Let me tell you about a server an election server.

It is running windows XP unpatched. It is connected to a cable modem and is used to recieve email using outlook express...also unpatched. The election administrator has very little computer knowledge and told me...when I asked if his computer was networked...said no. Now who do you think the manufacturer of this fine system is?

The answer may suprise you. Well not really. Oh by the way, the system is using MS Acess to tabulate vote totals. Please feel free to guess.

I just do not believe it.

:grr:

Oh and BTW again...the vote totals are simple ASCII text. Does this system sound familiar?

I'm good if I can get mine to boot up and let me play on it for awhile. And I followed this, wow!

Audit Log, Windows Event Logs and several other reports from this machine. Tonights reading should be interesting.

waiting for more info, this sounds Big with a capital B.



www.cafepress.com/showtheworld

I'm in the computer field and am a fan of Linux because it isn't Microsoft and the latter needs monthly vain attempts to try to plug some of the security holes. They didn't even try, with the "election server" you mention. Where and how and when was this server used? It should not even be physically connected to a cable modem, I would add. Even if the Ethernet card is disabled at present or during elections (unlikely), we were told in other posts regarding Ohio that the precincts, while they are on an Ethernet, do not allow their election computers to be connected to it.

election night and in fact the log shows outlook being opened.

Oh the Election...Nov 2, 2004

Oy vay for their side, if there is any justice and indeed this computer was used in the election process. First assumption kind of nebulous though (that there is any justice). By the way, do you want me to look up all known security holes in unpatched XP and Outlook yet? The list would indeed be long but is easy to find.

It might prove useful...I am also interested in some of the error codes on the Windows event log.

I've got paid work to do for a few hours, but I'd start (and will start eventually) with www.cert.org and www.securityfocus.com, for "vulnerabilities" admitted by Microsoft and fixed by patches. Most of these allow remote user to become Administrator (fully privileged) on the machine. To look for known viruses and worms that have been released en masse to exploit the respective security holes (and thus prove that the exploit is "in production" already) there's www.symantec.com and the other web sites of anti-virus companies. What version of Outlook was running? (I don't know of a secure one yet though). And Outlook is just one way they could get in.

guess again.

millions of the dollars for crap software that's written in programs that come on every PC.

just to set up the election.

From what I've seen of these systems from bits of code, etc. floating around the net the American taxpayer has been ripped off, paying big bucks for shoddy products. Of course we'ver never seen that before anywhere have we?

that have plagued these unstable and unreliable.

Heck, I could buy an off the shelf E-Machine and a cheap bottom of the line HP Printer and I could run a better election.

I guess...Diebold!

Are you saying they put cable in every BOE office? That's not very likely.

I believe the MS Access part but all the rest of it bears further investigation. Never trust end users talking about systems they don't understand. The reality could be quite different.

and he had outlook and MS Messenger open chatting when I arrived.

ES&S? what else is left :shrug:

So yes ES&S ERP 1.6 is a windows based Access driven database.

I had fun driving the car this afternoon.

You learn so much in the drivers seat.

dominionists.....

Good to know Diebold and Sequoia have some competition.

Peace.

"Its About Bush!"

Cause I would like to tell you about the computer set up I saw there

A ROUTER on the tabulation computer

A modem on that computer (external)

Yes, hooked up to their internal LAN

no one wanted to talk about how their LAN connects to the internet.

at the least.

computer in Fairfield County...none...none

the explanation I got was "we have it on our internal lan so that everyone can access the database and get their jobs done"

I asked what OS, Email, connection, server edition they had...they all stared at me blankly. I did see a Novel startup screen at one point.

On edit - they are and ES&S county

the server is Windows based.

...children away from guns and our elections away from electronic devices.

I'd venture a guess that close to zero of all the individuals in all the counties in all the states using any form of digital balloting device, optical scanner, central tabulating computer, .... whatever, have ANY CLUE what they are using.

The folk who make the devices and their political friends are the only ones who need to have a clue; and evidently they do.

Instead of 17000 lawyers, what Senator Kerry and the DNC should have had was one experienced hacker providing them with a bit of an education.

Peace.

"Its About America!"

"Type Code 2: 2 - A discrepancy was found between totals loaded and total number of registered voters for precinct code/s 38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,,76,77,78,79,80,81,82"

entry is dated 11/03/04 8:47:40 AM

Followed by:

"User ignored loaded totals error"

11/03/04 8:47:41 AM

that is what they are.

if the totals got misplaced by one position, it would displace all subsequent sequences and you would get a similar message. May be nothing. Could be something! How did it get misplaced in the first place?

...were trying to force a nation-wide subpoena, in the week after the election, of all internal logs in every vote tabulating computer in the country as well as the telecom logs for every location hosting a central tabulating computer -- for starters.

Thank you, once again Andy, for all you have done and continue doing.

Please visit the following site and post there as it will receive very wide readership:

http://www.velvetrevolution.us/index.php?Main=ELECTION2004

Peace.

"Prove My Vote Counts, Now"

they are calling for a "Voter-verified, auditable paper trails must be mandatory in every polling place in America"

When what we should all be demanding is a Voter Verified paper Ballot.

Please if you know the owners tell them to please change that. In the law words have an exact meaning. A paper trail is NOT a ballot, and has no legal standing.

...you to become a member and post there. They will listen. Just look at who their co-sponsors already are.

Peace.

"When Did Bush Know?"

I'm not even sure voter verified paper ballots are the ultimate solution to election fraud, but it would certainly be a big step.

This thread is fascinating reading, can't wait to see how it all turns out :)

"thanks, we will change the language to satisfy his ideas, this is a people's movement and we want the best ideas, we tried to put together a good framework and now let's build it together. vr"

these friggin machines?

* System log
* Application log
* Security log (only if auditing enabled)

If you still have access to the machine do it NOW before somebody erases these logs. Click Start>>Run. Type eventvwr and click OK. In Event Viewer select the log and click on Action>>Save As. Do it for each of the logs.

MS Access has no logging capability. But do look to see if a DSN (data source name) has been set up. Click Start >> Run. Type odbcad32. Click on System DSN and jot down all the names and drivers listed. Do the same for User DSN.

The router probably has a built-in firewall set up to segment the tabulator, local area network, and the internet. Its probably supposed to keep LAN computers away from tabulator but sounds like its not set up right...Open IE and type the following in the address line: "192.168.0.1". This may take you to the default web-based GUI for the firewall configuration. Try using a blank password and see if you can get in.

Are you sure there's a modem? Is it between the computer and the wall jack? Is the wire coaxial cable (like your cable at home)? Or is like a telephone jack, just a little bigger?

Sounds like evidence to me.

...would be to ask the company that made the machine/software.

...would be to ask the company that made the machine/software.

and software has said it's code is secret. All we can try to do is find out what the code does when it does what it's supposed to do.

What it sounds like to me is this:

Every precinct from 38 to 82 had fudged numbers.

I may be jumping to conclusions, but that is the first thing that came to mind. Of course the user ignored the error message, because they expected, they PLANNED, and they CREATED the discrepancies on PURPOSE. That's what happens when you rig an election and juggle numbers.

BRAVO ANDY!!!

I told Cam Kerry (Senator's bro) TO HIS FACE exactly that in September. He was telling a roomful of Dem lawyers about all the lawyers that were going to be ready to make sure there was no repeat of Florida 2000. I told him TWICE that he needed to enlist the help of tech experts. I handed him Ronnie Dugger's cover story in The Nation. "How They Could Steal the Election This Time," by RONNIE DUGGER, The Nation, Cover Story -- August 16, 2004 issue
http://www.thenation.com/doc.mhtml?i=20040816&s=dugger

Gave him my email and phone. He was polite but clearly not interested.

I happen to know of a well-known election tech expert who had offered his services -- HE was never called either.

....Senator Kerry and his brother, directly, we could arrange for a group of experts to sit with them and explain exactly why they should engage the enemy of our American franchise of democracy, Now.

They'd only need one good lawyer then.

Maybe you could get them to read:

http://www.velvetrevolution.us/phpBB2/viewtopic.php?t=6&sid=50f018d439243553fd02fbd1628f5375

And,

http://www.velvetrevolution.us/phpBB2/viewtopic.php?t=3

Thank you.

"Prove My Vote Counts, Now"

I live in OR and we have mostly clean elections because we have a great SOS but I was doing all I could to get the word out about the Holt and Graham-Clinton bills and trying to get people to bug their congress people about it, and educate people as well as I could. Hard to know what to do living in a state without E-voting, other than bug our congress people to support those bills and try to educate them, and educate others.

Worked my butt off for Kerry, all the while wondering if we had a chance, and wondering if he knew. Wrote ACT, MoveOn, the DNC, over and over. Finally MoveOn came out with that petition to require paper trails and I wrote back a bunch more times and screamed at them some more about
IT'S THE TABULATORS, STUPID! You guys are supposed to be so technologically savvy...READ THIS STUFF and I sent links...but they remained silent. I still don't think they get it.

Went to hear the vice pres debate at a meeting place becasue Andre Heinz was going to be there and I wanted to ask him what he knew about machines and if they were prepared. He was mobbed by people wanting his autograph and to get their pix taken and I am standing there saying WHAT ABOUT THE VOTING MACHINES? Do you know about the machines? What are you doing? And he said "there's exit polls." And I thought OMG I sure hope Kerry has more of a clue than he does.

Then election night I was sitting there watching things shift and saying "They did it again, it's the machines, I knew they were going to do it. " And my friends mostly were looking at me kinda weird. Not any more, though. Now they believe it.

It's VERY important.

has control over them.

From Blackwells accomplishments bragging on the State SOS website: http://www.sos.state.oh.us/sos/blackwell/index.html

"In his “Agenda for Renewal,” Secretary Blackwell laid out his plan for a statewide electronic information system that integrates the secretary of state operations with those of Ohio’s 88 county boards of elections.

The system, now in place, brings technologically advanced computers with Internet access to each board of elections through installation of a PC and a printer in every county board of elections office. Board employees can now utilize email capabilities for communication with each other and with the secretary of state. An Intranet will also be created on which county employees can access a variety of information related to elections and where they can share, for example, trouble shooting information or common concerns.

This network has improved operational efficiency and communications within the elections system and will allow for prompt posting of important elections information including: voter registration changes, master voter registration lists with history, precinct lists and election statistics, campaign finance filings, polling place information, and election results."

What a great central control system for tabulators everywhere!

Warren? Greene? I'm so confused.

It was one that said they needed to service the computer because it was so old, and the battery died.

Now, I'm no expert, but that seems like evidence contrary to what you posted. Are they swapping out computers?

They claim to have put at least one PC and printer in every office, but these may or may not be tied into the local offices network, or the local offices tabulator computer.

Here is Hocking county, the tabulator computer is ancient, and is the one which supposedly had the battery problem. The tabulator PC seems to be a stand alone system here. In the same office, they do have a network of more modern PC's they do the Voter Registration record keeping on. Do not know if they have this entire network tied into the Blackwell wonder PC & comm lines though, but would be easy to do.

In counties with a more modern tabulator PC it could be tied into the network or the Blackwell communication PC and high speed lines.

With 88 counties, there may well be 88 different situations. We have counties with only 10 thousand voters, and other counties with over a half million voters so you could see anything.

ran on a Dell 386.

The tech supposedly only replaced the CMOS battery.

Windows based system.

Keep in mind the copy that was leaked last year down in Riverside.

Jim March can tell you what database it is, but much more robust than Access.

it is SQL.

Is it on the XP box or on the server? Can you still get access to the workstation?

is a MS SQL server

I'd check with March - I think it may actually be something else.

Jeremiah Akin was the original person that found the software. I have seen it with my own eyes.

No doubt about it here.

observant.Do you think this is good for our cause?

Yes!

:shrug:

that was how I found your posts???

Oh and quit showing off.

:loveya:

I can't believe you posted? Holy Mackerel.

:loveya:

does not mean I don't keep my eye peeled on what your up to.

:scared:

:hi: :loveya:

I hear great things about the house....you have been one busy termite.

retired like they do w/outstanding sports player's numbers/uniforms (Andy IS an outstanding DUer).

Nice to finally meet you, termite!


Andy's still on the case!

moved on to another?

high in the middle

OhiO

:hi:

didn't know if you wanted to say so or not....

I have many years experience developing and programming MS-Access databases as well as with WinXP and Win2000 Server. If there is anything I can do to help analyze these logs, .mdb files or whatever please let me know.

This is my first post after weeks of lurking so forgive me if I transgress protocol.

and what the numbers mean? for instance what does this event log entry mean?

here is the exact lines

information 11/2/2004 5:40:10 AM Tcpip none 4201 n/a BOE
information 11/2/2004 5:40:17 AM Servce control Manager none 7036

all the info you have on here? Maybe with the computer geeks looking at it, they will see things you don't.

and there is 298 pages of stuff just from the audit and event logs alone.

It can work as good as a scanner. Photograph all the pages and you can put the photos online full size.

unfortunately

not sure if you know this but you can right click the whole event log and save as *.evt. It might be rather large but zip's to a very small size as it is all text.

The first line probalby indicates an error trying to connect to a network at startup.

"TCIP" is the source of the event, "none" is the category, 4201 the event number, "n/a" is the user (so n/a may means the event occurred during start-up, before a user logged in), "BOE" should be the name of the computer.

From microsoft:
"A single TCPIP 4201 event is typical after you restart the computer or after you disable or enable the network adapter."

More info at http://support.microsoft.com/default.aspx?scid=kb;en-us;325487

More info on the second line in awhile

anyones initials. Just my thoughts.

name of the computer the event log was generated on. If it is the only Board of Elections computer on the County network BOE would a logical choice. If it was setup as a stand-alone computer and not specifically renamed it would have a name like HQX98949, a computer generated name. USUALLY computers are given user friendly names to help identify them on a network but anybody with admin privileges can name any computer anything they want. If it was named to identify it to a wider audience, say hackers in Moscow, it should have a longer, more unique name as there could be many BOE computers in Ohio.

This error is related to printing. From the microsft kb we read:

"The Print Spooler service unexpectedly stops on a Microsoft Windows Server 2003-based or a Microsoft Windows 2000 Server-based computer that is also running Citrix MetaFrame XP 1.0"

What is of interest here, if in fact this is the cause of the error, is that Citrix software is designed for remote access and administration of client computers on networks. So if I was in front of the computer I would look for Cirix related files or products installed on it. Then I would ask why they were there.

Citrix makes software that allows remote network administrators to run programs on the client computer, view its screen output, make any changes or install or delete data adn/or software.

It may be legitimately present if this computer is part of the BOE's network and is managed remotely. It would most certaily be password secured.

The ms kb article http://support.microsoft.com/default.aspx?scid=kb;en-us;888191 describes more error events that would go along with this event, eventIds 7031 and 54, check the log.

A word of warning: Event IDs and error number sometimes are actually related towhat caused them. The is no error message code that comes up "Ya got me! haven't got a clue" but in fact this sometimes the case. The OS will go thru the possible error messages andi fit can't find the right one it will throw up the last one on the list even if it has NOTHING to do with the condition that caused the error to occur.

Computing is so much fun.

"are NOT actually related to what caused them." But both statements are still true.

This looks like start up information. The first event is most likely saying that the TCP/IP connection started and the second is that the service manager started. BOE is the name of the machine

Andy there should be a description to go with those log entries. It would give a little more information

monitors and controls the starting and stopping of services like the Print Spooler. I agree it is a startup event and in and of itself no big deal. If it was triggered as described in the ms kb article 888191 then the presence of Citrix software would be the trail to follow.

how can two people with the same 'knowledge' look at something like this and draw different conclusions?

:shrug:

different conclusions. To me it look like we're saying pretty much the same thing only slightly differently.

We are trying to interpret information on a complex system with very little context and from a distance. I can't draw any conclusions from what little I've seen, just trying to contribute some clues for futher inquiry.

Andy says its XP. The MetaFrame spooler errors you found can only happen on a Citrix server, which only runs on Windows Server.

There are so many errors they've run out of numbers...

It doesn't necessarily mean it has to do with the print spooler. The description will say what other service it is related to. But in this case it is probably not important since it was an informational entry in the log and not an error.

Lets see some of the other entries.

would a local BOE be running Citrix?

Do you know what version - should be Pro, not Home I would think. Are sure the OS is Win XP? If it is a server it could/should be running Windows 2000 or 2003 Server.

We are pleased to have you join us. Hope your stay is stimulating and that you're with us for a long time.

Scary computer genius dude.

TCPIP 4201: Network card has come online
SCM 7036: A service has entered the running state

As another poster suggested, if you double-click on these log entries in the Event Viewer, the descriptions are there.

You could also right-click on System and "Save Log As" then one of us could examine the whole thing.

all the time when we used Newt. I sent it to a couple of the "old timers" to see if they can remember... I'll let you know tommorrow if they can remember...

I'm just making an educated guess here, it looks like the unit tried to make an outbound connection (I agree with the folks here who said check the scheduler), and it tried an IP connection first. With no IP connection, it would have immediately attempted dial back-up. Unfortunately, the Event Log only logs "errors", but it's safe to assume that since no dial-up error was listed that the dial-up connection was successful (!?).

The second error looks like once it was connected, it tried to activate a security feature, but that feature was not enabled.

Again, this is just an educated guess. I hope it helps.

Actually, I hope you already found the answer and this message is unnecessary!

:yourock:

What a great place for your first post!

:hi:

I'm a newbie too, so not too familiar with the post protocol. So I'll draw you all's attention to thread-within-a-thread about post 15. The thinking there is: I *hope* evidence of some "authorized" Rethug sympathizer logging in and altering things is to be found. Plan B, also strong, is more legalese: I think it can be easily proved that if this machine was running unpatched Windows XP and/or unpatched Outlook, along with Lawd knows what other unpatched software, and especially if it was reachable from the Internet or even a network wider than the immediate field of vision, it has *no security* and cannot be trusted to conduct any kind of business.

You are VERY Cryptic about what you have found, however, if this is
something which Arnebeck, et al. can put before the Judge, he can use this as evidence of tampering.
The Judge is ready to throw the case out of court (dismiss), unless Arnebeck et al. can come up with direct evidence of tampering.

If they can keep the case alive, than they can get discovery filed and get machines impounded for analysis and back trace the servers.
If you beleive that what you have found can hold up as quality evidence in court, it is IMPERATIVE that you contact Arnebeck IMMEDIATELY!!! If his suit is Dismissed, the whole fight is screwed.
As long as they can keep it alive, they have a chance of Discovery and impounding the Equipment. We all know that is where the evidence is.
The situation is WAY too Critical to not contribute to.
This is way beyond bragging rights
E-Mail Contacts:
Cliff Arnebeck- Arnebeck@aol.com
Ronnie Dugger-rduggar123@.aol.com
John Bonifaz-nvri@nvri.org
I do not have Susan Truitt's,
I have some other E-mail addresses of other lawyers involved in this, you can PM me for these

Sorry to get maybe too verbose, but this is how general lack of server security may fit in with legal case: If this was an exposed, unpatched Microsoft computer, the chances are extremely high it would be quickly compromised by *somebody*, especially if it were ever put on the Internet. Therefore zero trust in this server if all these conditions are met. All the votes going through a machine like that should be considered "spoiled" and there should be a recount or revote. Even if Antivirus scan were run on it now and it found something and neutralized it, seems hard for BOE to prove that on election day this machine was uncompromised and free of tampering of *any* kind (even the kind of roving bot on the Internet that hacks what it can every few minutes).

I've put machines on the net and had them being scanned for vulnerablities within 24 hours.

You can pick up the sassor worm in about 4 seconds if it happens to be in your "network neighborhood!"

Cliff sent me on the mission.

:)

I appreciate the work you have been doing and I am wondering if they can use this in court? What I am trying to say did you aquire it lawfully?

I always obtain stuff legally.

so we can use this against them.this is so great,you will be a hero Andy!good luck and be safe.:hi:

Sorry,
I don't know all the folks here yet
Call and we'll send Jack Bauer to Help you
Do not leave anything important out of your personnal
possession, do not leave anything in your car
I've been down this road and have seen it all
and you should travel with another person
This isn't a joke or paranoid ramblings
They do shit you can't believe

Keep hope alive!

So it will get to them I am sure.

susan_truitt@yahoo.com

awwww hi Susan :hi:

Ronnie Dugger rdugger123@aol.com

Send all new info to CONYERS! He wants it. He has staff. He has access to FBI and GAO and other investgative bodies. He IS STILL WORKING ON ALL STATES.

ALL INFO TO CONYERS.

:)

Nowadays, cable or DSL modems can also contain routers. The reason why they might is to have more than one computer (IP address) connected to the Internet, or to provide some needed security by blocking incoming connections (a router can be a very effective firewall). If you can find the IP address of the server in any of the logs, or any other IP addresses, it might provide a clue as to how the machine is networked, whether or not there is any external firewall, etc.

You can run unpatched Windows with a hardware firewall running on a router platform and still be relatively secure because the router/firewall can block all incoming connections. If we find that this is NOT the configuration, it will strengthen your case though! See if you can get the make/model of that cable modem too!

Very easy to open a port to a specific machine on a network. Also does the computer have a fixed IP address or one provided by DHCP?

x(

Andy, I think you've seen this, but for those who want to read a no-programming-needed piece on some of the remote vulnerabilities of election machinery already pinpointed, including Triad in Ohio, see

Even a Remote Chance?

http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=203x274729

Imagine sitting in your favorite easy chair with a remote control, and being able to just push EJECT and get George Bush out of office. Or, let's say you're on your laptop, and you can dial up a regime change.

"Hmm," you say, "I'm feeling like blue today. Blue is a nice color. I think I'd rather have Kerry for president." Let's say you're up late, it's November 2nd, you see that Kerry is losing in Ohio, and you say, "the HELL with that!" So, with your laptop, you dial into the tabulator for, let's just say, 41 of 88 counties in Ohio. And, you switch 14 votes per precinct from Bush to Kerry. Voila. Kerry wins.

more

might as well be Japanese. :crazy: thanks for thinking of us though lol

and type "ipconfig/all" and print the screen.

It's almost inconceivable to have an unpatched XP PC on the Net without a firewall, esp. if it's broadband. The sassor worm can cause it to reboot in the middle of the election, the tabulation, or whatever, and that's just one example of what can happen!

You should also get a copy of the Registry and any anti-virus reports, assuming they actually HAVE an anti-virus program running. The Registry can show evidence of infections or hidden apps that run when the machine starts up.

Also, look for a firewall on the PC such as Zone Alarm or McAfee.
Oh, and XP has a "firewall" feature of its own too, so see if it's enabled!

At the very least we could be talking gross negligence here.

and see if anything was scheduled to run on Nov. 2!

... if they were using the remote desktop connection, would this produce any kind of a log? I'm only vaguely familiar with remote desktop and I'm searching the Microsoft knowledge base files to find this out, but does anyone know if it automatically generates a log, and what kind of info would be in this log?

once they've run.

Windows XP only has a firewall feature if it has Service Pack 2 installed on it. If it is only Windows XP or Windows XP Service Pack 1, it will not have that firewall feature already on it. Obviously, it still could have a third party firewall like Zone Alarm as you mentioned.

The quick way you can check if Service Pack 2 is installed is by going to the desktop of the computer and right clicking on 'My Computer'. Choose properties. Under the General tab, it will list what OS and Service Pack is installed on there.

Start --> Run --> type "regedit" (without the quotes)--> Click OK. In the Registry Editor, click on "My Computer". Click Registry, then click "export Registry File..."

In the "Save In" window, browse to the location where you want the file saved. In the "file name" window, type a name for the file. Click "Save".

Please accept my apologies for posting what you probably already know.

there are people willing to help you! If you don't have expertise there, we have it or we know people who have it. I emailed your previous employer about this once and never got an answer. But this techie stuff is well understood by many people who might be willing to help you pro bono. So just tell us when, where and how!

willing to travel in the morning with me?

I will understand if you cannot

thanks for understanding

help. He is a programmer. Lives 3 hrs from Columbus

whoever you have meet up with you make sure it's someone you can trust, or at least someone that you know knows can trust....i'm sure you know there are plenty of people that would like to tell you disinformation about what you might have and lead you in the wrong direction.

I'm in another country and many miles away. Could you hire an IT consultant to review the basic software/hardware configuration of the computer in question? Here we have companies with names like Nerds-On-Site and Geeks-To-Go which specialize in providing quick on-site IT service at not too outrageous a price. Might be useful as a witness too. A complete forensic/security audit would be nice. Also expensive. Also hard to do during a casual drop-in visit to the local BOE.

could possibly get a copy of PCAnywhere, load it on the machine, have someone look at it remotely, and uninstall it when you're done, that might be helpful.

If you have access to the PC, and it's on the Internet, this shouldn't be too difficult, unless they actually do have some sort of working firewaall that you can't disable.

did go to court? (that we had someone who "got access" etc...)

Thanks for all you do !

I need to ask you something! Please get in touch with me...pretty please with sugar on top!? I pm'd you under G-B-C- Thanks!

gimme a call.

and another kick to the top for assistance...

I just wanted to make a suggestion to you Andy.
Please be carefully with the data and if possible
and plausible I'd think an imaged copy of the hard
drives would be beneficial. For the sake of preserving
log files, etc as they were when you found them.

Just as we know the information in these log files
can be modified and entries can be removed or added
so do the opposing lawyers know. It just seems like
something to conceder before you go looking around
the systems leaving your own footprints in the
logs.

Best of luck in your duties. Thanks for helping
and keep us updated if you can.

Someone up there recommended installing something, PC Anywhere? I think you should give extremely careful thought before installing anything new on that system or writing to that system-- I agree that any modification that *we*, the investigators do, could taint the evidence. This is evidence, just like OJ's glove. In a way, computer evidence is even more delicate. If you were to tell us the IP address for example and we were to try to connect to that server from here, via any open port we could, even that could potentially be used against us....proof that the Dems were trying to do hacking to prove that hacking had been done...Just some thoughts. I think making an image backup of this system is OK. I'm wondering if all of these activities like backups should be done in the presence of witnesses, however this is defined.

careful about what you're posting here. There are lurkers all over this board. I am praying you guy's find what you are looking for, Even though I have no idea what you are doing, I've got a pretty good idea of what you're looking for!:grouphug:

that some of the good guys are good at this!

a computer genius willing to help Andy tomorrow will see it

http://www.eventid.net/

I guess you maybe found this in google. It has submitted explanations, but you really should have the extra information.

I would recommend getting a hard disk mirror if you are able to access the machines, with witnesses maybe signing printed screen captures of what they witnessed or other proof you made a legitimate copy.

I find it hard to believe there would be traces as open as that. There are people making a very good living out of their hacking, I generally wouldn´t expect to find anything but anomalies without forensics. What you can find is stuff like "someone erased data here with a special program that makes it entirely disappear from the disk, why?".
Then on the other hand, much of the fraud have been hidden in plain sight and I guess the lesson from watergate was that those guys are not that sophisticated.

There is usually a log in the cable modem as well as the router. This is not very long, I believe, I think it gets deleted from the bottom if you don´t choose to get it sent somewhere with intervals.

Standard broadband routers and cable modem´s passwords can usually be found by simple google search. They have a different password for access from inside the network or outside.

Inside logons I´d try would be: admin/"admin" admin/"password" admin/ admin/boe admin/BOE admin/1234 admin/0000

I believe many of them are not that secure, as an example low level people at the broadband provider would be pretty much able to do what the fuck they wanted , then delete the evidence both in the cable modems and at the ISP which would mean you are pretty fuct. If any of the computers behind the firewall have a modem plugged to phone line, whoff there is zilch security as they could disable the firewall, do whatever they like and then enable it again.

I am not remotely an expert on this, this is stuff I learnt last month from fiddling with my parents home network. You should get yourself a real expert if you are able to access that kind of equipment, there are a lot more information than the logs in there.

1) Seems very desirable to get ahold of a credentialed computer security person at least to advise what to do and not to do, ASAP.
I don't know who, offhand, in Ohio, but there might be friendly professors at the local non-Evangelical universities, maybe the Phd's
writing in freepress.org can make some quick recommendations
2) I dunno if anyone's come out and said it, but even if there is a firewall or router, the server could be completely taken over by
*the sender of an Email*. Such is Microsoft. If Outlook opens
an attachment with virus that hasn't been neutralized, various unpatched
code is at the mercy of the sender of the Email. Getting remote control of the system *if there is a firewall in place* is harder than simply
becoming Administrator via code in that Email attachment. But if there are open ports, either because of no firewall, firewall down, or ports open despite firewall (as TCP port 80 usually is) then the remote control is easy too.

Not too far away and probably not what you need but --he may know someone in Ohio that is

I will PM with my email andy if you are interested. With this i am gonna go try to sleep.

:wtf: I can't decide whether to laugh or cry anymore.

Unpatched XP on a cable connection... directly hooked to the cable modem, or through a hardware firewall/router ? (You mentioned a router earlier in this thread, but I thought it was another PC you were describing.) Unprotected PCs on broadband connections typically will see atack patterns within 15 minutes. If they had it hooked direct to a cable modem, get the make and model and get back to me.

You can take an image of the PC with something as simple as store-bought Ghost for $40. Doing so never requires booting into Windows, and will not alter the HD in any way. It is standard computer forensic practice to take an image of a drive before doing ANY work on the system - usually done using a hardware drive duplicator, but doable with Ghost.

Do NOT install pcAnywhere or any other software WHATSOEVER without first imaging the pristine system. After that, remove and set aside the hard drive, push the image back to a DIFFERENT hard drive, and do you work on that - do not make ANY change to the original drive.

Standalone Cable Modems will not generally yield a log - logging on that side would belong to the ISP, and would need to be subpoenaed. Cable Routers/Firewalls do have logging capability, but it is usally not enabled by default - it would also usually need to be configured to write the log out to a system on the inside of the network, which is something most people do not do. What little logging is there is not saved otherwise.

Dont get a programmer to assist you. I dont mean to dump on them, but you hafta understand - IT is a HUGE field, and nobody can know it all. I've worked in IT for 10 years, specializing in hardware, OS & software support, and enterprise networking. I cant write a complex program to save my soul. Likewise, I've worked for software companies with six-figure programmers who can write code in their sleep.. but God help them if they can't print. You need a network technician and a security specialist to advise you. Programmers will just muddy the waters. If you want to analyze code, by all means, give it to them... but if you want to examine a machines' configuration, network activity, and security setup, get the right guy - you wouldn't want a neurosurgeon delivering your baby, would you ?

And on 2nd thought, leave this machine alone until you can get the proper professionals on site, or image the drive as suggested by KTM.

It does seem as if you have someone there willing to cooperate with you, or you wouldn't have gotten this far, but it is important at this point to preserve any evidence!

I guess we shouldn't talk too much more about it out in the open, but on the surface, it seems like you MAY have quite an insecure computer there and that alone could be important in court. There has to be some due diligence on the part of these election officials to keep these computers secure.

a number of CDs and a way to write to them, or some other way of storing the image.

Just bring a spare HD, image drive to drive.. or image to a laptop... why make it difficult ?

But imagine someone coming into the place, opening up the PC to connect a spare hard drive! Talk about potential evidence tampering. Even if you go via a USB port, assuming the have one, you'll need to install drivers, right?

I think this episode goes to one of the problems of proving this stuff. You have to get the lawyers together with the techies!

We techies can get over zealous very easily so we need the lawyers to hold us back when we're about to do something stupid. On the other hand, they can't prove the fraud without us.

I don't know if it's a matter of funding, or what, but why aren't the proper techies on the ground right now on this one, if there's a real suspicion?

:-)

Floppy disk, boot... use NIC (we know it has one) and image to a laptop or another PC. Non-invasive. Good points though.. maybe next time they'll have an army of us, not lawyers....

you'd need to run IP or NetBeui off the boot disk to get the files across the Ethernet. Is there an off the shelf product that can do this?

Symantec Ghost, on my laptop, allows me to create a bootable floppy that loads TCP/IP protocol and maps a drive to a network share (my laptop, again), then you run the actual ghost.exe from the share and image to either the same or another share. Simple, easy, fast. AFAIK, ALL modern imaging software allows this.

I hate Microsoft. Can you imagine getting the blue screen of death right in the middle of the election?

and no offense to anyone, but.. is it really very wise to be discussing all this in a public forum, which we know is being lurked by some extremely unsavory characters?

Also, Andy, aren't you (& Cliff) kinda... tipping your hand, here?

PS. I suck at chess. Never can spot those subtle moves. :)

All you have to do is have a number of sub-routines in the original programing of the machine. You then just have to call up the one you want.

Back in the 1980s (pre-windows)I used to work as a computer consultant in Manhattan. It was amusing when someone would have me work on a machine, and be concerned that they had forgotten to give me access to their passworded system. Why they didn't understand that having physical access to the machine I didn't need anything else. It used to blow me away. Seem like the average person almost 20 years later still doesn't understand computers. Which is why it is so hard to convince people of the potential problems. I suppose it no different than people being able to drive and not know how the combustion engine works.

...unless the fact that it's connected breaks a law. Does it ? and if so, provide a link to the law.

the voting machines secure?

Going on the Net without a firewall is like leaving your car on the street with the keys in the ignition!

:toast: :bounce: :loveya: :yourock:

violations.

http://www.pdamerica.org/field/final%20status%20report.pdf

specifically see pages 81 through 86. (regarding Triad, but issues stated in this area are pertinate).

...and I thank you for it.

all of the answers -- some people (including myself) may be not presenting information clearly or coherently. If I believe in what I say, and have facts to prove that, it doesn't mean that the facts are the only ones -- only that they are the ones that I have found that substantiated what I believe (or I could have found the facts first, and then believed them... either way, one set of sources does not make something true.)

My point is that I welcome questions -- and I think that we all should.

I used to teach a Freshman English class (I was barely 30 at the the time) -- when I told the students that sometimes information is skewed depending on the publisher/audience, like History books in the South being a bit different from History books in the North which talk about the Civil War -- the older students (older than I was) were quite taken aback -- and thought if it were printed, especially in a text book, it must be true. Not quite so.

My tag line -- which hasn't shown because of traffic is

"The important thing is to never stop questioning" -- Einstein

We all need to remember that it is through answering and asking questions that we dig through our own "stuff" -- our own beliefs and feelings -- to gain more insight, more stable facts, sometimes new things that take us into a different direction and make us change our belief structure, sometimes more substantiation of our current belief structure -- it's never cut and dried -- and its kind of messy sometimes. That's why it's hard talking to people who have never thought about "election fraud" before -- they can't take their ideas and beliefs around what they know about a system and think suddenly it might be wrong -- because that would mean that they have been wrong on some level, too.

FROM chaos FORM

about election fraud (on a large scale) because it challenges their paradigm too radically. Another related phenomena is 'cognitive dissonance' (which got Bush much of his vote -whatever that really was, I believe).

Feel free to reword my question if it will help you find the link to the law I asked about. Thanks.

"with the keys in the ignition, the doors unlocked and the engine running?" I have a simple home computer w/ more security than that damn thing.

He craps on every thread, so don't respond to it.

I'm trying to come to my own conclusions instead of blindly adopting someone elses conclusions, and that makes me a thread crapper ?

I'm beginning to see a pattern here.

euler will accept nothing but the facts and requires backup documentation or evidence before accepting any theory or assertion as valid.

Think of Disciple Thomas. ;)

too hard and too often.

A little, dare I say, tact and nuance may be in order for him?

I'm not referring to the subject in question, but other posters, too.

Some people are, shall we say, a bit blunt and to the point. It works in many arenas in life, but in an Internet forum may come across differently than in real life. I've been known to offend people, too, goshdarn it ;)

But euler isn't a troll, I've read his/her posts, and just can't come to that conclusion. The main reason being, although it seems to be a position of devil's advocate, there aren't RW talking points being spewed needlessly.

Manners and tact and nuance are a question of interpretation and perspective, too. Of course, now I'm getting waaaaaaaay too preachy and better stop right here.

:hi:

Consider this. Even though it is not really a hack, but rather code written to do things that are not suposed to be done. Hackers know how to decompile and find out what a program really does.

How to Hire a Hacker

By Christopher Null

 Jack Stevens knew his company was being hacked. Someone was snooping around in sensitive information on the company network. So Stevens (not his real name) called John Klein’s Rent-A-Hacker <I style="mso-bidi-font-style: normal">(http://www.rent-a-hacker.com), a security con­sulting firm. Klein leapt into action. Klein logged onto the client company’s network and quickly sized up the situation. The intruder had exploited a common Solaris server bug. Klein im­mediately found what had gone on. “The trick was not just blocking them out, but finding out who they were,” Klein says. “But it’s delicate. It’s like a chess game: First mistake loses.”http://www.rent-a-hacker.com/SmartBusiness/article.htm

can't wait to hear the follow-up on this!

It would be really easy to create a Visual Basic or Java script file that could connect to the Access db, external to the proprietary application, and alter records in the MS Access file.

Hate to be a party pooper...

Just don't like tipping off the enemy.

what city or county we were in...

or for that matter...what state.

:evilgrin:

C-R-A-Z-Y ?!? :D

But, wouldn't this alert them to button down the hatches everywhere in Ohio?

:kick:

Everything you're doing has to be totally on the up and up or you're screwed. I trust you but this kind of stuff makes me nervous.

can locate you. You have indicated that you are in the Columbus area. You have also taken phone calls I assume on your cell because you are online and traveling which means you are more than likely at a hotel. I say all this as a warning which I hope you take seriously. These people are evil and tech savvy and capable of "reaching" out.

I would take Fayes advise earlier in this thread and take safety precautions.

I couldn't agree more btw with your stance regarding paper ballots. I am forever saying: Paper balots NOW! and Hand counts NOW!

Good luck and thank you very much for this post and all your efforts.

Peace!

For Andy's sake yes.

Remember the stakes. The more people who know what he is doing, the safer he is.

Besides, I think that the real court to be concerned with is the court of public opinion, not a court of law. The court of public opinion has much more clout in this situation.

I keep saying that the courts are very feeble in this situation. If you only knew how feeble.

Consider this. Did Watergate involve the courts? Not until the case was broken wide open first and then the courts were kind of a formality. Not much is ever mentioned of what Cox and Jaworski accomplished.

Where is deep throat when you need him/her?

that is absolutely crazy. I am absolutely apalled that this country doesn't have a "fool-proof" system that is accoutable and verifiable for us to vote.

about Wayne Madsen working with Arnebeck?
Do you know anything about an anxiously awaited master pdf file?

these things should be kept confidential right now.

http://www.pcworld.com/news/article/0,aid,115608,pg,4,00.asp

Most (85 percent) of the e-voting machines that will be used this November are built by one of three companies: Diebold Election Systems, Election Systems & Software, and Sequoia Voting Systems. Here's what the machines are made of.

Diebold Accuvote-TS

400-MHz Intel PXA-255 CPU
Windows CE
64MB of flash memory
Removable 32MB-128MB PCMCIA smart card for vote storage
9-by-12-inch touch screen


ES&S IVotronic

25-MHz Intel 386EX CPU
Proprietary OS
Three 2MB NVRAM audit log and image storage caches
Removable NVRAM or 16MB-196MB CompactFlash for vote storage
13.5-by-10.4-inch touch screen


Sequoia Voting Systems

National Semiconductor Geode CPU (300-MHz Pentium equivalent)
Proprietary OS
32MB (or greater) CompactFlash
Removable 128MB (or greater) PCMCIA card for vote storage
9-by-12-inch touch screen

Please, be careful and take care of yourself while you're doing this.

:loveya:

What's NEW?

just working away.

I know that a standard desktop can be used to tabulate votes, but you probably don't want to call it a server and say it runs on XP.

You might get flamed by techies more contrarian than I.

yes it is a desktop Dell PC running windows XP.

Did you get the make and model of the cable modem?

What a bunch of morons...

"It is connected to a cable modem and is used to recieve email using outlook express..."

Translation to "Computer Geek"

Opened up to the internet with absolutly no security limiting or blocking access, and most likely no log of record regaurding (who, when, where, what) external connections from the internet to the machine.

I would get fired for doing shit work such as this, it's a shame.

did you?