Editor's note: This is Part Two of a two-part series. Read Part One here.
Cyber security expert and certified ethical hacker Clay Parikh is part of a legal effort in Alabama to test and evaluate the security and accuracy of the state's voting machines. Parikh's work is connected to a lawsuit filed by Focus on America (FOA) that involves the ES&S tabulators leased by the state for elections.
Parikh spent nine years as a hacker in an election systems lab and, as such, considers all election hardware and software to be woefully inadequate when it comes to voting security. Parikh listed what he called “exploitables” within the computer system; these are the ways in which those with computer skills and malicious intent can circumvent votes and election integrity. It only takes hacking one exploitable to disrupt the information chain and thus its trustworthiness. Parikh listed three exploitables in Part One of this article.
Exploitable #4: Supply chain of subcomponents
These points of vulnerability listed so far are concerning enough, but what if the subversion is being built-in and disguised? Take, for example, the electronic subcomponents. Parikh spent his time hacking and testing systems. However, that is only a small part of ensuring national security in the Department of Defense. Manufacturers, supply chains, country of origin, chain of custody, assembly, storage and maintenance all have to be thoroughly vetted to ensure that subversion does not take place.
Parikh has worked with Air Force Col. Shawn Smith (ret.), whose job was to oversee this security effort within the Department of Defense. Smith spoke at a seminar sponsored by Mike Lindell this past summer regarding all election machines. In this presentation, Smith detailed the level of scrutiny and accountability that must be exercised before, during, and after securing any weapons, equipment or electronics for military use. Since the enemy never rests in its effort to subvert and wreak havoc, those tasked with protecting the U.S can never rest either.
Smith applied the same level of Department of Defense scrutiny to election systems and found this area to be severely lacking. In particular, machine subcomponents are premium avenues for exploitation because they are added to a larger electronic board and buried within the depths of the machine and covered further by a plastic or metal shell.
Smith held up a subcomponent the size of a lead pencil tip that was disguised as a “jumper” used in electronic boards. It was pulled from an ES&S DS 200 tabulator and referred to by Smith as Telit LE910. That little piece would be able to provide internet connectivity if not discovered by a well-trained eye.
Parikh says that he has seen it over and over again in his own line of work.
“There is no secure supply chain,” Parikh said. “I have looked at hardware listings with questionable countries on there. I have seen bogus emails and contact information for vendors.”
The fact that both Dell and HP are the two computers used in these election systems is another red flag for security concerns, says Parikh. Both are manufactured overseas.
In the ES&S reply, the public relations manager noted that this state does not require election machines to meet the basic standards of the Elections Assistance Commission.
“While Alabama does not require a federally certified voting system, you can find a wealth of information about ES&S systems and components used in Alabama on the EAC website,” wrote the Senior Manager of Public Relations, Katrina Granger.
Additionally, there are ES&S parts manufactured in other countries, including China. ES&S relies heavily on its security testing process once these parts are within the United States for assembly.
Exploitable #5: Source coding
Computers operate based on the computer coding that is entered by software programmers. Mistakes in coding can and do happen, either by human imperfection, sloppiness or by design. No amount of coding is entirely impervious to another active entity trying to exploit inherent weaknesses brought in by the human element.
Todd Dixon is in charge of security systems at a Birmingham radio station that streams online 24/7, as well as terrestrial radio broadcasting. Dixon has kept that system free from a breach through a series of best practices, including an open-source operating system, which is fully available to the public. Contrast that with closed source coding, where the company has no intention of ever letting another computer expert lay eyes or hands on their proprietary information. Depending on the value of the target, hacking entities can invest a lot of time, money and brain power in subjecting that coding to minute-by-minute attacks.
“Some companies have had their code exploited for years and not known it,” Dixon explains, “Hackers have quietly found the breach in code and used that information and data. It’s like keys to the kingdom.
“When it comes to election systems, the people who wrote the proprietary software programs can take it even further and actually tell any group or political party they want to help where the fault is in the system- where the votes can be cut or changed- and all of a sudden they have the unseen advantage because it’s software that no one can see or inspect.”
Dixon’s words from a month ago proved to be even more prescient than he realized. The CEO of Konnech, Eugene Yu, was arrested and charged by the Los Angeles District Attorney for stealing election worker data. Konnech is a software company in Michigan that created an application called Poll Chief, which recruits, trains and schedules poll workers. The closed coding used by Poll Chief not only collected the data entered by various states and sent it to Konnech, but the CEO is accused of housing that data on computer servers located in China.
Alabama does not use Poll Chief in its elections; it uses Voter Express. The Secretary of State’s office has a document for the public that lists all software and hardware used within the ES&S system.
Exploitable #6: Sophisticated enemies
All of the security risks listed so far could be dismissed as “worse case” scenarios without actual proof of persons caught in the act of such a sophisticated operation.
Enter China. Enter other hostile countries and governments. Enter those of political persuasion and ideology, within or without the U.S., who want to destroy the power of the people in this republic to seize and maintain control. What better target than the lynchpin of election integrity and the voter’s voice? If the lynchpin is compromised, so goes the results of American voters.
Former U.S. Attorney Jay Town now works for a cybersecurity firm in north Alabama. Town witnessed firsthand the undeniable evidence of what communist China has done and continues to do through technological espionage and sabotage.
“Their goal is to be the number one military and economic power in the world,” said Town. “Realize this: the China government’s budget for research and development is at zero; their budget for espionage and stealing of U.S. proprietary technology is unlimited. When the United States and China markets opened up to each other, China engaged in espionage, the likes of which the world has never seen before. China doesn’t play a short game; China is more than happy to wait a decade to steal this plan or that plan and then put them all together like a jigsaw puzzle.
“They are a very sophisticated nation, they have a plan, and they execute it very well. They are really good at what they do, and what they do is really bad. They are our enemy, and we need to treat them as such.”
The motivation to attack our election system is undoubtedly there. The means and methods are also quite robust, as detailed by computer experts who have “looked under the hood” of election systems used in the United States.
Parikh summed it up, “There may not be 1,000 ways to skin this cat, but there sure are 500. Online or offline, it doesn’t matter, [election systems] are woefully inadequate. You are basically putting your ballot into a black box, and after that, you have no idea what’s going on.”
This past September, Focus on America (FOA) was denied its injunction request by Montgomery Judge Greg Griffin. FOA is appealing to the Alabama Supreme Court and hopes to get its case considered before November 8.
Both Rebecca Rodgers and Jason Slye lament the fact that the average voter was not deemed to have standing by the judge in this case.
“What is proven with this lawsuit getting tossed out,” Slye concluded, “is that the citizens of Alabama have no standing or grounds for holding our systems or elected officials accountable, and our elected officials are immune from anything the citizens could bring up as an election concern.”
Slye says he and others have been accused of fomenting doubt in voting integrity by questioning the system and process. He begs to differ.
“What is really creating doubt is us asking questions and the lack of transparency from the conservative state leadership and the secretary of state’s office,” he said. “As a voter and taxpayer, I have a right to express my concerns. The burden of proof lies with those who have all the information and data and can look into it.
“They have done nothing to prove there was no hacking other than to say, ‘Just trust us.’”
Parikh takes it even further in his analysis.
“This is about power,” he said. “The haves against the have-nots and who is willing to pay to keep the power. Ultimately, I sum it up as good versus evil."
To connect with the author of this story, or to comment, email [email protected].
Don't miss out! Subscribe to our newsletter and get our top stories every weekday morning.