The Maricopa County Forensic Audit of the 2020 General Election continues to move forward, despite efforts made to shut it down. According to Senate President Karen Fann, Audit Liaison Ken Bennett and other audit team leaders, The Maricopa County Board of Supervisors refusal to comply with Subpoenas has slowed the progress of the Audit.
Ben Cotton, who is a used as a court recognized expert witness in digital forensics and has more than 25 years of experience with forensics both for the U.S. government and the private industry, claims that the Board of Supervisors is refusing to provide the audit team with access to the routers used in the November election.
“It’s critically important to substantiate some findings that we are seeing to have access to the routers. There are a number of things that we know as a matter of fact to have occurred and we need to take that info and validate it. So we know through public record and statements that an element of the election system was compromised or breached during the course of the 2020 election. It is matter of public statement by Maricopa County as well as legal action and law enforcement action surrounding that particular incident. The registration server that was public facing did have unauthorized access to that, in cyber security terms it was breached.”
“We know that the county has accepted that as an unauthorized break because they actually issued a letter to the small subset of voters that were affected by that breach. In that letter they admitted there was a breach.”
Cotton then revealed that his team discovered the security of the election management system and network were highly vulnerable to attack during the November election meaning that anyone could have hacked into the machines on election night,
“The second item is it has become readily apparent in the course of our analysis that there are severe cyber security problems in the way the Election Management System and network was maintained. For example if you walk into an average home computer you will find that the antivirus definitions that protect that system from malware have been updated in the last week. You will find that there have been system security patches set by Microsoft or by Apple. Typically with in the last week, and you will find that system is patched and the antivirus definitions are up to date.” Cotton added,
“Sadly that is not the case for any of the endpoints that we have looked at inside of the mc Election Management System. The last time that the antivirus was updated on these systems was the date that the Dominion software was installed on the systems. That happens to be August of 2019. There have been no operating system updates or patches since that same date. What that creates is a tremendous vulnerability for anyone who could get access through a system such as, if for example the registration server was serving as a jump box, in other words it was dual network so that it was public facing and also private facing into the election system, if someone accessed that system they would have no difficulty at all penetrating and getting system level access.”
Peterson: “So if they were able to get access how long would it take someone to hack in?”
Cotton: “The vulnerabilities that exist on this systems would take an average script kitty less than 10 minutes to get access to these systems.”
Senator Petersen: “So we are talking high vulnerability?”
Senator Petersen: “So we need to get the routers, even if its just a report they can scan it they can look at it they can do whatever they need to do to make it safe, we just need to see the traffic. Now they brought up security concerns, do you believe these are valid concerns for sharing the routers with us?”
Cotton: “They are not and let me explain why. So when you think bout a router think about someone delivering the mail to your mailbox. That router is simply the mail carrier. On a standard envelope you’re going to put your return address and the address its going to. The mail carrier looks at that, they know where to route that and they will simply route that letter so it’s delivered. With a router its very similar. With each package of data you have you have an address to where its going to, you have an address form where it came from, but you don’t have the actual content or the letter, that’s contained in the envelope, with in the actual router itself.”
Senator Petersen: “So you won’t see any social security numbers or driver’s license numbers or any sensitive data?”
Cotton: “You will not.”