Ray Lutz: “...we must ASSUME that any central tabulators can be subverted, and thus audits are essential….Audits are absolutely necessary. Election experts agree that such manipulation is possible and stress the need for paper records to verify machine counts. However, these records are effective only if thoroughly reviewed.”
COMMENT: Paper ballots to verify machine counts are now used in New York, but many New Yorkers (including New York City) will soon be voting on the touchscreen ES&S Expressvote XL if the New York State legislature doesn’t act to preserve our right to vote on paper ballots. Demand that your state legislator support the Voting Integrity and Verification Act of NY (VIVA NY). Even with paper ballots, our audits are woefully inadequate to find fraud or machine malfunction. Support the COUNT EVERY VOTE ACT (CEVA) to close loopholes in the close vote margin bill ALLEGRA DENGLER
USB Hacker Tool Could Change Virtually Any Election Results, Given Access
Hacker USB "Utility Knife" can quickly take over and subvert any system!
RAY LUTZ
FEB 07, 2025
Can election systems be hacked?
The answer is “Yes, absolutely.”
I sometimes forget that not everyone understands that any computer system can be quickly taken over and subverted within seconds by anyone with physical access.
Election officials constantly say that the systems are safe because they are not connected to the internet, and they believe there is no WIFI capability.
Of course, it is hard to be sure that any modern computer has WIFI turned off, no blue tooth, etc. and those are usually “soft” settings that can be enabled by any intruder, and not hardware switches.
You really need to understand the capability and creativity of hackers.
Take a look at device, which was recently advertised on Linkedin. This device looks just like a conventional thumb drive. But please notice the additional port on the side, and color screen.But also, it provides a slot for a micro SD flash memory device, which slides into a secret slot in the USB connector itself.
And then interact with the user on a tiny color display:
Watch videos on this github repo (scroll down to the readme file)
https://github.com/i-am-shodan/USBArmyKnife?tab=readme-ov-file
I’ve seen these devices for years, but this ad is truly blatant that they have designed this to take over the “victim’s machine”. The testimonial says: “Your device is evil. You are doing evil." - Mr. Peoples via X
It allows complete penetration of a device, with the ability to gather up all data that will fit into the SD card and also provide WIFI and other connection to a nearby device. Anyone who has access to the system could plug this in for a short time and infect the system or leave it in and allow unlimited modification to the tabulated data.
And here is an example of 2TB memory cards that would fit in the “utility knife” that would easily hold all the data from any election district or even an entire state, for less than $5 each.And this is not the only "utility knife" like this!
Thus, we must ASSUME that any central tabulators can be subverted, and thus audits are essential.
How would this work in an election scenario?
To use this device, a hacker would need to have to have physical access to election equipment, most likely the “central tabulator” which gathers up all the election data and creates the final report, rather than individual voting machines. I’ve seen other (even smaller) devices that are designed to be plugged in for about 15 seconds to infect the election system box, turn on the WIFI, and start transmitting to a remote site, and then they are removed. Or the infection could involve sidelining ballots of a certain type, changing the totals etc.
Any election worker who may be “compromised” could plug this in for a few seconds and that is all it would take. The infection will monitor all keystrokes and gather up all passwords entered as well.
Distributed Software that can manipulate the results is another risk
Sure, this sort of hacker tool is a big risk that would take only seconds to install by any compromised worker. A worker can be compromised by offering them money or status. Many will do it. Musk was offering such $1 million checks randomly paid just for people to register to vote. I think he could afford to compromise many workers, and some election offices are already controlled by Trump loyalists.
Over several years prior to the 2024 General Election, proprietary software was stolen and passed on to partisan players, potentially enabling them to devise methods for manipulating future election results affecting at least 70 million voters in 1,600 jurisdictions. Documented cases of stolen election machines and software breaches, allegedly involving operatives with partisan ties, highlight significant vulnerabilities. These actions could have easily compromised the security and integrity of the recent election results.
A notable case involved Tina Peters in Mesa County, Colorado, who was sentenced to nine years of incarceration for her role in compromising the election office and allowing a security vulnerabilities team to review the Election Management System (EMS), also known as the "central tabulator." While the review was improperly initiated, it yielded significant findings. (See the technical report by the analysts hired by Peters: https://useip.org/wp-content/uploads/2022/03/mesa-county-forensic-report-no.-2.pdf )
The most critical discovery pertained to a "back door" in the Dominion EMS package: the inclusion of the Microsoft SQL Server Management Suite (SSMS). This software allows unrestricted access to central tabulator data and permits modifications of that data without being tracked or logged by the EMS. The vulnerabilities team concluded that including this software posed a significant security risk. We agree with their assessment.
They noted that ensuring EMS computers cannot connect to the Internet is actually quite difficult. Proving that the EMS has disabled or non-functional wireless modems is nearly impossible, as modern devices often have embedded Wi-Fi or cellular modems that cannot be removed, and disabling them can be easily undone. Preventing wireless communication would require isolating the EMS computer in a Faraday Cage—infrastructure nearly all election offices lack. Additionally, most election officials, being elected rather than technically trained, cannot reliably certify the absence of wireless communication.
In the ongoing case of Stefanie Lambert in Michigan, with hearings slated for December 2, 2024, it has been demonstrated how the SSMS software can be used to modify election outcomes. The video on the DePerno Law website demonstrates use of the backdoor to modify the voting machine configuration so all votes for Biden were transferred to Trump, and vice versa. This one example is not the only hack possible using this very powerful back-door software package. All vote counts are vulnerable to change and detection would require careful comparison with the ballot images or paper ballots.
These actors were affiliated with the Trump campaign and demonstrated the knowledge of this method to modify outcomes, that only could be understood by penetrating the veil of secrecy regarding this back door.
Audits are absolutely necessary
Election experts agree that such manipulation is possible and stress the need for paper records to verify machine counts. However, these records are effective only if thoroughly reviewed. Often, results are finalized before any review, and when conducted, audits are cursory and prone to insider manipulation. Pre-certification checks are typically insufficient to detect fraud, and internal audits can be designed to appear rigorous while uncovering nothing. Paper ballots are frequently "sealed" and cannot be opened except by court order, which is only possible if solid evidence of fraud exists. Instead, we now have ballot images that, if reviewed, can detect such a central tabulator hack.
Some personal background…
A lot of new readers don’t know me at all, and I am very happy to have this channel and a way to communicate that is expanding the number of people I am able to provide the unvarnished truth.
I have been working in the election integrity space for about 20 years. It is my goal to do a better job of communicating and getting the word out, and so I am now putting out more articles like this, even before I have fully completed my own investigation.
We can learn together and I can provide a lot of experience that very few people have.
I thank you for your readership. It takes time to fully understand elections because they don’t happen very often.
With a master’s degree in electronics software engineering, I mostly work these days software and data science. For a number of decades previously, I worked on office equipment, printer/scanner/fax/copiers, etc. and communication technology. But also neurofeedback medical devices. I also took a break and wrote a novel, “Coils of the Serpent”, I say is like a cross of The Da Vinci Code and Jurassic Park. Although it is a novel, it considers how we got here, religious theories and how they might tie-in with the most profound fact of life, DNA.
At the same time, I became obsessed with election integrity and now it is my primary interest.
This started in 2005 when I asked the San Diego Registrar of Voters (the term usually used for election officials in CA) for procedure documents so I could read them over, and as I am good at digesting that sort of thing (nerd alert!) I figured I would be able to make some helpful suggestions.
They said they had no written procedures (!), but I could ask them questions and they would give me written responses. After about two years of back and forth, my primary finding was that it was absurd not to document your procedures, the first step to being able to improve quality. The next important finding was that the state requires a post-election audit called the 1% manual tally, where they hand-count 1% of the precincts and compare with the official results. So I decided to learn to watch these really well, to make sure the review of paper ballots was done correctly.
It took me a while to realize that they were not including in the audit “later” vote-by-mail ballots that arrived on time, but were not yet processed by election day. In 2016, this was about 37% of all ballots cast, 285,000 ballots. Leaving them out was a very bad idea, because the election could be “fixed” easily by modifying the counts in the central tabulator for those ballots without modifying the ones that were included in the sampling process.
So I asked them to include them, they refused, so I sued the County, went to trial, and we won the case. This was regarding the primary election in 2016, and there was a great deal of concern over how Bernie Sanders was shortchanged in the election, or so we thought might be the case. But we were never able to get to review the actual ballots, and unfortunately, my case (under the banner of Citizens Oversight) is now used to restrict ballot images as well.
The court win lasted for a few months, but the election officials have a group called CACEO, the “California Assn of Clerks and Election Officials,” and they pushed through AB-840 using legal sleight of hand, which changed the law so that it was fine to leave out all those 285,000 ballots from the audit process. On appeal, they reversed our win and further, said that it was always that way, and thus, they had never violated the law and our initial case was frivolous. We know better, and further, we know they were wrong to change these rules. I did learn that court cases don’t always improve things.
But I think many districts in CA do try to include more of these later ballots in their audit, and we know a great deal about the shortcomings of the audit process in CA and other places.
(Unfortunately, the Secretary of State at the time, Alex Padilla, was not helpful! — See more detail at https://copswiki.org/Common/M1701)Since then, working under the umbrella of CitizensOversight (501(c)(3) nonprofit), we worked to develop the platform “AuditEngine” (AuditEngine.org) which can audit elections using ballot images and cast vote records. Such an audit does a meticulous review of all ballot images and compare ballot-by-ballot with the cast-vote-records. Unfortunately, this type of audit and also Risk Limiting Audits (RLAs) can’t detect any changes to the election that are made prior to scanning the ballots, such as by sidelining ballots from voters of one party, purging voters, intimidating voters, and the like.
In this election, we still don’t generally have access to ballot images so we can perform that kind of audit in many locations. You can bet the election officials really would rather avoid oversight. But many are very good at providing all data transparently. In time, I believe we will have transparent data universally, and we will likely have many options for auditing them from 3rd parties that can compare their results.
So although we can do our own very meticulous audits of ballot images, it still is some work to do so, and it does take computer resources to perform large image audits that require a lot of OCR (optical character recognition). So we were looking for good ways to detect possible issues statistically, and that is when I started this Substack channel.
Thanks for reading.
—Ray