Computer geeks, please help analyze these files!

[Xenophage]

THIS is very important information. They assured me that those machines were secure and the fact that such software is on the machine really bothers me.

In their Logic and Accuracy tests, they check that the machine CANNOT communicate with the internet, even if plugged it to an outside network. This HP Remote Log In would be a different way that the machine be entered, a back door, if I may say.

That's an excellent find. Please continue!

No.

The software is irrelevant. If they've disabled network access on the computer, then they've disabled network access. No Internet Protocol, no Internet.

 

[freedomordeath]

You guys are really smart, the more info requests you give these vote hackers the more they'll start shitting themselves lol.

 

[RonRules]

No.

The software is irrelevant. If they've disabled network access on the computer, then they've disabled network access. No Internet Protocol, no Internet.

Why would they have installed such remote administration software if not to REMOTELY administer?

 

[bcreps85]

No.

The software is irrelevant. If they've disabled network access on the computer, then they've disabled network access. No Internet Protocol, no Internet.

If there is no network access, the software WOULD be irrelevant. At this point, however, we have not verified that there is no internet access. Secondly, why install it in the first place if there is no remote access to the machine?

Point 1: The netstat command showed that there are typical local network IP's assigned, but there is a Gateway/Router configured. We don't know what that device is or how it is configured. If I gave you my netstat output, it would look very similar to theirs. Yet I can get to the internet, and remote into my machines from the internet. From the internet, my connection looks like NET===Cable Modem===Router===Local Network. As far as we can tell, theirs looks like NET???===???===Local Network. There are some important unknowns.

Point 2: I'm concerned about the existence of tallies prior to the date of voting. I've seen multiple accounts of people reporting voting machines coming in without zero tape, etc etc, and it all adds up to the possibility of some of these boxes being pre-loaded with votes. A 2.5mb TEXT file is a lot of information!

Point 3: If remote administration software is installed, one could argue that it is for local access because people are too lazy to go into the computer room or something to that effect. That being said, it instantly means that anyone in the building can access this computer, which is troublesome on it's own. Dave, Peggy, or Sue could access it in the privacy of their own office and do whatever they want. I'm not seeing the level of access restriction that these machines should warrant. Is their local network configured with any WiFi component, thus allowing even people outside the building to possibly gain access? I don't know, but I'd like to.

At the end of the day, there just aren't enough computer professionals who take their job seriously and work at a reasonable price to lend electronic voting the integrity it deserves. People make big bucks at big companies to manage this stuff the right way. Volunteers and people at city and county levels generally do not have that level of care or expertise in my experience. Hell, what is to stop me from going into this room and plugging in my 4G WiFi card to this computer to allow remote access prior to the elections, and then unplug it after the elections and get rid of the software? Without physical security, logical security is pointless.

 

[Elwar]

Does everyone who has access to this network have their own separate login, including those with admin access (not just a single admin with a shared password). Are people checked for devices such as USBs, cell phones, other electronic devices before getting into any room where any machine is connected to this network? Are the network cables marked with a separate color to show that they are on the correct network and are those cables kept away from other cables? If there is any wireless access point to that network then the whole thing is a bust.

 

[RonRules]

Does everyone who has access to this network have their own separate login, including those with admin access (not just a single admin with a shared password). Are people checked for devices such as USBs, cell phones, other electronic devices before getting into any room where any machine is connected to this network? Are the network cables marked with a separate color to show that they are on the correct network and are those cables kept away from other cables? If there is any wireless access point to that network then the whole thing is a bust.

All excellent questions for which I have no answer, except for the cable color. They were a bland grey.

 

[drummergirl]

At the end of the day, there just aren't enough computer professionals who take their job seriously and work at a reasonable price to lend electronic voting the integrity it deserves. People make big bucks at big companies to manage this stuff the right way. Volunteers and people at city and county levels generally do not have that level of care or expertise in my experience. Hell, what is to stop me from going into this room and plugging in my 4G WiFi card to this computer to allow remote access prior to the elections, and then unplug it after the elections and get rid of the software? Without physical security, logical security is pointless.

I have to concur that this is a BIG part of the problem. It's easy to pull the wool over the eyes of the ignorant. As an election judge I know all too well that we have minimal training on the equipment we use. Our clerks have even less information. And the average election clerk age is probably around 70, which while some of our seniors are really up on technology, most are not. Add to that the fact that election admins are not computer geeks, and most counties are completely dependent on whatever company is providing them a "complete electronic voting system solution". That company provides all the documentation, training, and tech support for the elections office. Talk about a recipe for fraud; all the ingredients are right there.