Maricopa County Officials Refusing to Turn Over Routers to Auditors

[Concart]

When accused of a crime, innocent people do not block the evidence of their innocence from coming forward.

Like Derek Chauvin?

Ooops.

 

[Concart]

Talk about much ado about nothing. Seriously. When a request is made of a government entity, lawyers will review the request and respond. In this case, they responded by saying the request was overly broad. IT HAPPENS EVERY FUCKING DAY. This is what we have courts for. They will hear the arguments and make a decision.

Why is Trump so desperately trying to hide his tax returns?

Oops.

 

[blackascoal]

Unless the dims are running the election

THEY ARE NOT AUDITORS AND THEY ARE DEMANDING PASSWORDS THAT WILL PUT THE ENTIRE STATE IN JEOPARDY.

 

[evince]

How many times does a state get to certify the vote?


The votes have been verified and counted and certified



Why did the republicans wait so long to PRETEND there was fraud?

 

[evince]

Let’s remember how many times republicans have turned voter information over to the Russians


Republicans can’t be trusted with this information

 

[Poor Richard Saunders]

Yeah, that is unlikely, nor is it likely the folks doing the audit would reveal or use that personally identifying information for any nefarious purpose. They clearly do not want any inspection of the routers, this is usually because they know there is some "there there"... likely somebody left open the internet connection during voting which is a violation of the law and leaves the election open for election fraud (not voter fraud, Jarod, this is a different animal).

What a crock from you guys as you pretend to understand computer security.

When it comes to computer security of any kind the first rule is you don't give out your passwords. Period. End of Security lesson.



First rule of a router is you change the default password so others can't access your router. If someone is managing all the routers they may have given every router an unique password but that is unlikely. That means someone likely reused a password. Now you are saying they should give that password to a company that while it may be well intentioned you have no idea as to what computer security they have in place. This isn't just about Cyber Ninjas being bad actors, it is a question of how competent they are when it comes to securing their own equipment. We already have reports of laptops being left out in the open during this recount. We have no clue as to whether they even test their equipment for intrusions or if they are compromised in any way by failing to update as new avenues for attack are revealed. Bad actors could be in Cyber Ninjas computers already without them knowing it.

The logs for a router aren't going to reveal someone's SS number but they do contain lots of information that will make it easier to try to get that information from the computers behind the router. Have you ever actually looked at router logs?

By turning over the routers if the information is compromised in some way it does the following:
It reveals the router user/password which can then be used to attack all other county routers in case it was reused.
It reveals the type/brand of router so bad actors can direct known attacks against any security holes known to exist for that type of router.
It would likely reveal the email address of the router administrator since advanced routers routinely send reports by email.
It reveals the router's IP address meaning that any bad actor knows the IP of the router so can concentrate attacks knowing who their target is.
It reveals the open ports so any bad actor can concentrate attacks on those ports.
It reveals web locations that are routinely visited making it easier to do phishing since a bad actor can spoof the website or direct emails based on companies they know people use routinely.
It would reveal the IP address of any administrator that logs into the router which would then reveal any activity by that administrator that passes through the router.
It allows a deep dive into the data to compare to other data that has been stolen to find possible security holes. A county officer who's personal email has been hacked or someone who has reused passwords making it easier to attack their accounts.

Turning over a router and/or the logs would clearly create security issues. It might not result in a successful attack but it makes it more likely.

 

[Damocles]

What a crock from you guys as you pretend to understand computer security.

When it comes to computer security of any kind the first rule is you don't give out your passwords. Period. End of Security lesson.



First rule of a router is you change the default password so others can't access your router. If someone is managing all the routers they may have given every router an unique password but that is unlikely. That means someone likely reused a password. Now you are saying they should give that password to a company that while it may be well intentioned you have no idea as to what computer security they have in place. This isn't just about Cyber Ninjas being bad actors, it is a question of how competent they are when it comes to securing their own equipment. We already have reports of laptops being left out in the open during this recount. We have no clue as to whether they even test their equipment for intrusions or if they are compromised in any way by failing to update as new avenues for attack are revealed. Bad actors could be in Cyber Ninjas computers already without them knowing it.

The logs for a router aren't going to reveal someone's SS number but they do contain lots of information that will make it easier to try to get that information from the computers behind the router. Have you ever actually looked at router logs?

By turning over the routers if the information is compromised in some way it does the following:
It reveals the router user/password which can then be used to attack all other county routers in case it was reused.
It reveals the type/brand of router so bad actors can direct known attacks against any security holes known to exist for that type of router.
It would likely reveal the email address of the router administrator since advanced routers routinely send reports by email.
It reveals the router's IP address meaning that any bad actor knows the IP of the router so can concentrate attacks knowing who their target is.
It reveals the open ports so any bad actor can concentrate attacks on those ports.
It reveals web locations that are routinely visited making it easier to do phishing since a bad actor can spoof the website or direct emails based on companies they know people use routinely.
It would reveal the IP address of any administrator that logs into the router which would then reveal any activity by that administrator that passes through the router.
It allows a deep dive into the data to compare to other data that has been stolen to find possible security holes. A county officer who's personal email has been hacked or someone who has reused passwords making it easier to attack their accounts.

Turning over a router and/or the logs would clearly create security issues. It might not result in a successful attack but it makes it more likely.

Did you see this guy pretend he knows more about it than the guy who wrote the dissertation for his degree? LOL.

Man, you are a HOOT!

 

[LV426]

Did you see this guy pretend he knows more about it than the guy who wrote the dissertation for his degree? LOL.

Man, you are a HOOT!

He doesn't wing it and make shit up like you do, so you should probably listen to what he has to say.

 

[Poor Richard Saunders]

I forgot to include the easiest way to compromise information once you have access to a WIFI router and it's settings.


Once you have access to the information from a WIFI router, you know the SSID, the MAC address and the password. This is what is used by everyone that connects using WIFI. Most people set up their devices to automatically connect when they are in range of the router.

By simply knowing the SSID and password used, you can run a man in the middle attack. Go to the coffee shop a block away and spoof the WIFI SSID/password. Everyone that comes into the coffee shop whose device is set to automatically connect will connect to you and you can record everything they send and receive. It's a simple thing to turn off the HTTPS on a router forcing all the information to be not encrypted. Who ever checks to see which network they are connected to when they are automatically connecting or checks to see if they are really using a secure connection?

 

[Damocles]

He doesn't wing it and make shit up like you do, so you should probably listen to what he has to say.

I will not engage in any conversation with you because I believe you are disingenuous and incapable of a conversation based on information when such is introduced to you. If I see you act differently in the future I may begin to engage with you again (this post doesn't bode well for that though). But until then, this will be my only response to you.

 

[blackascoal]

. How do you know they won’t use it for nefarious purposes? The whole recount sounds hinky. QAnon guys business conducting audit, bamboo fiber theory by another QAnut. It’s a joke and some AZ Senators are starting to regret their vote to audit.

The demand is to make the state turn over PASSWORDS AND ROUTERS .. which gives them access to SOCIAL SECURITY NUMBERS. Knowing this is legally impossible, it gives them a feeble and frail excuse for them not being able to prove fraud.

SHERIFF GOES BALLISTIC AFTER ARIZONA RECOUNTERS DEMAND ACCESS TO COUNTY PASSWORDS
Giving computer network router and password information to a firm run by a conspiracy theorist is mind-numbingly reckless, the Maricopa sheriff said.
HuffPost.com

 

[LV426]

I will not engage in any conversation with you because I believe you are disingenuous and incapable of a conversation based on information when such is introduced to you. If I see you act differently in the future I may begin to engage with you again (this post doesn't bode well for that though). But until then, this will be my only response to you.

Cool. I'll respond to your posts, though, so you won't be defending yourself. I'm OK with that because you don't really do that good a job of defending yourself already.

 

[blackascoal]

What a crock from you guys as you pretend to understand computer security.

When it comes to computer security of any kind the first rule is you don't give out your passwords. Period. End of Security lesson.



First rule of a router is you change the default password so others can't access your router. If someone is managing all the routers they may have given every router an unique password but that is unlikely. That means someone likely reused a password. Now you are saying they should give that password to a company that while it may be well intentioned you have no idea as to what computer security they have in place. This isn't just about Cyber Ninjas being bad actors, it is a question of how competent they are when ijt comes to securing their own equipment. We already have reports of laptops being left out in the open during this recount. We have no clue as to whether they even test their equipment for intrusions or if they are

compromised in any way by failing to update as new avenues for attack are revealed. Bad actors could be in Cyber Ninjas computers already without them knowing it.

The logs for a router aren't going to reveal someone's SS number but they do contain lots of information that will make it easier to try to get that information from the computers behind the router. Have you ever actually looked at router logs?

By turning over the routers if the information is compromised in some way it does the following:
It reveals the router user/password which can then be used to attack all other county routers in case it was reused.
It reveals the type/brand of router so bad actors can direct known attacks against any security holes known to exist for that type of router.
It would likely reveal the email address of the router administrator since advanced routers routinely send reports by email.
It reveals the router's IP address meaning that any bad actor knows the IP of the router so can concentrate attacks knowing who their target is.
It reveals the open ports so any bad actor can concentrate attacks on those ports.
It reveals web locations that are routinely visited making it easier to do phishing since a bad actor can spoof the website or direct emails based on companies they know people use routinely.
It would reveal the IP address of any administrator that logs into the router which would then reveal any activity by that administrator that passes through the router.
It allows a deep dive into the data to compare to other data that has been stolen to find possible security holes. A county officer who's personal email has been hacked or someone who has reused passwords making it easier to attack their accounts.

Turning over a router and/or the logs would clearly create security issues. It might not result in a successful attack but it makes it more likely.

I AGREE WITH EVERY WORD YOU’VE SAID HERE.

 

[Poor Richard Saunders]

Did you see this guy pretend he knows more about it than the guy who wrote the dissertation for his degree? LOL.

Man, you are a HOOT!

Finding an intrusion in the logs is different from using the logs to find out information about the regular users. You have to dig through all the regular user info to try to find the attack in one case. In the other case you are simply using the data the same way Google and Facebook use it to find patterns about what the users do.

When doing a forensic analysis of an attack. You don't have to worry about who can see the password for the router because you are the one protecting the system.

 

[blackascoal]

Providing router information to a shadowy private company led by a conspiracy embracing CEO would compromise sensitive and highly classified law enforcement data and equipment. In addition, citizens’ private information, including voting history, addresses, phone numbers, and SOCIAL SECURITY NUMBERS could fall into the hands of Cyber Ninjas, a company run by a conspiracy theorist - Maricopa County sheriff[/b]

 

[Poor Richard Saunders]

Did you see this guy pretend he knows more about it than the guy who wrote the dissertation for his degree? LOL.

Man, you are a HOOT!

The dissertation only confirms my concerns since the author points out that one of the best ways to not alter the router is to download the logs so they can be searched. Once the logs are downloaded onto a computer they are like any other file that could be accessed by a bad actor and stolen by someone SSHing into the system or by someone with physical access if the information is not properly secured.

It seems you didn't bother to actually read the dissertation, did you? Either that or you didn't understand it. The dissertation details how one would try to find out information in the logs but it has nothing to do with how one would go about protecting all that information since it deals only with the forensic side of trying to find an intrusion. Someone conducting a forensic audit would need to have access to all the information I pointed out could be used by a bad actor to try to compromise the system in the future. (The dissertation further goes on to discuss how to find out if a router has been compromised with a rootkit but that is not the concern with the routers in Maricopa county since the issue is whether the election system was connected to the internet or not.)

 

[Damocles]

The dissertation only confirms my concerns since the author points out that one of the best ways to not alter the router is to download the logs so they can be searched. Once the logs are downloaded onto a computer they are like any other file that could be accessed by a bad actor and stolen by someone SSHing into the system or by someone with physical access if the information is not properly secured.

It seems you didn't bother to actually read the dissertation, did you? Either that or you didn't understand it. The dissertation details how one would try to find out information in the logs but it has nothing to do with how one would go about protecting all that information since it deals only with the forensic side of trying to find an intrusion. Someone conducting a forensic audit would need to have access to all the information I pointed out could be used by a bad actor to try to compromise the system in the future. (The dissertation further goes on to discuss how to find out if a router has been compromised with a rootkit but that is not the concern with the routers in Maricopa county since the issue is whether the election system was connected to the internet or not.)

The dissertation is about the forensic information one can gain from a router, as I was answering the question as to what information could be gathered from a router that could possibly be relevant to an election audit.

Basically, what you say the dissertation is not about would be because the dissertation is about something entirely different than what you are saying about how to secure a router. You ignore the question, pretend to answer something that nobody asked about, then try to spike the football and do an end zone dance you didn't earn.

Your supposed information here was nonsense in answer to the question the gentleman had asked.

 

[Poor Richard Saunders]

The dissertation is about the forensic information one can gain from a router, as I was answering the question as to what information could be gathered from a router that could possibly be relevant to an election audit.

Basically, what you say the dissertation is not about would be because the dissertation is about something entirely different than what you are saying about how to secure a router. You ignore the question, pretend to answer something that nobody asked about, then try to spike the football and do an end zone dance you didn't earn.

Your supposed information here was nonsense in answer to the question the gentleman had asked.

Of course it is possible to gain forensic information from the router. That doesn't mean that turning over the router doesn't present some real security concerns which is why the routers were not turned over. The title of the thread is Maricopa County Officials Refusing to Turn Over Routers to Auditors which is what I was responding to.

The original question was to SS numbers being on a router. I think we can both agree that they are not but by giving access to the routers SS numbers could be accessed if the wrong party uses information gleaned from the router. My response was to your claim that there was no threat in turning over the routers.

 

[ExpressLane]

The so-called auditors are in violation of U.S. Constitutional law at waging war against the 2020 and certified electoral process. They all should be arrested for engaging in something that should put them in prison instead of attempting to conspire against a fair, lawful and certified 2020 election. It would be great if the feds were to go down there and break the racket up!

The U.S. Constitution gives complete control over elections to the state legislature. The state legislature ordered this forensic audit you idiot.

 

[LV426]

The U.S. Constitution gives complete control over elections to the state legislature. The state legislature ordered this forensic audit

They already audited Maricopa last year after the election, TWICE, so what is the point of this?