In the first part of this series about the stunning testimony and presentation of Professor Dr. J. Alex Halderman of the University of Michigan in the federal lawsuit Curling v. Raffensperger, The Gateway Pundit covered in more depth the ease of exploiting a “BIC pen hack” and, moreover, creating simple, inexpensive smart cards for voters, poll workers, and most importantly, technicians to attack a Dominion ICX BMD or ballot marking device.
You can read the first part here.
But there was a lot more that was revealed in Judge Totenberg's courtroom regarding the vulnerabilities of these electronic voting devices.
To recap the first part, Dr. Halderman was able to use a simple BIC ballpoint pen to reboot the Dominion ICX BMD by simply inserting it into the power button on the back of the device and holding it down for five seconds. This rebooted the device into safe mode and allowed the superuser access, giving the attacker almost unlimited capabilities to manipulate data on the device.
Professor Halderman was also able to use a smart card purchased for $10 online and a $20 USB smart card reader from Amazon to program voter cards that could be used over and over again at the county level. He also made a poll worker card and, more importantly, an art card that would also grant “super user access.”
We've learned that Dominion ICX BMD dealing orders can be automated – just insert the card and it does the rest. Furthermore, nothing other than general information was needed to complete the programming.
These cards require some experience to program, but once the counterfeit cards are manufactured, anyone can insert them into the device and automatically exploit the vulnerability.
Here again is the transcript of the court hearing and Professor Halderman's testimony.
But there has to be a way these attacks can be detected, right? not necessarily.
There is no evidence of exploitation
Then Dr. Halderman showed how he could Delete parts of the system's audit log in order to delete any evidence that he entered and modified the system. . . . Dr. A.S. Halderman testified:
Professor Halderman: “Now I'm back in the technician menu… and what I'm going to do is I'm going to go to the file manager and open the ICX audit log file. This is one of the log files that the machine creates, and I'm going to open it using the on-screen text editor.
What I've just done with the technician card is I've loaded this technician card with the automated commands that I want to run in a way that they show up in the audit log. But I'm going to Open the audit log and edit it using the on-screen text editor.
I'm actually going to highlight the part that came from my card and hit the trim button to move it to the device clipboard. And I'm going to save the audit log just to show you that I can delete parts of the audit log using the on-screen text editor.
Dr. Halderman described it as deleting log entries “Otherwise, this would be evidence of some violations.” He could cover his tracks so anyone could find out what access he had and what he was able to do with the Dominion ICX BMDs.
Apparently for demonstration purposes, Dr. Halderman performed each step manually, but testified that it could be done “programmatically.” Insert the card and let the device do the rest. He also testified that he could enter an order quickly “Take out the other automated commands from the log file copied from my technician card and execute them.”
Bunny bash
Dr. Halderman then demonstrated perhaps the most dangerous exploits of the vulnerability, in this author's opinion, at least.
The following demonstration was not conducted live in court, but rather via a continuous video recording using the Fulton Dominion County ICX BMD ballot recording device. This video was broadcast live in court.
The “attacker” in the video reached behind the printer accompanying the Dominion ICX BMD, disconnected the USB cable and connected the so-called Bash Bunny. The device looks like a large USB drive, but with Bash Bunny, the attacker is “able to load it with a series of commands that he will then send to the device as if it were a keyboard.”
“…Bash Bunny will start driving the device, and you can see it move through a series of objects on the screen. This is the USB device that controls it.
It will go through the settings and adjust them, as described in the report. You will then open a terminal, gain superuser access, and take the steps To install malware Stored on the same USB device.
Now, USB – the malware is a copy of the ICX application that we have – we extracted it from the device and modified it a little bit to add some malicious functionality. The Bash Bunny device installs the malicious version of the application on the device and replaces the version that will work regularly.
It's all done automatically. The “attacker” simply plugged in the USB device and completed the software installation and replacement Less than two minutes. Once the Bash Bunny is programmed, there it is There is no special skill required to initiate this attack.
The Bash Bunny costs about $100 and can be used Without removing or tampering with any of the seals On Dominion ICX BMD. As Dr. Halderman testified, an “attacker” could use a cable coming out of the printer to connect the Bash Bunny instead of removing the seal and connecting it directly to the Dominion ICX BMD. According to Dr. Halderman, this connection is not usually closed.
Part three of this series follows.
During Dr. Halderman's testimony, attorney David Ollis was not permitted to ask Dr. Halderman any questions. Ollis is represented by co-plaintiff Ricardo Davis of VoterGA.org. Yesterday, The Gateway Pundit reported that Ulysses was able to make representations to the court regarding the testimony of Dr. Halderman and Dr. Philip Stark.
Death penalty lawsuit against Raffensperger: Evidence of voting machine vulnerabilities and 2020 Fulton County election issues entered into federal register | Critic Portal | By Brian Lobo
The trial involving this dramatic testimony and live demonstration is currently underway in the Northern District of Georgia in the court of Judge Amy Totenberg.
