lowenz on 11/1/2021 at 09:18

---

Now you know why "representative democracy" is an awesome route to tyranny? :D

Cipheron on 11/1/2021 at 09:29

---

No, you just can't read.

The term "botnet" isn't even mentioned in the paper, even once. That's above the pay grade of the moron who wrote that.

What he does do is us a publicly available "similar domains" tool to find completely unrelated domains. See sectiion 14 onwards, that's the meat of this claim that the entire thing is built off: the "similar domains" tool. But all that does is find ones with a similar spelling. They're not actually related in any way, and the guy writing this didn't even attempt to show that they're actually related. It's like saying carrots are a type of car because carrot has the word "car" in it.

For example one he "uncovers" is "dv.scopr.com" which the tool found as "similar" to "dvscopr.com". Merely because the spelling is similar. The problem is that there's no connection there at all. scopr.com is entirely different to dvscopr.com, even if the owner of scopr.com (an entirely unrelated company) made a subdomain called "dv".

And remember, go read it yourself, the "similar domains" are all similar to dvscopr.com, which is a typo of their actual, but long defunct, website dvscorp.com. And another critical point here is that "dvscopr.com" doesn't even exist. It's not a registered domain by Dominion or anyone else. See the whois:
(https://who.is/whois/dvscopr.com)

So this guy probably tried a few random misspellings of their old website, then found one of those which happened to have a similar spelling to a website in China, and thought "that's good enough". It's like saying that if I spell your name wrong, then there's someone in China with a "similar" name to the misspelled one, and therefore you're an agent of China.

---

That's just not how any of this works, and I find it baffling that you could be taken in by any of that.

EDIT: another bit I picked up is section 16.



But this isn't what auto-discovery is. Auto-discovery is a LAN thing, and that's clear because of the wording "new in-network devices automatically connect to the system." "In network" means "on the LAN".

If you didn't have auto-discovery set up, there would be something very, very wrong, because that's how local machines work out their own address relative to the LAN. Every corporate LAN in the world probably has that enabled. Basically any company where you have user accounts and a company email address would need auto-discovery turned on.

(https://support.oneidentity.com/tpam/kb/103710/setting-up-auto-discovery-for-active-directory)

And i can say for a fact that auto-discovery does not allow programmers to access "any system" if it's connected to the internet. That's not how anything that's called auto-discovery works.

Briareos H on 11/1/2021 at 14:12

---

Others have gone through it but here are my thoughts on the document.


* Points 1 to 5: Introduction.
BH: Irrelevant.
* Point 6: The analysis is based on common tools for scanning a company public network.
BH: The scan results contain no evidence that actual voting systems are reachable on the networks that were scanned, and the document provides no overall description of the "Dominion" and "Edison Research" systems architecture and no reference to such information. All findings in the document are about the companies themselves being possibly compromised rather than voting data.
* Point 7: "A public network scan of Dominionvoting.com on 2020-11-08 revealed the following interrelationships [...]"
BH: The global network topology diagram is unreadable and provides no information.
* Point 7: "[The scan] revealed 13 unencrypted passwords for dominion employees and 75 hashed passwords available in TOR nodes"
BH: This is worded strangely, and seems to be written to confuse and cause FUD. What they mean is that they found passwords for "employees" (evidence not provided) that are part of existing data breaches.
* Points 8 and 9: Shows that Dominion has machines and employees in Belgrade.
BH: Irrelevant.
* Point 10: "Inputting the Iranian IP into Robtex confirms the direct connection into the “edisonresearch” host from the perspective of the Iranian domain also. This means that it is not possible that the connection was a unidirectional reference."
BH: This section supposedly shows that Edison Research has a machine in Iran, but I'm not seeing it. There is no description of the nature of the link in point 10, and the sentence quoted above makes no sense, all the screenshot shows is that the Iranian machine has "edisonresearch" as hostname, which is not indicating of anything besides a possible attempt at phishing (not indicative of actual breach).
* Point 10: Shows that Share of Ear (part of Edison Research) and BMA Capital share hosting.
BH: A VPS by defintion hosts several websites on the same machine. Despite linking "vps2.edisonresearch.com" with "bmacapital.com", it is likely to be the result of a reverse DNS lookup on the VPS, and this does not indicate any formal link between the companies.
* Point 10: Shows that in 2011, "dominionvotingsystems.com" redirected to "dominionvoting.com". Shows that "dominionvotingsystems.com" was registered from China according to the registrar (GoDaddy).
BH: He fails to mention that the domain was last registered in China on 2020-05-26, 9 years after the redirect was shown to be in place. Anything could have happened with the domain ownership in the meantime and DNS history is not provided. Any serious analyst would not omit DNS history information. The sentence "The records of China accessing the server are reliable." is meaningless.
* Point 11: Discusses BMA Capital without having reasonably shown that it is linked to Edison Research besides web hosting on the same machine.
BH: Irrelevant.
* Point 12: Remarks that a subdomain "scorecard" exists at "indivisible.org" and ties it to Obama.
BH: No link between indivisible and Edison Research or Dominion is provided. Irrelevant.
* Point 13: States that Edison Research is an "affiliate" for Dominion with regards to result tabulation.
BH: No source provided. I see no problematic statement or claim.
* Point 14: Points to credible evidence for a foreign honeypot targeting the "dvscorp.com" domain and website owned by Dominion.
BH: Not surprising, and irrelevant unless proof is provided that employees were caught in the honeypot.
* Point 15: "The auto discovery feature allows programmers to access any system while it is connected to the internet once it's a part of the constellation of devices (see original Spiderfoot graph)."
BH: No technical details are given on the auto discovery feature. The sentence quoted above does not provide any useful exploitable information (but contributes to FUD).
* Point 16: "Dominion Voting Systems Corporation in 2019 sold a number of their patents to China "
BH: The attached records only show a patent security assignment with HSBC Canada as a collateral. I fail to see any evidence that the patent was sold to "China". Even if it is the case, that could very well be irrelevant.
* Points 17 and 18: Introduces the github repo of a tool supposed to be used for "electoral seat allocation".
BH: I see no problematic statement or claim.
* Point 19: Remarks that "Center for Tech and Civic Life", a workgroup for improving electronic voting processes in the USA is partially funded by Mark Zuckerberg and has a github repo that is worked on by a federal employee.
BH: Irrelevant.
* Point 20: States that Iranian agents have scanned for vulnerabilities in election company websites and obtained voter registration data.
BH: I see no problematic statement or claim, this is well known.
* Point 21: "In my professional opinion, this affidavit presents unambiguous evidence that Dominion Voter Systems and Edison Research have been accessible and were certainly compromised by rogue actors, such as Iran and China."
BH: It is not possible to make this claim based on the previous statements.

Conclusion: The only evidence provided in the document is that foreign actors have tried to compromise the networks of companies involved in election systems, and may (no proof) have obtained some level of access through credentials from existing data breaches. In short, nothing unexpected. I just don't see any explicit ties between those companies and foreign agents in these findings.
That being said, it shows that lack of transparency on network and software architectures in electronic voting (and in auditing results) can lead to suspicion and interpretation.

catbarf on 11/1/2021 at 17:37

---

You're not fooling anyone. Fuck off already.

Starker on 11/1/2021 at 18:38

---

Well, what do you know, QAnon was right about there being mass arrests after all:



NYT also has a highlight reel of some of the more clownish/notable people:
(https://www.nytimes.com/2021/01/10/us/politics/capitol-arrests.html)