LM K wrote: ↑Wed May 12, 2021 8:18 pm
Slim Cognito wrote: ↑Wed May 12, 2021 6:51 pm
Wifi router connected to audit servers sounds iffy. Or is that normal?
There shouldn't have been a router or hard drive on the counting floor period. Certainly volunteers can help with "the Twitter" without wifi.
I don't agree.
Some sort of servers are probably necessary for the vote scanners to upload vote tallies to. However, all the servers and devices should be connected with each other via cat-5 ethernet cable. There should be no connection to any device that is connected to the internet. That is what the term "air gapped" means. Only air sits between the server(s) and the outside network. Not even a firewall. No path to the internet, period. But some servers are probably necessary.
After all, the voting machines and scanners are designed to work on a local area network, in the counting room of the county board of elections. It would be virtually impossible for the devices to function without a server to talk to.
Having a wifi router connected to one of the servers creates a potential path to the internet and who knows where.
The article mentions that it is the same kind of router one might use in the home. Home routers usually come from the factory with extremely lax settings. Any device is allowed to connect to the wifi router. You must take positive steps to configure the router to use passwords or specific MAC addresses, in order to prevent unauthorized access. Its all in the configuration.
Then too, the configuration of the servers is a question. Windows based servers, for example, by default, have an administrator account that has virtually unfettered access to anything and everything on the server. There is also a default network shared drive called C$. This gives any account with the proper permissions access to everything on the C: drive. If the server had other hard drives, such as a D: or E: drive, there is a default share for D$ and E$. Back when I was actively working on Windows servers, the default userid was "admin" and the default password was "admin". It was recommended that the first thing you do when setting up such a server is to rename the administrator userid and to change its password. Was this done? The bad guys know this.
Imagine this scenario: The server(s) are setup using default Microsoft security. That in itself is a bit of a problem, because any potential bad actor knows how that security works. Further imagine that they took the wifi router out of the box, attached it to the server with a cat-5 cable and turned it on, without reconfiguring its internal security options to limit access. The wireless cameras being used then legitimately connect to the server via the wifi router.
So far, so good, although if you're at all computer savvy, you can probable already see the security flaws.
Now, imagine a bad guy, possibly not even inside the arena, but sitting in his car with a wifi-enabled device, such as a laptop. If he has somehow found out the adminstrator password of the server inside the arena, he can easily connect to that server and download anything he likes from the server. He could even plant false evidence of the "fraud" that they are looking for. If the bad guy is inside the arena, its even easier.
It is possible to harden this network I've imagined, but its not easy, especially if these servers were setup hastily. Tight security takes a lot of time and thought to lock a system down.
They should not have been using any wifi equipment in the first place. The presence of a wifi hotspot creates a potential hole in the security. Guarding against intrusion in such a network depends on software and proper configuration of that software.
If the system were truly "air gapped", there would be no potential path to the internet. For security purposes, a wifi router must be considered to be a direct connection to the internet. While wifi transmits its signals through the air, it is the equivalent of a cable connection. If the only way the devices on the arena floor can communicate with each other is via a physical cable, the system is inherently secure. Breaching such a system requires physical access. The bad guy would have to be able to walk up to the server and touch it or plug a flash drive into the server's USB port. Or use a patch cable to directly connect to the server. Introducing wifi makes the system inherently insecure.
Such access would be highly visible and tough to pull off, at least if they really had decent security. Reports are that doors were left open and unguarded. That means anyone could walk in. The volunteers doing the counting probably don't know each other, so would not identify recognize someone who didn't belong there and wouldn't know that that person had no reason to interact with the server(s).
Given that the people running this recount (its not an audit, its an unauthorized recount) have so far shown little evidence that they know what they are doing, I would have zero confidence that the system is secure.
That said, I have seen no evidence that there actually HAS been a security breach, but I can see a lot of potential gaps in their security, and I'm not even a network security expert. (Note: the bad guys ARE network security experts).