I’m just gonna say it: Everything about everyone involved in this administration screams people who are hired for their loyalty, not their skillsets.
The theory that they used Uninterruptible Power Supplies to modify the vote, and that they had enough people involved to pull this off, yet everyone kept their mouth shut, is not the level of competency I have seen from anyone in Trump’s orbit.
As someone with a background in tech, I find it hard to believe. Extraordinary claims require extraordinary evidence. They can make up all the stories about they want in their own heads, until there’s some proof of it, it’s just as bullshit as Trump’s claims of election fraud.
If Eaton pushed an update to those UPS units, it could have gained root-level access to the host tabulation environment—without ever modifying certified election software.
So yeah, we’re gonna have to have a hell of a lot more to go on than “could have” here. Also I’m skeptical on the claim that Windows automatically trusts any connected UPS and skeptical about the “root level access” claim (including the fact that it is called administrator access on Windows, Windows doesn’t have “root” accounts).
Part of the reason I’m skeptical on the root-level access claim regarding a UPS. If you could do this with any old UPS, this would make any and every UPS in existence a major attack vector to every computer and computer network in existence. I find it hard to believe that cybersecurity experts would have somehow missed this in the last 20 years that commercial level UPS’s have been in use. That it was just somehow conveniently overlooked that you could override server administration with a UPS. I don’t buy that.
EDIT: All this being said, I think a court case to reveal any evidence that is there is important. It’s highly improbable but not impossible and so I hope the court case moves forward quickly.
I’ve been listening to a great podcast series about Titanic. (This will come around, bear with me.)
One of the things mentioned in the latest episode is that it didn’t take long for conspiracy theories to develop about the sinking, that it had to have been done on purpose. Because there are a lot of people who didn’t want to believe the truth: that it was possible for the largest luxury liner ever built could go to the bottom of the north Atlantic in two and a half hours on its maiden voyage on accident.
The uncomfortable truth about this last election is that, yes, enough people willfully voted for fascism to put this administration in place. The United States is much further away from the ideal we’d all been led to believe it has strived to be, so far that it’s clear that it’s not even striving for that ideal anymore. That truth is so unconscionable to some people that accepting a conspiracy theory is more palatable.
Ups software probably installed as system so that it can perform script execution and shutdown properly. That software communicates with the UPS directly. UPS vendors wouldn’t be at the top of my list of security-minded companies.
I mean, the article focuses more on how the UPSes have SNMP enabled network cards.
SNMP is Simple Network Management Protocol, which is for, well, simple network management, not computer administration, which are different things.
SNMP can definitely be an attack vector, so it’s generally considered good practice to disable it on any ports it’s not absolutely needed. Further, it’s mostly able to be abused for DDOS, although there are some possibilities for network penetration. Network, not computer, once again. Controlling the router isn’t the same as controlling the Server., although it can help you move towards controlling the Server. Still a lot of hoops to jump through from network to server.
Every election is run on a local level, and this would mean that in enough swing states, one of two things was happening: either the election cybersecurity team in all the states affected was technically incompetent or they were somehow in on it and all kept their mouths shut. Both of those are highly unlikely when it comes to the frequency at which this happened all over the country.
While you generally have a good point about script execution via a UPS, once again, does that mean every single cybersecurity team in every state affected was foolish enough to be giving a UPS administrator script execution capabilities? Because just executing a script doesn’t mean the user executing the script has admin rights. Once again, either every team was inept or somehow the famously loose-lipped Trump team was sitting on a zero-day exploit to gain admin access and somehow kept it quiet.
I don’t consider snmp to be a big issue, unless someone set up “public” with write access.
The ups software running on the windows machine would be running as system and would be able to execute whatever it wanted. Usually it’s connecting to the ups through some method (IP, usb serial) to figure out what state it’s in, how much runtime is remaining, and if it needs to execute any stored scripts.
How do you get a compromised UPS to upload scripts to the windows machine? That I’m not too sure about. I don’t think I’ve seen an ups management system that has that capability.
I understand where you’re coming from with this angle, but you’re wrong. Very few people need to be involved to get this done. Also, just like with other conspiracy theories that are still publicly frowned upon but highly probably true: I wouldn’t count on internal US people to do the ground work either.
It is very likely the machines were fixed early to mid 2024. I agree that the UPS theory or starlink is ridiculous.
I’m just gonna say it: Everything about everyone involved in this administration screams people who are hired for their loyalty, not their skillsets.
The theory that they used Uninterruptible Power Supplies to modify the vote, and that they had enough people involved to pull this off, yet everyone kept their mouth shut, is not the level of competency I have seen from anyone in Trump’s orbit.
As someone with a background in tech, I find it hard to believe. Extraordinary claims require extraordinary evidence. They can make up all the stories about they want in their own heads, until there’s some proof of it, it’s just as bullshit as Trump’s claims of election fraud.
So yeah, we’re gonna have to have a hell of a lot more to go on than “could have” here. Also I’m skeptical on the claim that Windows automatically trusts any connected UPS and skeptical about the “root level access” claim (including the fact that it is called administrator access on Windows, Windows doesn’t have “root” accounts).
Part of the reason I’m skeptical on the root-level access claim regarding a UPS. If you could do this with any old UPS, this would make any and every UPS in existence a major attack vector to every computer and computer network in existence. I find it hard to believe that cybersecurity experts would have somehow missed this in the last 20 years that commercial level UPS’s have been in use. That it was just somehow conveniently overlooked that you could override server administration with a UPS. I don’t buy that.
EDIT: All this being said, I think a court case to reveal any evidence that is there is important. It’s highly improbable but not impossible and so I hope the court case moves forward quickly.
I’ve been listening to a great podcast series about Titanic. (This will come around, bear with me.)
One of the things mentioned in the latest episode is that it didn’t take long for conspiracy theories to develop about the sinking, that it had to have been done on purpose. Because there are a lot of people who didn’t want to believe the truth: that it was possible for the largest luxury liner ever built could go to the bottom of the north Atlantic in two and a half hours on its maiden voyage on accident.
The uncomfortable truth about this last election is that, yes, enough people willfully voted for fascism to put this administration in place. The United States is much further away from the ideal we’d all been led to believe it has strived to be, so far that it’s clear that it’s not even striving for that ideal anymore. That truth is so unconscionable to some people that accepting a conspiracy theory is more palatable.
Ups software probably installed as system so that it can perform script execution and shutdown properly. That software communicates with the UPS directly. UPS vendors wouldn’t be at the top of my list of security-minded companies.
The execution path isn’t impossible.
I mean, the article focuses more on how the UPSes have SNMP enabled network cards.
SNMP is Simple Network Management Protocol, which is for, well, simple network management, not computer administration, which are different things.
SNMP can definitely be an attack vector, so it’s generally considered good practice to disable it on any ports it’s not absolutely needed. Further, it’s mostly able to be abused for DDOS, although there are some possibilities for network penetration. Network, not computer, once again. Controlling the router isn’t the same as controlling the Server., although it can help you move towards controlling the Server. Still a lot of hoops to jump through from network to server.
Every election is run on a local level, and this would mean that in enough swing states, one of two things was happening: either the election cybersecurity team in all the states affected was technically incompetent or they were somehow in on it and all kept their mouths shut. Both of those are highly unlikely when it comes to the frequency at which this happened all over the country.
While you generally have a good point about script execution via a UPS, once again, does that mean every single cybersecurity team in every state affected was foolish enough to be giving a UPS administrator script execution capabilities? Because just executing a script doesn’t mean the user executing the script has admin rights. Once again, either every team was inept or somehow the famously loose-lipped Trump team was sitting on a zero-day exploit to gain admin access and somehow kept it quiet.
I don’t consider snmp to be a big issue, unless someone set up “public” with write access.
The ups software running on the windows machine would be running as system and would be able to execute whatever it wanted. Usually it’s connecting to the ups through some method (IP, usb serial) to figure out what state it’s in, how much runtime is remaining, and if it needs to execute any stored scripts.
How do you get a compromised UPS to upload scripts to the windows machine? That I’m not too sure about. I don’t think I’ve seen an ups management system that has that capability.
I understand where you’re coming from with this angle, but you’re wrong. Very few people need to be involved to get this done. Also, just like with other conspiracy theories that are still publicly frowned upon but highly probably true: I wouldn’t count on internal US people to do the ground work either.
It is very likely the machines were fixed early to mid 2024. I agree that the UPS theory or starlink is ridiculous.
I’ve written more here if you want to understand the broader angle. https://lemmy.world/post/27126084
These two ladies are worth a listen too https://www.youtube.com/watch?v=nk1A-tLIaXY