Previously *SEALED* Report on Dominion Voting Machines in Georgia Shows Critical Vulnerabilities
Georgia Won't Update Until After 2024 Presidential Election
Badlands Media will always put out our content for free, but you can support us by becoming a paid subscriber to this newsletter. Help our collective of citizen journalists take back the narrative from the MSM. We are the news now.
The highly-anticipated report by University of Michigan Computer Science professor Dr. J. Alex Halderman used in the ongoing Curling v. Raffensperger lawsuit has finally been unsealed, almost two years after it was initially submitted in the court case and sealed by Judge Amy Totenberg. Yesterday, VoterGA's Garland Favorito joined Bannon's War Room to overview the contents.
Favorito claimed that the vulnerabilities discovered could be used to "alter the QR codes on the printed ballots to modify voter selections." The voter would not know the ballot was going to be read inaccurately because, in Georgia, the filled bubble does not matter. The QR code contains the voters intent. And the voter cannot verify it.
Favorito has one of the only existing lawsuits in the country regarding the 2020 Election after the Georgia Supreme Court remanded it back down to the lower court after they established Favorito did, in fact, have standing to bring the case.
While the report itself is 96 pages, Dr. Halderman published a Twitter thread and a blog post outlining the findings:
The first issue Dr. Halderman discusses is a "Directory Traversal Vulnerability", which is reportedly contained within the Dominion ICX software and "allows a maliciously-modified election definition file to overwrite arbitrary files."
According to Dr. Halderman, utilizing this vulnerability, "an attacker can create a modified election definition file that will create or overwrite files in any location on the device that is writable to the ICX App ... an attacker can leverage this capability to execute arbitrary code and install malware."
Another issue Dr. Halderman discovered is called an "arbitrary-code-execution" vulnerability.
He writes:
Despite our responsible disclosure efforts, the flaws remain unpatched in GA. Among the most critical issues is an arbitrary-code-execution vulnerability that can spread malware from a county's central election management system to all BMDs in the jurisdiction—and run it as root.
This makes it possible to attack BMDs at scale, over a wide area, without needing physical access to them. Our report explains how attackers could exploit the flaws to change votes or affect election outcomes, e.g., by changing ballot QR codes, which are what scanners count.
We are not aware of any evidence that the vulnerabilities have been exploited to change votes in past elections, but, unless more is done to strengthen security, there is a serious risk that they will be exploited in the future.
The last paragraph is a bit concerning considering Dr. Halderman and Prof. Drew Springall of Auburn University were granted access to the Ballot Marking Device (BMD) prior to the 2020 Election in September 2020.
That same month, during testing, a problem with the display on the Dominion Voting BMDs was discovered and a court battle ensued over how to correct the problem. Ultimately, it was ruled that the changes were "de minimis." It is unclear whether or not the change permitted by Judge Totenberg in October 2020 was performed on the machine that the two received before the Order in September 2020.
Notably, Dr. Halderman testified in the above referenced hearing that the "report makes clear that Pro V&V performed only cursory testing of this new software. The company did not attempt to independently verify the cause of the ballot display problem, nor did it adequately verify that the changes are an effective solution. Pro V&V also appears to have made no effort to test whether the changes create new problems that impact the reliability, accuracy, or security of the BMD system.”
During their investigation, Dr. Halderman and Prof. Springall found vulnerabilities in "nearly every part of the system that is exposed to potential attackers."
The report stated, "the most critical vulnerability" they found could be used "to spread malware from a country's central election management system (EMS) to every BMD in the jurisdiction. And it can be done without physical access to any of the BMDs. The vulnerability is called an "arbitrary-code-execution vulnerability."
Dr. Halderman's report was shared with the Cybersecurity Infrastructure Security Agency (CISA) in June 2022, which allowed Dominion to update its software to "purportedly address at least some of the problems."
Shockingly, Georgia Secretary of State Brad Raffensperger recently announced that Georgia will not update the Dominion software until after the 2024 Presidential Election.
From the Secretary of State's statement:
The office also announced that there will be pilots of the recently Election Assistance Commission-certified version of Democracy Suite, 5.17, in 2023.
This software has not been deployed in any election in any jurisdiction as of yet. The pilots will examine its full functionality in a real-world setting. Also, in reviewing the processes it will require an update of the nearly 45,000 pieces of voting equipment, along with the subsequent acceptance testing.
This process will take tens of thousands of manhours. Therefore, the statewide move to 5.17 will occur following the 2024 election cycle. This will allow the state and counties to focus on executing municipal elections and running the Presidential cycle.
This response from Raffensperger is similar to that of now-Governor Brian Kemp when he was the Georgia Secretary of State from 2010-2018.
In 2017, during Kemp's tenure as Sec. of State, the Curling v. Raffensperger lawsuit was filed over concerns with the Diebold paperless touch screen voting machines being used in Georgia. Dr. Halderman helped co-author a "Source Code Review of the Diebold Voting System," which resulted in California de-certifying the Diebold machines.
According to Dr. Halderman, however, Georgia continued to use the machines for another decade until the end of 2019 "without even patching the security flaws."
Finally, in 2020, Judge Amy Totenberg ordered Georgia to replaced the machines. The Peach State would eventually settle on using the Dominion ICX machines, but did so against the advice of election security experts, "including the lone cybersecurity expert on the Governor's commission to recommend a new voting system."
Dr. Halderman ends his Twitter thread by criticizing Raffensperger for not only refusing to correct the vulnerabilities before the 2024 Presidential Election, but also for announcing it, giving "would-be adversaries a whole 18 months to develop and execute attacks that exploit the unknown-vulnerable machines."
Dr. Halderman seems to be one of the "good guys" who is genuinely interested in election integrity and securing these machines.
I have reached out via email as well as Twitter to invite him to join researchers in a discussion regarding evidence found in the 2020 and 2022 Elections and how it specifically pertains to these vulnerabilities.
To wit:
We will follow up this special report with additional research and revelations regarding Georgia's previous elections.
Badlands Media articles and features represent the opinions of the contributing authors and do not necessarily represent the views of Badlands Media itself.
Brian Lupo is an independent reporter whose work appears on The Gateway Pundit and Badlands Media. You can find him on Twitter and Truth Social, where he goes by CannCon.
So these crooked crackers are just going to allow another disastrous election to occur in order to potentially put another illegitimate person in the Whitehouse? Knowing there's problems with these machines, this is just ridiculous. It was proven that these machines were capable of changing votes in the previous election. People are not going to stand for another fraudulent election, and the whole world knows the previous one was rigged. Is there an iota of justice remaining in this banana republic?
Unbelievable! How are these politicians and “servants” to the citizens of Georgia even employed?