>>21902963
2/4
Smith describing the file and the data fields included, including the BIOS Password column. Smith has the file with him.
Smith: File saved by Edward Morgan on the 25th of June.
These are complete BIOS passwords for systems used by both Dominion & ClearBallot. Smith stating his background testing critical infrastructure for DOD.
“Were you concerned?”
Objection! Lack of foundation.
Counsel approaches.
Objection sustained.
Fielder laying additional foundation now.
Objection sustained, Fielder is laying additional foundation now.
Objection leading! Overruled
Fielder moves to admit Smith as an expert. AG’s office requests voir dire. Judge allows it.
AG: “Have you ever testified as an expert on electromechanical voting systems in Colorado?”
Smith: “There aren’t electromechanical voting systems in Colorado.”
The gallery giggles.
Court is reprimanding the gallery after three audible laughs. One more time and the court will clear the gallery.
Voir dire complete, government objects to his acceptance as an expert, the court overrules the objection and Smith is admitted as an expert.
Smith now testifying to the impact of BIOS password breach and what it allows a user to do. Change passwords, change the boot sequence, override pwds, add or remove users, etc.
“Immense amount of attack vectors.”
Paraphrasing: “is physical access required?”
“It depends on the configuration of the system.”
Wireless devices present in at least 15 counties (every county smith has checked). We are told wireless is turned off in the BIOS. If you have the BIOS pwd, you can turn it back on.
Smith identified 664 components currently in use in 63 of 64 counties. Las Animas only county without BIOS passwords listed.
Note: The passwords were not all for devices still in use. Smith assessment is still underway.
Hillary Rudy and Ben Edelman from SecState have just arrived in the courtroom.
Fielder is questioning Smith about his declaration following an sustained objection for leading.
Foreign adversaries like China are scanning websites every day looking for changes.Smith has no doubt that such adversaries are aware of the changes to SecState website — as its US critical infrastructure.
Fielder moves to admit the XLS spreadsheet with the passwords, the affidavit, and the declaration.
The court declines to admit the spreadsheet, admits the affidavit and declaration.
Cross examination: You have no personal knowledge that the breach was exploited?
I do not.
No further questioned. Smith is excused.
Fielder calls Clay Parkih, being sworn in now.Parikh providing his expertise: certified ethical hacker, certified hacking forensic investigator, 9 years in the voting systems testing labs — testing electronic voting equipment.
Parikh has been admitted as an expert in Alabama, Pennsylvania, Arizona, etc.Fielder moves to admit Parikh as an expert. AG request voir dire.
State’s position appears to be that Parikh is not Colorado specific. Parikh reinforces that his work is specific to the Voting System Testing Labs.
Parikh: “I hacked into the Mesa County system and turned it into a virtual machine.”
*clarifies “image” not “system.”
Secretary objects to Parikh being admitted as an expert witness, calling him a generalist and not Colorado specific.
Court declines to admit Parikh as an expert stating he doesn’t have Colorado specific knowledge. Fielder attempting to lay additional foundation.
Fielder renews request to admit Parikh as an expert. State objects and wants to continue voir dire.
Secretary renews objection. Fielder response — BIOS passwords are not specific to Colorado. Impacts not specific to Colorado.
Court permits witness to testifybut not as an expert witness.
Parikh: The BIOS password is the first layer of security. It doesn’t matter if it’s is a voting system, a healthcare system, or a defense system.The BIOS password enables “literally a thousand things you can do — undetected.”
With a BIOS password, I could make it look like it was on/off.The BIOS cannot be trusted once the password is breached. You have no way of detecting via the logs if the BIOS was accessed. They cannot conclusively tell you there wasn’t a breach.
“Changing the password is irrelevant at this point.”
Counsel: “Were these partial passwords?”
Parikh: “They were full BIOS passwords.”
Does changing the passwords remedy the vulnerability in the BIOS?
Objection! Foundation!
Sustained, rephrase the question.
AG repeatedly objecting to Parikh testifying about sufficiency of password changes completed by SecState.
“Calls for expert testimony.”
Judge repeatedly sustaining objections.
Is there a risk of compromising the voting systems in Colorado?
Yes.(Weird no objection on that…)
No further questions. State declines to cross. Parikh is excused.
https://threadreaderapp.com/thread/1853530961071231455.html