Cyber Analyst on Dominion Voting: Shocking Vulnerabilities
1. Votes can theoretically be ignored for individuals if a straight ticket vote is selected. This setting could very welI enable “Repubiican”-style typo fraud. Many complex rules decide how the “straight ticket” option works.
2. Network Security is very weak since all software access keys use the same cryptographic pair. This gives plausible deniability to whoever potentially decides to mess around with voting settings. It cant be proven who changed a setting since everybody has the same key
3. Digital certificates are not protected by password, and Dominion user manual explicitly says not to enter a password. This enables potential for bad actors to MITM attack data traveling over network between precinct tabulator and central tabulator.
4. Cryptic “split rotation” function that features the ability to “force a maximum deviation”. There is no definition of a “split rotation”, so we cannot know what “force a maximum deviation” means in this instance.
5. Local IT guys have ultimate power to clandestinely change settings, thus having the ability to potentially alter an entire election. There are no checks and balances or observers of the local IT guy when he accesses machine debug and admin settings. Its unclear if logs exist.
6. Dominion is a black box with votes ultimately tabulated in a central server system. Who has access to the central server and where is the manual and security reviews of that server software?
7. Settings could theoretically have been changed during evening downtime on first night of voting. Much easier to change settings on hundreds of machines than to forge thousands of ballots. A couple of people could have done it quickly.
8. State of Pennsylvania requested semantic changes to the Dominion voting software, possibly to aid in their lawfare efforts. The word “Cast” became “Print”, obfuscating the moment when your vote becomes officially cast. For what reason is currently unknown.
9. There is an option to force the vote scanner to “overrun” a preset amount of ballots EVERY time anybody pauses the scan mid-batch. “Overrun” is undefined. Potential for abuse is high with this function, which was added shortly after 2018 mid-term elections. More to come later.
Many people have sent me (completely publicly available) Dominion security audits, documents, manuals, and state contracts. Have a lot of reading to do.