Our friends at the Gateway Pundit have done it again, this time breaking the story of how Georgia’s compromised Secretary of State Brad Raffensberger engaged in a two-year cover up of a report on the vulnerability of Georgia’s election system.
Jim Hoft reported University of Michigan Professor of Computer Science and Engineering J. Alex Halderman and Security Researcher and Assistant Professor at Auburn University Drew Sringall collaborated on the report where they discovered many exploitable vulnerabilities in the controversial computer voting system used by Georgia and many other states.
Trump-hating Secretary of State Raffensperger hid this information from the public until 2023. “Why was that?” Mr. Hoft asked rhetorically, and of course we all know the answer.
The report confirmed that votes can be altered in the computerized voting machines. In fact, the report revealed that the widely used software is vulnerable and can be hacked.
Following the release of the report back in June of 2023, VoterGA founder Garland Favorito joined Steve Bannon on The War Room to discuss the findings from the explosive report.
Now, Mr. Hoft reports that in a Federal Court In Atlanta, Georgia, J. Alex Halderman was able to hack one of the controversial Georgia voting machines “to change the tabulation in front of U.S. District Judge Amy Totenberg in the courtroom!”
Mr. Hoft reported, “Halderman USED ONLY A PEN TO CHANGE VOTE TOTALS!”
This is part of a long-running lawsuit by election integrity activists set as a bench trial. The plaintiffs seek to remove what they say are insecure voting machines in Georgia in favor of secure paper ballots.
In a subsequent blog post Prof. Halderman wrote, “Despite our responsible disclosure efforts, the flaws remain unpatched in GA. Among the most critical issues is an arbitrary-code-execution vulnerability that can spread malware from a county's central election management system to all BMDs in the jurisdiction—and run it as root.”
Translation from computer Geek-Speak: If the malware is inserted in the central election management computer ALL the connected computers will automatically execute (run) the vote changing code.
How would such a hack work?
In a post to X Prof. Halderman explained, “This makes it possible to attack BMDs at scale, over a wide area, without needing physical access to them. Our report explains how attackers could exploit the flaws to change votes or affect election outcomes, e.g., by changing ballot QR codes, which are what scanners count.”
It is important to note that Prof. Halderman has said repeatedly he has no evidence this possible hack actually done in any past election.
The issue is why have Raffensberger and other users of the hackable machines refused to patch the vulnerability?
And here’s where it gets interesting.
Prof. Halderman says that the federal government through the Cybersecurity and Infrastructure Security Agency (CISA) advised states about these problems last summer through its coordinated vulnerability disclosure process, and Dominion subsequently released a software update, Democracy Suite 5.17, that purportedly addresses at least some of the problems.
But they also hired MITRE to attack Prof. Halderman and his research.
According to Prof. Halderman MITRE didn't do any security tests, yet it asserts attacks are "operationally infeasible", dangerously contradicting CISA's finding that the problems are "real risks" and should be "mitigated promptly". You can read the MITRE report here.*
MITRE's analysis is wrong, wrote Prof. Halderman, because it fails to account for how elections are operated in the real world. It is entirely predicated on a false assumption: MITRE says it "assumes strict and effective controlled access to Dominion election hardware and software."
The known breaches in Georgia would be sufficient to uncover and exploit every vulnerability he found, wrote Prof. Halderman, “and likely others we missed.” Yet MITRE’s risk assessment assumes that Georgia perfectly protects the equipment from illicit access across all of its 159 counties.
Astonishingly, Georgia Secretary of State Brad Raffensperger, who has been aware of the Halderman report findings for two years, announced last summer that the state will not get around to installing Dominion’s security patches until after the 2024 Presidential election.
Prof. Halderman’s findings are a reminder that elections face ongoing risks that call for vigilance from policymakers, technologists, and the public. Officials like Raffensperger should uphold voter confidence by improving security, not denying or ignoring real problems. Voters deserve better, wrote Prof. Halderman, and we agree.
*MITRE was founded in 1958 as a not-for-profit corporation to act as advisers in systems engineering to government agencies, both military and civilian. 20+ leading experts in cybersecurity and elections later wrote to MITRE's CEO Jason Providakes urging him to retract MITRE's dangerously mistaken report. https://www.dropbox.com/s/kujr9uqchwcfjve/Letter%20to%20MITRE.pdf
Secretary of State Raffensperger
Georgia Election System
Voter GA founder Garland Favorito
J. Alex Halderman
District Judge Amy Totenberg
Insecure Voting Machines
Vote changing code
Cybersecurity and Infrastructure Security Agency (CISA)
Dominion Voting Machines
Dominion security patches