Halderman Report: Dominion Machines Can Be Defeated During Certification Testing and Can Spread Malware Throughout a County

Last week, Judge Amy Totenberg unsealed a long-anticipated report by Michigan University’s Professor J. Alex Halderman.  According to a tweet summarizing his findings, Prof. Halderman claimed that not only did they find “critical issues”, such as an arbitrary-code-execution vulnerability, but that these flaws remain unpatched.  And will not be patched until after the 2024 Presidential Election, despite CISA releasing a security advisory and Dominion, in response, creating an update to the software.  Georgia Secretary of State Brad Raffensperger has been aware of the issues for two years now, and with 18 months to go until 2024’s election, he will not update the machines to help secure these vulnerabilities.

Prof. Halderman states in his blog based on the report that “the most critical problem we found is an arbitrary-code-execution vulnerability that can be exploited to spread malware from a county’s central election management system (EMS) to every BMD in the jurisdiction.  This makes it possible to attack the BMDs at scale, over a wide area, without needing physical access to any of them.”

While Halderman offers an overview of how malware can be spread throughout a county with simple access to the EMS, he also explains in the report how this can defeat the testing of the machines in two ways:  one through Hash Validation and the other through Logic and Accuracy Testing.

Hash Validation

Let’s start with the SHA-256 Hash Validation.  Hash Validation is a method of checking that the system itself is exactly the same as the system that was installed.  Any changes should return a SHA-256 hash that does not match the hash provided.

Halderman states in his report:

“…a maliciously modified app can simply show the expected hash value instead of its real one, thereby avoiding detection.

The demonstration malware changes vote data before the app computes the MAC. This allows such malware to add, remove, change, or spoil votes in the QR code while ensuring that the MAC remains valid. Alternatively, since the secret key used to generate the MAC is necessarily accessible to the ICX App, malicious logic in a modified app could use the key to generate valid MACs itself.

This implies that a malicious code installed on the machine could not only alter votes, but it could do so while remaining undetectable to testing performed on the machines before the election.

Ironically, the same state that needs more than 36 months to update these vulnerabilities (Georgia) in 2020 had an emergency update to perform on all of their BMD tabulators.  In October 2020, a display error was found regarding the Senate race in Georgia.  Judge Amy Totenberg reluctantly granted an update be performed on the machines prior to the 2020 Election less than a month away.  In that case, Prof. Halderdman testified that the testing of the proposed update was “only cursory” and that “Pro V&V…made no effort to test whether the changes create new problems that impact reliability, accuracy, or security of the BMD system.”  Dominion’s Eric Coomer testified, on behalf of Pro V&V president Jack Cobb, that the update be “de minimis”, which required less stringent testing than other updates.

Raffensperger was able to rush that update to all of the state’s BMDs in less than a month.  But now, with 36-months lead time, the Georgia Secretary of State said the task would require “tens of thousands of manhours” and therefore won’t be done until after 2024.

Logic and Accuracy Testing

The Logic and Accuracy test (LAT) is a public test that runs a selected number of ballots through the system to ensure it is properly counting the votes.  Notably, in the 2020 Election, Fulton County, GA had to delegate the LAT to Dominion themselves due to a COVID outbreak at their English Street warehouse just before the election.  They did this at the cost of $2,000 per hour and $5,000 per hour on Election Day, for a total of $2 million.

The LAT is meant to ensure to the public that these machines are working effectively.  There has been recent controversy regarding the 2022 primaries in Colorado, where Trump-endorsed former Mesa County Clerk Tina Peters lost to CTCL Board Chair Pam Anderson.  A controversial machine recount was funded by the losing candidates in El Paso County.  Despite a 53% rejection rate in the recount’s LAT prior to the official recount, election officials refused a hand recount as an alternative after the controversial failure.

Fast forward to the report, Halderman outlines how the LAT can be subverted.  This is extremely concerning.  In Section 7.5 of the report, Halderman states that:

“…demonstration malware simply tracks how many ballots have been printed since the machine was turned on and skips cheating on the first n ballots (for an attacker-configuration number).  If Georgia were to improve its LAT process by testing with a greater number of ballots, attackers could simply increase the number of ballots the malware skipped accordingly.

“No practical method of pre-election or parallel testing can rule out malware-based fraud.  Although the QR code contains a cryptographic message authentication code (MAC) that scanners use to verify its integrity, this poses no obstacle to the ICX malware.”

In Summary:

  • The Halderman Report acknowledges that malware can be installed on these machines that would undetectable using Hash Validation testing
  • Malware can subvert the Logic and Accuracy Testing and can “skip cheating” until the LAT is complete.
  • No practical method of pre or parallel election testing would detect it
  • Georgia has known about these vulnerabilities for two years, yet will not upgrade their machines until after the 2024 Election
  • Georgia officials have fought arduously to prevent quality inspection of the physical paper ballots after numerous discrepancies were found mainly via Open Records Request in the 2020 and 2022 elections
  • Georgia has previously updated all of their systems in less than a month’s time, however, three and a half years is not sufficient for this imperative security update
  • The vulnerable election software was used in 2022, while the Georgia Sec. of State was aware of the problem and was also a candidate in that contested election.

According to VoterGA.org, Raffensperger received 15% more votes in a Cobb County Vinings cityhood hand count audit:

The team found that Secretary Raffensperger received about 53% of the Republican Election Day votes for
Secretary of State in that precinct. That would be in line with the statewide voting percentages that enabled
him to avoid a runoff except that the Dominion voting system awarded Raffensperger 68.4% of those
same votes. Thus, the Dominion software attributed 15% more votes to Raffensperger’s totals than the
actual ballots seem to show when monitors counted Raffensperger’s votes.

It is also worth noting that there was a discrepancy with a ballot identified during the recounts in Georgia’s Cherokee County where a mysterious vote for Jo Jorgensen was added to a Donald Trump-voted ballot between Machine count 1 and Machine count 2.  This ballot was “re-shuffled” into a different batch to obfuscate its identity, however, due to rogue hand markings in the top right corner of the ballot, it was identifiable to citizen auditors.

ICYMI: Georgia County Using Dominion Machines Adds Vote Between Nov 3 Count and Machine Recount

Photo of author
Follow me at Rumble.com/CannCon, CannCon.Locals.com and @CannCon on TruthSocial

You can email Brian Lupo here, and read more of Brian Lupo's articles here.


Thanks for sharing!