Mike Lindell’s Cyber “Evidence”

Post Syndicated from original https://mjg59.dreamwidth.org/57459.html

Mike Lindell, notable for absolutely nothing relevant in this field, today filed a lawsuit against a couple of voting machine manufacturers in response to them suing him for defamation after he claimed that they were covering up hacks that had altered the course of the US election. Paragraph 104 of his suit asserts that he has evidence of at least 20 documented hacks, including the number of votes that were changed. The citation is just a link to a video called Absolute 9-0, which claims to present sufficient evidence that the US supreme court will come to a 9-0 decision that the election was tampered with.

The claim is that Lindell was provided with a set of files on the 9th of January, and gave these to some cyber experts to verify. These experts identified them as packet captures. The video contains scrolling hex, and we are told that this is the raw encrypted data from the files. In reality, the hex values correspond very clearly to printable ASCII, and appear to just be the Pennsylvania voter roll. They’re not encrypted, and they’re not packet captures (they contain no packet headers).

Trending
QNAP Poisoned XML Command Injection (Silently Patched)

20 of these packet captures were then selected and analysed, giving us the tables contained within Exhibit 12. The alleged source IPs appear to correspond to the networks the tables claim, and the latitude and longitude presumably just come from a geoip lookup of some sort (although clearly those values are far too precise to be accurate). But if we look at the target IPs, we find something interesting. Most of them resolve to the website for the county that was the nominal target (eg, 198.108.253.104 is www.deltacountymi.org). So, we’re supposed to believe that in many cases, the county voting infrastructure was hosted on the county website.

Unfortunately we’re not given the destination port, but 198.108.253.104 isn’t listening on anything other than 80 and 443. We’re told that the packet data is encrypted, so presumably it’s over HTTPS. So, uh, how did they decrypt this to figure out how many votes were switched? If Mike’s hackers have broken TLS, they really don’t need to be dealing with this.

We’re also given some background information on how it’s impossible to reconstruct packet captures after the fact (untrue), or that modifying them would change their hashes (true, but in the absence of known good hash values that tells us nothing), but it’s pretty clear that nothing we’re shown actually demonstrates what we’re told it does.

In summary: yes, any supreme court decision on this would be 9-0, just not the way he’s hoping for.

Update: It was pointed out that this data appears to be part of a larger dataset. This one is even more dubious – it somehow has MAC addresses for both the source and destination (which is impossible), and almost none of these addresses are in actual issued ranges.

comment count unavailable comments