(TheLibertyRevolution.com)- CyFIR, the computer forensics company inspecting Antrim County, Michigan’s election management system has found that Microsoft SQL authentication present on the machines was set to authenticate Windows User Mode which is a security failure.
In a sworn affidavit filed in the Circuit Court of Antrim County, Ben Cotton, founder of CyFIR, explained that with the set-up of Microsoft SQL authentication, if an unauthorized user should gain access to the system, this user would have complete access to the Microsoft SQL server. This would happen easily since administrative accounts for the Antrim County election management systems either used a shared password or did not require a password at all.
With the Microsoft SQL authentication set to Windows User Mode, it would expose the contents of the database and the election results to manipulation by an unauthorized user.
In his affidavit, Cotton also stated that each of the ESS DS400 devices had a Verizon wireless communications card installed and the card was in “power-up” mode – meaning that each device had the ability to connect to the public internet.
Additionally, contrary to published guidelines, the hard disks on Antrim’s EMS system were not encrypted, leaving them vulnerable to access by unauthorized users.
Cotton’s inspection of the servers and computers revealed that security updates and antivirus settings were out of date. In fact, the Windows Defender antivirus software files were far older than the operating system installation. Cotton found that Windows Defender was last updated in July 2016.
According to Cotton, this lack of security updating and cybersecurity patches left the system “in an extremely vulnerable state to remote manipulation and hacking.”
Finally, Cotton’s affidavit reveals that the Antrim EMS server was, in fact, accessed remotely by an anonymous user. The first log-on occurred on November 5, 2020. The second occurred on November 17, 2020. According to Cotton, both log-ons appeared to have “escalated privileges” at the time of the intrusions.
Since the server was supposed to be connected to a private network, these anonymous log-ons are, according to Cotton, “very alarming.”