Were Dominion and SolarWinds aware of back door in the
system which allowed for election fraud?
Two days ago we reported that a CISA emergency directive called
on all federal civilian agencies to review and power down or
disconnect all SolorWinds Orion Products:
Per
experts on the Internet, a certain version of SolarWinds
contained a backdoor since March of 2020.
On December 13, several news outlets, including
Reuters,
The Washington Post and
The Wall Street Journal, reported that multiple U.S. government
agencies were the victims of a significant breach reportedly linked
to hackers associated with a nation-state.
Additional reporting has since confirmed a direct connection
between this breach and
last week’s breach of cybersecurity firm FireEye.According to a tweet
from Dustin Volz, reporter for The Wall Street Journal, the source
of the breach was “a flaw in IT firm SolarWinds.”
The backdoor was available in March through June versions of
SolarWinds:
The backdoor resides in a dynamic-link library (DLL) file name
SolarWinds.Orion.Core.BusinessLayer.dll. The file
was digitally signed by SolarWinds with a valid certificate on
March 24, meaning it would be trusted by the underlying operating
system and would not raise any alarms.The backdoored DLL file was seeded as part of SolarWinds
software builds between March and June 2020, which are accessible
via the SolarWinds website. Once an organization installed the
malicious software update, the backdoored DLL file would remain in
hibernation for a period of two weeks before beginning its
operation. This is one of the stealthy elements of this operation.
FireEye says in its blog post that the backdoor also managed to
“blend in with legitimate SolarWinds activity” in order to
evade detection.
SolarWinds filed a report with the SEC where they mention that
18,000 customers had the backdoor problem:
On December 14, SolarWinds
filed a Form 8-K with the U.S. Securities and Exchange
Commission that sheds light on the potential impact from this
incident. In the 8-K, SolarWinds says it believes the number of
customers with an active installation of Orion products containing
this backdoor is “fewer than 18,000.”
A highly sophisticated adversary (China?) planted malicious
codes on SolarWinds software:
According to the Microsoft TAR and the FireEye blog post, a
“highly sophisticated” adversary managed to
breach the supply chain of SolarWinds, a company that develops IT
infrastructure management software, resulting in the placement of
malicious code inside of the company’s Orion Platform software
builds.
There is no mention of SolarWinds in the Antrim County Michigan
forensic audit report, so we don’t know which version of
SolarWinds was used by Dominion in Antrim County:
First Look: Antrim County Michigan Forensics Audit Results of
Dominion Voting Machines Released
Two
IT professionals have reached out to us to share the following
about SolarWinds and their Dominion connection:
One reader shared with us some thoughts about SolarWinds
technology:
I work in IT and I am now left wondering if Solar Winds was used
as a backdoor “jump host” to get into Dominion
machines. If the machines each had a unique hostname and they were
being connected to a central network it is a rational way to
explain it. A “jumphost” is a server (which is very bad
security practice, by the way) that contains all the hosts on a
network with their hostnames and ip addresses so you can just
“jump” to them or remote to them. If they did indeed put a
backdoor in Solar Winds and connected these to a network, this is
how they would do it: Solar Winds might be hacked to be a jumphost.
I cannot say this is true for sure, but it is worth digging into. A
“jumphost” is bad because it puts all your hosts and devices
into one basket and if a hacker gets in there, you can only imagine
what a nightmare they can create.
Another IT professional shared this:
I am also an IT professional that uses SolarWinds. We use
SolarWinds to manage network equipment, servers, etc. SolarWinds is
a very powerful tool. SolarWinds has a scripting tool capable of
automated task scheduling for configuration management. So say you
had 1000 or more voting machines spread across the country. You
could build scripts to download data from or upload data to rapidly
in seconds. SolarWinds services and accounts are granted elevated
permissions on equipment to perform these tasks. Hackers could take
over a company’s SolarWinds management server to use as a
“zombie” and orchestrate attacks on voting machines from all
over making it difficult to track.
If the versions of SolarWinds were not timely updated, this
problem with SolarWinds would be in place through the election and
would therefore allow for election fraud using the Dominion voting
machines.
So the question that should be asked is whether SolarWinds
and Dominion knew of the breach and were working with the foreign
adversary to ensure the backdoor remained open in the 2020 election
so they could steal the election for Joe Biden?
The post
Dominion Likely Used a Version of the SolorWinds Orion Platform
Which Provides Backdoor Access Into their Voting Machines
appeared first on The
Gateway Pundit.
