this as some sort of smoking gun. There still has to be some continuity of data rather than a separate system or there’s a huge gap a hand recount will Immediately uncover…
Agreed. We're filling in those gaps with theories until the real evidence is available, but CM said today will happen soon.