ALERT#Plebchain: A federal court in Northern District of Georgia (Atlanta Division) will allow plaintiffs to proceed to trial after they presented expert evidence which found 7 core vulnerabilities in the Dominion voting system:
"1. Attackers can alter the QR codes on printed ballots to modify voters’ selections;
2. Anyone with brief physical access to the BMD (ballot marking device) machines can install malware onto the machines;
3. Attackers can forge or manipulate the smart cards that a BMD uses to authenticate technicians, poll workers, and voters, which could then be used by anyone with physical access to the machines to
install malware onto the BMDs;
4. Attackers can execute arbitrary code with supervisory privileges and then exploit it to spread malware to all BMDs across a county
or state;
5. Attackers can alter the BMD’s audit logs;
6. Attackers with brief access to a single BMD or a single Poll Worker Card and PIN can obtain the county-wide cryptographic keys, which are used for authentication and to protect election results on
scanner memory cards; and
7. A dishonest election worker with just brief access to the ICP scanner’s memory card could determine how individual voters voted."
The main conclusions of the expert analysis of the Georgia computerized Dominion voting systems, as described by the Court:
"• The ICX BMDs [Dominion's ballot marking devices] are not sufficiently secured against technical compromise to withstand vote-altering attacks by bad actors who are likely to attack future elections in Georgia. . .
• The ICX BMDs can be compromised to the same extent and as or more easily than the AccuVote TS and TS-X DREs they replaced. . . .
• Despite the addition of a paper trail, ICX malware can still change individual votes and most election outcomes without detection . . . Although outcome-changing fraud conducted in this manner could be detected by a risk-limiting audit, Georgia requires a risk-limiting audit of only one contest every two years,27 so the vast majority of elections and contests have no such assurance. And even the most robust risk-limiting audit can only assess an election outcome; it cannot evaluate whether individual votes counted as intended. . . .
• The ICX’s vulnerabilities also make it possible for an
attacker to compromise the auditability of the ballots,
by altering both the QR codes and the human readable text. Such cheating could not be detected by an [risk-limiting audit] or a hand count, since all records of the voter’s intent would be wrong. . . .
• Using vulnerable ICX BMDs for all in-person voters, as Georgia does, greatly magnifies the security risks
compared to jurisdictions that use hand-marked paper ballots but provide BMDs to voter upon request. . . .
• The critical vulnerabilities in the ICX — and the wide variety of lesser but still serious security issues — indicate that it was developed without sufficient attention to security during design, software
