On January 7, 2021, the day following the attempted coup, a workforce of computer forensic industry experts entered the elections business in Coffee County, Ga, welcomed by the nearby elections supervisor. The staff, who labored for an Atlanta-dependent corporation termed SullivanStrickler, experienced been employed by Sidney Powell, one particular of Donald Trump’s attorneys. They had been accompanied by an Atlanta bail bondsman named Scott Corridor, who is reportedly a brother-in-regulation of David Bossie, a Trump marketing campaign adviser. The then chair of the Coffee County GOP, Cathy Latham, who has been subpoenaed in relationship with her purpose as a single of sixteen fake electors in the state who signed an “unofficial electoral certificate” following the 2020 election, joined them as effectively. Through the system of the day, the forensic gurus copied election-device software program and 2020 voting knowledge.
In March, 2021, during a recorded cell phone dialogue with Marilyn Marks, the executive director of the Coalition for Excellent Governance—a nonprofit that functions on election transparency and security—a guy identified in court papers as Corridor said, “We went in there and imaged just about every difficult drive of just about every piece of gear.” He included, “We generally had the entire elections committee there, and they stated, ‘We give you permission. Go for it.’ (In accordance to Marks, “The elections board was not there—only a person member was there, and we consider that only 1 member was mindful of the breach.”) The data files had been then copied for others to study on a password-protected website . Mainly because all Ga counties use the exact same Dominion Voting Techniques machines, anybody with access to the Espresso County software package had obtain to the election-administration method of all voting devices in the point out. At least a dozen states use the exact Dominion process.
The extent of the breach failed to appear to light-weight right until surveillance movie was attained this previous summer in the program of discovery for a lawsuit—Curling v. Raffensperger—that the Coalition for Great Governance had initiated, in 2017. The suit was brought by the group on behalf of the named plaintiff, Donna Curling, a resident of Fulton County, Ga, and a member of the coalition, to compel the point out of Georgia to abandon touch-monitor digital voting equipment and swap to hand-marked paper ballots. (This was extensive right before appropriate-wing partisans, confident that the 2020 election had been rigged, also began railing versus computerized election equipment. Marks reported that she commenced recording the dialogue with Corridor when he informed her that his associates experienced acquired confidential information related to her group’s case.)
When the coalition introduced the accommodate, Georgia was even now applying touch-display screen desktops beneath contract with Election Techniques & Software program, the country’s largest maker of voting equipment, which presented no voter-verifiable or auditable report of a voter’s options. In 2019, the US District Court judge Amy Totenberg dominated that the point out required to change those devices just before the 2020 election. Ga switched to Dominion’s Democracy Suite ImageCast X, a various form of computerized voting equipment, regarded as a ballot-marking unit. Marks’s corporation continued to pursue the circumstance mainly because, whilst the new voting equipment delivers voters with a paper document showing their ballot options, it encodes those options in a QR code that voters can’t read through, and it is that code that is used to history the voters ‘ selections. Some pc researchers have instructed that it would be possible for a malicious actor to use the QR code to flip votes with no the voters’ know-how.
Choose Totenberg allowed an qualified for the plaintiffs, J. Alex Halderman, a professor of computer system science at the University of Michigan, to look at the ImageCast X equipment and the program that undergirds them. A courtroom purchase was needed, simply because the Dominion computer software, like just about all software that operates our election systems, is proprietary to the company, which suggests that it is off-restrictions to outdoors investigators. Soon after twelve weeks of analyze, in July of 2021, Halderman and a colleague made a ninety-six-webpage, 20-five-thousand-term report, determining a amount of severe vulnerabilities in the software package that could probably be exploited by persons aiming to subvert an election. Totenberg then sealed the report to all but the experts for both equally sides and their in the litigation, in section so as not to even further the stolen-election narrative. Halderman, for his section, has regularly defined that, just simply because a technique has flaws, it will not mean that these flaws have been utilized to transform votes In point, there is no evidence that the flaws have been exploited in Georgia or any place else.
The Cybersecurity and Infrastructure Safety Company (CISA), the arm of the Division of Homeland Stability (DHS) charged with overseeing election safety, was supplied a copy of Halderman’s report to critique, and observed it sufficiently regarding that, this earlier June, it issued a security advisory to election personnel throughout the nation, warning them of nine of the vulnerabilities it outlined. Possibly to reduce community concern, the authors of the advisory pointed out that the vulnerabilities could not be exploited except if an attacker had “actual physical obtain to personal ImageCast X products, access to the Election Management Program (EMS), or the potential to modify files before they are uploaded to ImageCast X devices.”
When a reporter for the Atlanta Journal-Constitution questioned Brad Raffensperger, the Georgia secretary of condition and the defendant in the situation, about the report, 6 months following it experienced been submitted to the courtroom, he was dismissive. (Raffensperger experienced been offered authorization to browse the report in November, 2021.) “Claiming you can split into a process after remaining supplied unfettered access”—by which he meant the obtain that Totenberg had provided Halderman—“is like boasting you can split into a residence immediately after getting offered the keys and alarm codes,” Raffensperger explained. (What neither he, nor the CISA officials, nor Halderman then understood, was that this was exactly what experienced occurred months in advance of, in January, 2021, at the Coffee County elections office environment. There is also online video displaying that, beginning two months right after the initial breach, other operatives affiliated with Prevent the Steal were being provided obtain to the office, which includes Doug Logan, the CEO of Cyber Ninjas, the organization driving the discredited, partisan “audit” of Maricopa County, Arizona .)
Halderman informed me that those people who criticized his conclusions, as Raffensperger did—on the ground that they didn’t pertain for the reason that he experienced been handed the software and specified months to study it—aren’t having into account how hackers operate. “The way authentic assaults do the job isn’t that an individual walks up to a pc terminal for the very first time, without the need of ever possessing noticed the process in advance of, and is abruptly coming into internet pages of code that are likely to make every little thing hacked,” he said. “Adversaries get entry to systems, normally by phishing attacks, and examine them, typically at some leisure, and invent or find means to manipulate them with destructive code. It truly is only later on, when it truly is time to strike, that an attacker would will need some form of obtain, probably to insert a USB adhere or mail an e-mail with that destructive code attached.”
Even in advance of the surveillance tape of the breach was found out, there was potent evidence that a little something untoward had took place at the Coffee County elections business office not extensive immediately after the 2020 election. That December, the elections supervisor, who was sympathetic to Trump’s declare that he had been robbed of victory, posted a online video to YouTube purporting to element a plan that would enable someone with administrative privileges to alter votes. The online video, which was extensively circulated, inadvertently gave viewers an unobstructed view of the password to the county’s election-management method, which was taped to the supervisor’s pc. She resigned, under pressure—ostensibly for fudging time sheets, in February, 2021. In April, the new elections director located a organization card for Doug Logan in the office environment. The director later on alerted greater-ups at the state elections workplace and at the secretary of state’s office, but, in accordance to his testimony in the Curling situation, no one adopted up with him.