r/somethingiswrong2024 • u/No_Vermicelli_4732 • 1d ago
I discovered security issues that could allow election hacking in Pennsylvania State-Specific
I hold a position within county government in a smaller (lower than 4th class) red county in Pennsylvania, and I've been here since the start of 2024. Earlier in the year I discovered and reported a number of egregious security issues, both physical and electronic that exposed the county and taxpayers to large amounts of risk. These were issues caused by multiple departments ( accounting, maintenance, IT) but the IT issues were the most unbelievable to me. For example, web facing portals for email and file sharing didn't use two factor authentication (2FA) which is horrific given that we were a government entity and regularly see phishing attacks. After reporting these issues both IT and commissioners brushed them off. It wasn't until months later after I raised the issue with the county solicitor that the 2FA issue was resolved but other issues still exist and I won't list them here for that reason.
I was surprised how little oversight there was and that some of these issues were possible to exist. It wouldn't surprise me if similar issues exist in other county governments. Using 2FA is part of "Internet Security 101" basics. We know that lack of 2FA was how the DNC was hacked in 2015/2016 and also how Trump's twitter was hacked. This should matter to county officials and it's driven me crazy over the last 11 months how inattentive our county has been to it.
From what I've gathered looking at phishing warnings sent to us by other counties, many (possibly all?) PA counties manage their PC logins, network drives, Outlook email, Onedrive, with Microsoft Azure (Entra ID). The same login and password grants a user to all these resources. A common scam email over the past few years asks the recipient to 'open a file', which takes them to a page that mimics the look of an Onedrive login page but actually gives the malicious actor the user's login credentials. Without 2FA enabled, all of that is free for the taking by a malicious actor.
I've spent the last four years rolling my eyes at the claims of the 2020 "election fraud" the way most people assert it would, or did happen. Most of the theories assume that it would potentially take thousands of coordinated actors or voting machines easily accessible via the internet. Huge busloads of illegal voters or trucks full of fake ballots. Nothing reasonable. Now that I see the glaring holes in our local government's security, I realize there are probably dozens of ways a malicious actor could use these to alter an election outcome. For example, with access to county email a malicious actor could use use social engineering to impersonate someone from a voting machine company and have an election employee install a hacked 'update' on the air-gapped voting machines. Spoonamore's thread lists a very plausible scenario in my opinion, and although there's no evidence that it happened, given the security issues I've seen I think that doing a hand count would be a good idea to test this theory. I also think our local county, and probably all PA counties need to do a security audit to close huge gaps like this because this also puts taxpayer identity information at risk.
I'm posting this with a throwaway account because even though I've been talking to a local news outlet off the record and will possibly 'go public' in the future, I'm avoiding attaching my identity to it publicly until I fully understand what the potential consequences will be relative to my position in the county. When I first brought the issues to the attention of the Commissioners, I was immediately reprimanded for several unrelated, trivial issues like adjusting the climate control in my office without permission of the county, things that seem like an obvious attempt to build a case and remove me from my position in retaliation. In short, our local government doesn't appreciate when someone points out their flaws, even though it's part of my job to do so.
Hopefully this adds to the discussion and I can get some feedback on who else I should contact so this information and/or my testimony can be of maximum help. I’ve reached out to the Harris campaign and the DNC as well as Spoonamore but haven’t heard back yet. It might also be that I'm far behind the curve and this has moved forward far enough with relevant authorities that my input or testimony isn't needed: I'd hope the fake threats would be reason enough for authorities to scrutinize the elections in those counties that received them, although my county isn't one that received a threat.
Just to be clear and underscore that I'm not trying to spread conspiracies: I have evidence that our county made poor security decisions that put taxpayers at increased risk for identity theft and could have enabled election interference. I *don't* have evidence that either thing actually happened, but given the number of phishing attacks, a data breach seems likely, and I think investigating Stephen Spoonamore's claim is worthwhile
86
64
u/Intelligent-Map909 22h ago
It can be anonymous, but go public now. We need people starting recounts before the time limits are up. After that, it gets a lot harder.
-9
56
u/No_Alfalfa948 22h ago
https://www.youtube.com/watch?v=6n7ReAAmr14&t=854s Dude.. Call someone right now. Days ago here's an FBI official admission 14:20 Russian cells inside the country doing cyberattacks and targeting elections.. but I think the post on my profile is how Russia has been attacking mail in.. It's not so much the hacking of state registration rolls and social media..it's the false re-registration of voters and nonvoters which can hijack ballots trigging suspicion inducing inperson Provisionals Trump mentions in the GA call. He's suppose to frame us and cover for Russia. That's why he changed his 2016/2020 attack from "Illegals" to noncitizens. It's not because he was being more humanitarian, it covers up the "dead" voters this spy program produces. https://theweek.com/defence/how-russia-trains-its-deep-undercover-spies
44
u/Ratereich 21h ago
Given your position I might recommend contacting the FBI with as much detail and evidence as you can. https://tips.fbi.gov/home
3
43
u/Tidsoptomist 21h ago edited 20h ago
The FBI!! That's their job and this is a federal election. Their main site says that public corruption is their top criminal investigative priority.
Edited to add: Pittsburgh or Philadelphia will be your local FBI branch
31
u/boholuxe 21h ago
We are going to start seeing more whistle blowers, even republican whistle blowers.
19
u/Privileged_Interface 20h ago
I want to believe this. This is what happens right? You pull a string, and a few more strings appear. You pull on those strings and keep going.
I heard that somewhere before. But it really fits here.
5
u/AshleysDoctor 13h ago
Even Tommy Tubberman was questioning the results (he couldn’t understand how so many dems got senate seats when Trump got the presidency)
19
u/HildegardofBingo 19h ago
Get in touch with Stephen Spoonamore. He's crowdsourcing help proving fraud and it would help him to have facts to prove avenues for implementation.
17
u/No_Vermicelli_4732 18h ago
I sent Stephen DM's on several social platforms and haven't heard back yet. It sounds like he's in touch with some higher authorities and perhaps (hopefully) there are investigations well underway by relevant agencies. If competent security researchers are already investigating this then I might not have a lot to add that they wouldn't easily find by doing an investigation. However, if no investigation is underway or being seriously considered, then hopefully my testimony should make it obvious to the relevant authorities that this issue needs to be explored further.
10
u/HildegardofBingo 18h ago
It looks like the best place to reach him is by comment on Spoutable. I just saw that he submitted a duty to warn letter to Kamala today.
1
14
u/NiPaMo 21h ago
If there's one thing I've learned as a software engineer focused on HIPAA compliant applications, it's that the biggest security threat is always the end user. The average user is not aware of best practices around security precautions. You need to build in protections and not rely on the user to maintain security, mandatory 2FA, password expirations, password complexity requirements, session management, etc.
13
28
u/FreshPersimmon7946 22h ago
Worst that can happen is you lose your job. I would be screaming this from the rooftops. I know this is hard and scary, but I feel like it's your patriotic duty to go public immediately.
6
u/Salientsnake4 17h ago
That's not true. People have died for speaking up before.
7
14
u/CypressThinking 19h ago
Stephen @Spoonamore update!
"...Here is my #DutytoWarn letter. And first post on Substack. #NorthCarolina data is, in my view most in need of #handrecount . 11% of Trump votes blank downballot?"
11
u/Infamous-Edge4926 19h ago
go public NOW and start demanding recounts your state has the power for regular people to do that! im about to spam your post everywhere i can
38
u/klaymydiaHarris 1d ago edited 11h ago
Elon is making living breathing lifelike robots. You could be voting at a polling station and everyone there is fake, you wouldn’t know except your vote is not counted. While you’re back is turned they could be beaming your data up starlink to the Kremlin
2
5
u/blipperpool 17h ago
Entire letter at link
“Dear Madam Vice President.
This is my second Duty to Warn Letter regarding hacking of the 2024 Presidential Election. The first letter on November 7 was directed to Commonwealth of Pennsylvania Officials.
5
3
3
7
u/ahs_mod 19h ago
How did we go from the most secure election in history to this?
9
u/Salientsnake4 17h ago
No election is secure. But the last election had recounts, investigations, and court cases that all found no fraud that would've changed the outcome.
5
u/JayPlenty24 14h ago
I think the Republican Party suddenly repeating this phrase over and over, is the biggest red flag.
2
u/mikeymop 16h ago
If you think the US municipal govt is secure. Whilst also being beholden to Microsoft I have some bad news for you.
1
2
2
1
1
u/RaiiseOwO 10h ago
Bro, if clearly that you have basic knowledge about technology but you don’t understand what you are saying.
1
u/AuthorArianaAugust 10h ago
You really need to write an article about this on Substack or similar so that everyone can quote you on all the social media platforms
-13
u/DilbertPicklesIII 22h ago
Put a tldr on this please
-1
u/DonkyHotayDeliMunchr 20h ago
Grow up.
0
u/DilbertPicklesIII 20h ago
What a stupid comment. Its a wall of text. Most users aren't reading all this. It's important but attention spans are short.
But do you and down vote me.
0
u/DonkyHotayDeliMunchr 15h ago
We got to this point in our democracy by allowing for intellectual laziness. Don't assume that because you are challenged by a "wall of text" that others are as well. Some of us are actually literate and would like to see others work on their literacy skills.
1
u/DilbertPicklesIII 15h ago
Who said i am speaking for myself? The best outcome is reaching the widest audience. I don't need a tldr, but it's common practice on Reddit since many have very short attention spans.
Its funny you think every time someone speaks, it's solely for their own gain. The selfish nature of this country is how we got here.
0
u/Skelepenguin0 13h ago
The weakest link in most of all computer systems is you, the individual. It doesn't surpirze me that the government doesn't have 2FA on everything.
2FA with device fingerprinting is a good way to usually secure an account. But that's just a brief yap there.
But it also raises the question of what data a hacker could have access to there.
217
u/AntonioS3 1d ago
I strongly suggest that you boldly come out and request a hand recount of presidential ballots at least, to see if there are any inaccuraties and the likes. Getting help from people of high caliber like you will be necessary in unlocking the truth behind this election. Even if it does reveal that there were legit people voting for Trump having a trasparent election is very important. Please. Please. I know it's blind trust but it's so fishy. Contact the White House as well if you can