At an event in South Dakota this month, Mike Lindell (CEO of MyPillow), an ally to former President Donald Trump, distributed copies of Dominion Voting Systems software that manages elections. This includes configuring voting machines and counting results.
Matt Masterson, a former top Trump administration election security official, said that "it's a game changer in that the environment which we have talked about being existing now is a fact." "We told election officials that this information was already available. We now know that it is there, but we don't know what the election officials will do with it.
Software copies were taken from voting equipment in Mesa County (Colorado) and Antrim County (Michigan), where Trump allies had unsuccessfully challenged the results of last fall's election.
Dominion software can be found in more than 30 states, including in California, Georgia, and Michigan.
Harri Hursti, an election security pioneer, was present at the South Dakota event. He said that he and other researchers were given three copies of election management software that runs on Dominion software. They were identified as being from Antrim and Mesa Counties, according to the data. Although it is not known how the copies were released at the event they were made online and available for download by the public.
Hursti stated that the release provides hackers with a "practice area" for testing vulnerabilities and providing a roadmap to avoid security threats. Because they are not supposed be connected to the internet, all hackers need to have physical access to the systems.
Hursti stated, "The door is now open." "The question is: How do you get in?
A representative of Dominion declined to comment, citing an investigation.
Only three vendors dominate the U.S. market for election technology. This means that election officials can't easily switch to new technology. The software copies are basically a blueprint for anyone who wants to disrupt the way elections are run. Kevin Skoglund, an election technology expert, stated that they could attempt to sabotage the system or alter the ballot design, or even change the results.
He stated that "This disclosure increases both likelihood of something happening and the impact on what would happen if this happens."
The effort by Republicans to examine voting equipment began soon after the November presidential election as Trump challenged the results and blamed his loss on widespread fraud, even though there has been no evidence of it.
Judges appointed by both Democrats and Republicans, election officials of both parties and Trump's own attorney general have dismissed the claims. A coalition of federal and state election officials called the 2020 election the "most secure" in U.S. history, and post-election audits across the country found no significant anomalies.
Antrim County judge allowed forensic examination of voting equipment following a short mix-up of election results that led to a lawsuit alleging fraud. It was dismissed in May. Hursti stated that the date of software release corresponds to the date of the forensic examination.
Antrim County's clerk was not available for information. A call to the prosecutor's local office was made. The Michigan secretary-of-state's office declined to comment.
Federal, state, and local authorities in Colorado are looking into whether Mesa County election staff may have allowed unauthorized persons access to their systems. Tina Peters (county elections clerk) appeared on stage with Lindell in South Dakota, and stated to the crowd that her office was being targeted in the state by Democrats.
Jena Griswold, Colorado Secretary of State, stated that she alerted federal election security officers about the breach. They were told it wasn't a significant increase in the election risk landscape at the point. This week, Mesa County commissioners voted for replacement voting equipment that Griswold ordered couldn't be used.
Geoff Hale is the head of the U.S. Cybersecurity and Infrastructure Security Agency's election security efforts. He said that his agency has always believed that malicious actors know about system vulnerabilities. Hale stated that election officials are focusing on ways to reduce risk. For example, using paper ballots that can be verified and strict post-election audits.
He stated that Dominion's software being made public doesn't affect the agency's guidelines.
Jack Cable, a security researcher, said that he believes U.S. enemies already had access the software. He stated that he was more worried about the possibility of distrust from the increasing number of people who aren't inclined to believe in U.S. elections security.
Cable said that it is concerning that some people are trying to make the system insecure by making it more secure. He recently joined a cybersecurity company run by Christopher Krebs, former CISA Director, and Alex Stamos, former Facebook security chief.
Concerns over access to voting machines and software first surfaced this year in Arizona, where the Republican-controlled state Senate hired Cyber Ninjas, a firm with no previous election experience, to audit the Maricopa County election. The chief executive of the firm had also tweeted support for conspiracy theories regarding last year's election.
Arizona's top election official stated that the Dominion voting systems in the county were no longer available after they were handed over to them. The GOP-controlled Maricopa County Board of Supervisors voted in July to replace them.
Dominion has brought suits to contest unfounded claims regarding its systems. It called Cyber Ninjas' access to its code "reckless" given the firm’s bias and claimed it would cause "irreparable harm" to election security.
Ryan Macias (electoral technology and security expert), was in Arizona earlier this summer to observe the review. He was concerned by the lack of cybersecurity protocols. It was not clear who was granted access or whether background checks were performed on those individuals.
Cyber Ninjas didn't respond to emails with questions regarding the review or their security protocols.
Macias wasn't surprised to learn that Antrim County's election administration system was online. This is despite the questionable motives of various review groups and the central role voting systems play in conspiracy theories.
Macias stated, "This is exactly what I expected would happen. I anticipate it will again come out of Arizona." "These actors are not liable and have no rules of engagement."