Or boot entirely from a PXE server using a disk that is remotely mounted. Nothing is written to Hard Drive except what they want to write, they could run entirely different OS, and Programs with a back door built in. If they designed it right it could read literally everything from the disk to keep the network traffic down, but instead of running the software it would run a cracked version of it from the network, with their C&C builtin. They could use the database tools on the disk to alter the database anyway they wanted.
There'd be evidence on the router logs, and evidence on the splunk servers. This is why they are fighting to the death to keep those away from the public eyes.
Agreed, but unlikely here- we're talking full windows with MSSQL. You'd need better than 1GB/s network to make it remotely stable, let alone usable- and that box didn't have 10G ethernet.
Imagine the following, you could slim it down to mere few dozen Mega Bytes.
The network boot points to a custom wrapper, a minimal Linux load, that then runs the OS on the Disk as a Virtual Machine. The custom linux load contains any one of, or even all three of the following, a crack for the election program, a database tools program to alter the voter database, or a slim remote administration tool such as VNC.
The Database, is on the disk, The OS is on the disk. The Program is on the Disk.
They only need to be able to use remote command and control to run the Database tool found on the machine. They could also do it without remote command control by using a program set to flip votes according to a pre-determined algorithm. They don't have to pass the OS over the network, nor the programs, nor the Database. Just have the VM Trick the OS into thinking it's C:\program files\NAME OF VOTING SOFTWARE\VOTINGSOFTWARE.exe is located elsewhere where it runs a crack first before executing the program. I've seen cracked games run where the crack is measured in the 100-200KB. They could easily write a crack thats only a few hundred KB to a couple MB.
In short these machines could be hijacked by an OS Wrapper that simply tells it that the Disk is mostly where they think it is except for 1-2 files. This could simply add either remote command and control, or a remote algorithm, that takes excess trump votes and flips them to Biden. Mostly recording the accurate ones, but flipping enough to turn it to Biden.
I could probably kludge something that does exactly that in less than 50MB. Over 10mb connection it wouldn't take more than 3 minutes to load, and then it could act as a local PXE boot for all the other machines, meaning I only have to transfer that 50MB once.
SUMMARY FOR NON-TECHNICAL PEOPLE
If these devices booted from the network which they are prohibited from doing. Instead of running the clean software they could be running dirty software that writes tainted results of their choosing instead of the real results of the election. The Router and Splunk Logs would likely have this information.
Agree with you, at least from a "can we do this" perspective- I've done something similar a while back, but that was with Linux liveboot (all in memory) and an NFS file mount that overlaid a real directory... fuse does this elegantly today.
But this is a full Windows OS with MSSQL running on it. IOPS alone would negate this possibility, excepting server-class hardware with 10GE or FC SAN connectivity- which the Dell laptop in the video didn't have.
IOPS aren't a problem here because once loaded into memory the OS-Wrapper is local. The OS is local Disk, the Database is Local Disk, all the programs are local. Only the OS wrapper, the crack, and or remote administration tool is loaded from network all are very small and once initially would stay in memory.
IOPs aren't an issue because the VM is reading OS wrapper from Memory, that it got over the Network, and everything else is read from disk, with either the crack, or remote administration tool ran remotely from the network. The OS wrapper could be under 50MB. The Crack and RAT would both be less than 3MB, and once ran load would stay in memory.
Everything except for RAT or Crack, would simply be read from local disk. Minimal network transfers.
EDIT 1 -- FYI
They make linux versions for just this purpose minimal size and overhead for running VMs
EDIT 3. This is really looking doable with less than 50MB total payload, plus the OSwrapper could also run a PXE boot server, and answer local BOOTP/DHCP requests meaning it only has to be transfered once. On a 100mb connection a 50M file could be downloaded in less than 6 seconds for the initial, and then all other machines on the network could be done at local gigabit speeds.
Or boot entirely from a PXE server using a disk that is remotely mounted. Nothing is written to Hard Drive except what they want to write, they could run entirely different OS, and Programs with a back door built in. If they designed it right it could read literally everything from the disk to keep the network traffic down, but instead of running the software it would run a cracked version of it from the network, with their C&C builtin. They could use the database tools on the disk to alter the database anyway they wanted.
There'd be evidence on the router logs, and evidence on the splunk servers. This is why they are fighting to the death to keep those away from the public eyes.
Agreed, but unlikely here- we're talking full windows with MSSQL. You'd need better than 1GB/s network to make it remotely stable, let alone usable- and that box didn't have 10G ethernet.
Imagine the following, you could slim it down to mere few dozen Mega Bytes.
The network boot points to a custom wrapper, a minimal Linux load, that then runs the OS on the Disk as a Virtual Machine. The custom linux load contains any one of, or even all three of the following, a crack for the election program, a database tools program to alter the voter database, or a slim remote administration tool such as VNC.
The Database, is on the disk, The OS is on the disk. The Program is on the Disk. They only need to be able to use remote command and control to run the Database tool found on the machine. They could also do it without remote command control by using a program set to flip votes according to a pre-determined algorithm. They don't have to pass the OS over the network, nor the programs, nor the Database. Just have the VM Trick the OS into thinking it's C:\program files\NAME OF VOTING SOFTWARE\VOTINGSOFTWARE.exe is located elsewhere where it runs a crack first before executing the program. I've seen cracked games run where the crack is measured in the 100-200KB. They could easily write a crack thats only a few hundred KB to a couple MB.
In short these machines could be hijacked by an OS Wrapper that simply tells it that the Disk is mostly where they think it is except for 1-2 files. This could simply add either remote command and control, or a remote algorithm, that takes excess trump votes and flips them to Biden. Mostly recording the accurate ones, but flipping enough to turn it to Biden.
I could probably kludge something that does exactly that in less than 50MB. Over 10mb connection it wouldn't take more than 3 minutes to load, and then it could act as a local PXE boot for all the other machines, meaning I only have to transfer that 50MB once.
SUMMARY FOR NON-TECHNICAL PEOPLE If these devices booted from the network which they are prohibited from doing. Instead of running the clean software they could be running dirty software that writes tainted results of their choosing instead of the real results of the election. The Router and Splunk Logs would likely have this information.
Agree with you, at least from a "can we do this" perspective- I've done something similar a while back, but that was with Linux liveboot (all in memory) and an NFS file mount that overlaid a real directory... fuse does this elegantly today.
But this is a full Windows OS with MSSQL running on it. IOPS alone would negate this possibility, excepting server-class hardware with 10GE or FC SAN connectivity- which the Dell laptop in the video didn't have.
IOPS aren't a problem here because once loaded into memory the OS-Wrapper is local. The OS is local Disk, the Database is Local Disk, all the programs are local. Only the OS wrapper, the crack, and or remote administration tool is loaded from network all are very small and once initially would stay in memory.
IOPs aren't an issue because the VM is reading OS wrapper from Memory, that it got over the Network, and everything else is read from disk, with either the crack, or remote administration tool ran remotely from the network. The OS wrapper could be under 50MB. The Crack and RAT would both be less than 3MB, and once ran load would stay in memory.
Everything except for RAT or Crack, would simply be read from local disk. Minimal network transfers.
EDIT 1 -- FYI They make linux versions for just this purpose minimal size and overhead for running VMs
https://computingforgeeks.com/minimal-container-operating-systems-for-kubernetes/
EDIT 2 --ADDITIONAL FYI Fedora CoreOS for PXE boot is 10MB compressed. https://getfedora.org/en/coreos/download?tab=metal_virtualized&stream=stable
EDIT 3. This is really looking doable with less than 50MB total payload, plus the OSwrapper could also run a PXE boot server, and answer local BOOTP/DHCP requests meaning it only has to be transfered once. On a 100mb connection a 50M file could be downloaded in less than 6 seconds for the initial, and then all other machines on the network could be done at local gigabit speeds.