HackerTrans
TopNewTrendsCommentsPastAskShowJobs

tyc85

no profile record

Submissions

Ex Military Intelligence Showing Vulnerabilities in US Voting System [pdf]

courtlistener.com
5 points·by tyc85·6 anni fa·13 comments

comments

tyc85
·6 anni fa·discuss
Second that, and I'd like to add google too with the following alternatives: 1. search: duckduckgo 2. email: proton

I know google is more pervasive in services, these two can be a good start.
tyc85
·6 anni fa·discuss
that's cool. thanks!
tyc85
·6 anni fa·discuss
DEF CON reports two years ago: https://news.ycombinator.com/item?id=18112172

typo: it's going to be interesting and* useful.
tyc85
·6 anni fa·discuss
Hey, thanks again for challenging the thoughts and I learned something new.

I found an "expert" affidavit that shows the name (Navid Keshavarz-Nia):

https://www.courtlistener.com/recap/gov.uscourts.mied.350905...

Wonder if this one shows more merit so we can get on track to discuss if there's some serious vulnerabilities. It is more high-level though.
tyc85
·6 anni fa·discuss
Second that this has to be the most important thing right now.

Other than the vulnerability report, I am also reading through many other data analysis as well. To be honest, some of the analyses are intriguing at the minimun. I am starting to collect my own dataset. Please reach out if anyone is interested too.

Data scientists on HN, how is this not at least fun to play with? Prove it right or prove it wrong, it's going to be interesting the useful. If there's anyone working in kaggle group, it has to be an interesting dataset to put together for exploration!
tyc85
·6 anni fa·discuss
Thanks for digging out the details of hit credentials. It's possible that his credentials may not be as "qualified" to make such big allegation? I don't think I can make a judgement just based on the information you provided until I know what's his real duty and his past experience are. I tend to judge just based on the information he provided. And thanks to your other information, I see the flaws :)

Here's an "expert" affidavit that shows the name (Navid Keshavarz-Nia):

https://www.courtlistener.com/recap/gov.uscourts.mied.350905...

At least I want to know whether the system is really vulnerable, since if it is, it can go either way. Perhaps this should be another thread :)
tyc85
·6 anni fa·discuss
Hey, thanks for the reference link from medium. That's a pretty good write up. I learned a lot. The author seems a bit biased though, when he claim quite strongly that: "Therefore, all the claims in the report about dominionvotingsystems.com — while potentially valid — have nothing to do with dominionvoting.com." After stating some of his own findings. I somehow feel like it's a hard sell to me that dominionvotingsystems.com is absolutely not related to dominionvoting.com given the name. And the fact that they used to redirect back in 2011 add some probability of the relation, however small probability you would weigh in for that addition. The changed of hands from Canada to US and back to China, does not reduce the chance of relation. If may increase the chance of relation given the company's footprint.

In sum, I can now see that this affidavit drew weak connections and made strong conclusions. So the credibility of the allegation is not that high. But to be fair to the person, it is court filing and he will be accountable for lying.
tyc85
·6 anni fa·discuss
I see. Thanks. Before you pointing out that you have high confidence the person should be "Dennis Montgomery" I cannot see the relation. If so, those links are indeed related :)

Will lookup this guy.
tyc85
·6 anni fa·discuss
Hi, appreciate the suspicious things you pointed out. I do think there are gaps in the allegation. It could be all absurd. I'd like to find out what are absurd, and what are not. The judge, the lawyers know who this person is since it is a court filing. He is still under penalty of perjury. His credentials are described in first page. Again I'm here to learn what experts think of these connections. They can be weak and point to nothing, and I am happy to hear about it. At least next time my radar will be sharper.

Here's how I understand some of his points, and willing to be corrected:

- and 75 hashed passwords available in TOR nodes => I interpret it as he can find passwords available to login these systems. Is this plausible? Does that show the system could be vulnerable, or not really?

- dominionvotingsystems.com domain was registered on 5/28/2020 => this only show it was registered again, correct? The redirection from dominionvotingsystems.com cease to exists sometime between 2011 and 2020, that's true.

- This Dominion partner domain “dvscorp” => I thought the key is that the same domain is hosted on the same server hence have some relation. But I could be wrong, that all of these are just hosted by the some ISP service, and somehow the ISP would cohost unrelated domain on the same IP or server/VM.

His stated credentials: I was an electronic intelligence analyst under 305th Military Intelligence with experience gathering SAM missile system electronic intelligence. I have extensive experience as a white hat hacker used by some of the top election specialists in the world. The methodologies I have employed represent industry standard cyber operation toolkits for digital forensics and OSINT, which are commonly used to certify connections between servers, network nodes and other digital properties and probe to network system vulnerabilities.
tyc85
·6 anni fa·discuss
Thanks for sharing but not related to the question I asked or the court filing I shared. I would encourage people to read more court filing, and less news media on the internet. At least those are sworn under oath and under penalty of perjury.
tyc85
·6 anni fa·discuss
I wonder how would hackers look at this analysis/information.
tyc85
·6 anni fa·discuss
Does NYT really have the vote counts time series available publicly? It would be an interesting dataset for future study. You either prove there is anomaly (for various possible reasons) or you find ways to model it and explain it rationally.