Former Hacker Scoffed At U.S. Election Security


Pospieszalski scoffed at statement by DHS on election security:  "..how would they know?"

In an interview with One America News, former hacker and current Director of Block Chain Technologies for Exemplar Companies, Michal "Mehow" Pospieszalksi, scoffed at the statement from DHS about the security of the 2020 U.S. Election.

When asked if he agreed with the DHS claim that “The November 3rd election was the most secure in American history, "  Mehow laughed and said:

"No.  No I don't agree with that because how would they know?  The voting machines don't report back to headquarters.   There's no self-diagnostic.  They don't have software that sits there and sniffs out the hacker of bad behavior."

Pospieszalski passed 70+ certification exams resulting in 20+ IT and programming certifications from Sun, Novell, Microsoft, Oracle, and Cisco. He has worked on network security and software security and performed some of the most pioneering early security work on gambling devices, electronic voting machines, military and intelligence systems as senior technical staff positions at Cigital and LECG Corporation.

Expanding on the discussion of the 2020 election, Mehow stated:

"We have known vulnerabilities that are publicly and secretly known....it is possible to alter the outcome of the election by manipulating the process that the ballots are going through in their verification.   It is also possible to enhance those attacks to make them more plausible by tweaking things inside the software...

...you don't necessarily need to have to be a hacker to do things.  You can just be an admin..."

The latter statement is supported by witness affidavits stating that election workers were interacting with the voting system by inserting thumb drives and uploading information.

While the so-called fact checkers were quick to dismiss claims of nefarious activities regarding thumb drives, it is a security best practice that only a limited number of individuals have authority to utilize removable media.   

Here is an excerpt from the security guide from the state of Texas:

a. Create a Removable Media Policy as part of the Election Information Security Policy defining a list of approved media and their uses. Removable media includes USBs, Thumb drives, Memory sticks, Data cards and CDs. 

b. For general purpose removable media use, allow only encrypted USB devices 

c. Assign removable media device management to a single person 

d. Keep a log to track removable media assignments and regulate their use at all times. 

U.S. Election Runs on Sneakernet

The U.S. election can't run without thousands of people uploading information from flashdrives/thumbdrives into the election system -- and that's a major vulnerability.   

The WSJ wrote that the election runs on "sneakernet" because it's more secure than the internet.   

That's debatable.

While most election workers are upstanding citizens and do their jobs responsibly, it only takes a handful of individuals with access to the system to upload malware to alter the election results or simply manipulate the results by uploading phony results.

In any secure system, there must be auditable data.   

As mentioned earlier, the number of individuals who have access to the system must be limited and there must be accountability for every piece of removable media that contains electronic data that has been introduced to the system.

The latter doesn't happen.  

From the WSJ:

Charles Stewart III, professor of political science at Massachusetts Institute of Technology and co-director of the Caltech/MIT Voting Technology Project stated that by the end of election night some voting hubs can “end up with a trash can full of thumb drives to make sure they’re not cross infecting the machine that’s accumulating the results.”

Stewart unwittingly confirmed that there is no accountability for electronic media, thus there is no accountability for our election results. 



Ray Blehar, November 25, 2020, 9:29 AM, EST

No comments:

Post a Comment