https://theswamphunter.substack.com/p/lawsuit-alleges-dominion-master-encryption
A lawsuit against Georgia Secretary of State Brad Raffensperger was filed in Fulton County Georgia on August 30, 2020, by the Dekalb Republican Party over the security of the Dominion Voting Systems used in the state’s elections.
The application for a writ of mandamus alleges that “the Secretary of State’s failure to enforce the mandatory requirement that Georgia’s election systems be EAC certification-compliant has compromised all passwords and administrative level controls on Georgia’s election systems.”
It cites Georgia law requiring that the systems “be certified by the Election Assistance Commission”, and claims “Georgia’s Dominion’s systems violate that certification requirement by placing the encryption keys on its election systems in an unprotected state and in plain text within county election systems readable to anyone with licit or illicit access to the system.”
The lawsuit also says that “four Georgia counties produced election data for the 2020 election pursuant to open records requests issued more than two years ago”, and that “data has been lawfully published online.”
It explains:
“The encryption keys for these counties’ systems are included in these public records disclosures, and the administrator and technician passwords are also accessible to the public. In short, the Secretary of State’s failure to enforce mandatory security requirements for encryption keys has compromised Georgia’s election systems and left them vulnerable to any malicious actor – foreign or domestic – to manipulate election results without likely detection.”
That open records request revealed that in 2020, or perhaps even now, those counties were using the same global password identified by Cyber Ninjas in Arizona. Analysts Phillip Davis and Kevin Moncla say their loose-knit group of activists has seen usernames like “MRE Super Admin” and “Return Office Admin” with “identical passwords for every system we examined”, and that those passwords may have been in use for 14 years or more.
Davis, who specializes in fingerprint and image analysis, tells me that password is “dvscorp08!”, which is now widely known among analysts, and is confirmed on the EAC website in a report created in 2012.
You may want to make a note of that password, because activists tell me they intend to print it on T shirts to emphasize the severe lack of basic security protocols.
Davis also details these security vulnerabilities on pages 188-195 of a 204 page report he authored titled “Ballot Integrity Analysis” which he published earlier this year.
While the Dekalb GOP lawsuit and its allegations have gone relatively unnoticed by the media, and a public that seems to have grown weary and somewhat skeptical of issues involving Dominion, the claims being made here are shocking, explosive, and demand our attention.
Analysts obviously cannot say exactly how many machines have the same security vulnerabilities, but they do say they exist on all those they have been able to study, in multiple states, and could exist in all of them. They also tell me they have seen no evidence that those flaws have ever been exploited to fraudulently alter an election.
But experts also claim those security issues can be exploited, in mere seconds, to execute a script that would modify the code in their databases that are used to calculate the total number of votes per candidate. A similar script could then be employed to remove that modification.
If that were done following logic and accuracy testing, would anyone be the wiser?
The Atlanta Journal and Constitution reported in January 2024 that University of Michigan computer science professor Alex Halderman performed just such a move in the middle of a federal courtroom during his testimony the Curling v. Raffensperger case, which also involved Dominion.
Using “a pen to reach a button inside the touchscreen” he “demonstrated how someone could meddle with a Georgia election within seconds.” But Plaintiffs are still awaiting a decision in the case from Federal Court Judge Amy Totenberg, an Obama appointee.
Kurt Olsen, one of the attorneys in the Dekalb County action, told me he first raised the encryption key issue in connection with the March 2024 petition for writ of certiorari filed in the Supreme Court in a case entitled “Kari Lake and Mark Finchem v. Adrian Fontes, Arizona Secretary of State”, et al.
He also said:
“Since at least 2019, Dominion Voting Systems has placed the master cryptographic keys, used to encrypt/decrypt system passwords and election data, unprotected and in plain text on an election database table within Dominion’s voting systems in every system our experts inspected from six states.
Thus, it appears these keys may be stored this way on all Dominion systems. If so, in any jurisdiction using Dominion’s systems, Dominion – or any actor who knows where to look – can gain total unauthorized access and control over election systems and election data which can then be altered, fabricated, and transmitted. Key logging features recording system activity can be manipulated to render any penetration of the system nearly undetectable.”
In a declaration included in the suit, cyber-security expert Benjamin Cotton said, “Simply put, this is like a bank having the most secure vault in the world, touting how secure it is to the public and then taping the combination in large font type on the wall next to the vault door.”
Based on expert testimony and testing results, the suit also alleges:
“A nefarious actor may also have already exploited these vulnerabilities in multiple ways. For example, malicious code may have been placed on Georgia’s election systems that could modify the electronic tallies at will, change the running code on these systems, and compromise the integrity and outcome of an election without detection. Even if not previously exploited, a malicious actor could take the same actions with respect to the upcoming 2024 election and alter the election results.”
While these claims will no doubt amplify those made against Fulton County in Georgia State Election Board Case number 2023-025, known colloquially as the “Moncla-Rossi” case, Davis is quick to point out that they are somewhat unrelated.
The Dekalb GOP lawsuit centers on security vulnerabilities, while the Moncla-Rossi case centers on over three thousand duplicate ballot images and other irregularities found in Fulton following the 2020 recount that, according to analysts I spoke with, are not attributable to those same lapses.
That said, election integrity activist Kevin Moncla tells me he is about to file several new cases with the State Election Board to include duplicate, missing, misread, or invalid ballot images recently found in several other counties as well.
And now that SB202 has passed, analysts should be able to obtain the data needed to analyze all of Georgia’s 2024 General Election votes, and they expect to find similar issues regardless of security concerns.
Dekalb GOP chairwoman and cybersecurity executive Marci McCarthy summed up their suit against Raffensperger saying, “The integrity of Georgia’s elections is at stake. Voting is your most sacred right as an American citizen, and this lawsuit is about holding elected officials, especially the Secretary of State who is the custodian of Georgia’s elections, accountable for ensuring that our voting systems are protected, trusted, and verified. Georgians deserve not just trust but validation that their votes are secure and accurately counted.”
The action asks the court to “order the Secretary of State of Georgia to comply with the aforementioned Georgia elections code and other elections regulations.”
Edit: A hearing has been scheduled for Monday (9/30) morning in front of Fulton County Judge Scott McAfee. His YouTube channel, where the hearing is expected to be televised, is here.