{"id":30706,"date":"2020-12-16T13:11:31","date_gmt":"2020-12-16T18:11:31","guid":{"rendered":"http:\/\/www.conservativenewsdaily.net\/breaking-news\/?p=30706"},"modified":"2020-12-16T13:45:42","modified_gmt":"2020-12-16T18:45:42","slug":"dominion-used-a-version-of-the-solorwinds-orion-platform-which-provides-backdoor-access-into-their-voting-machines","status":"publish","type":"post","link":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/dominion-used-a-version-of-the-solorwinds-orion-platform-which-provides-backdoor-access-into-their-voting-machines\/","title":{"rendered":"Dominion Used a Version of the SolorWinds Orion Platform Which Provides Backdoor Access Into their Voting Machines"},"content":{"rendered":"<aside class=\"mashsb-container mashsb-main mashsb-stretched\"><div class=\"mashsb-box\"><div class=\"mashsb-count mash-medium\" style=\"&quot;\"><div class=\"counts mashsbcount\">34<\/div><span class=\"mashsb-sharetext\">SHARES<\/span><\/div><div class=\"mashsb-buttons\"><a class=\"mashicon-facebook mash-medium mash-nomargin mashsb-noshadow\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fwww.conservativenewsdaily.net%2Fbreaking-news%2Fdominion-used-a-version-of-the-solorwinds-orion-platform-which-provides-backdoor-access-into-their-voting-machines%2F\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Facebook<\/span><\/a><a class=\"mashicon-twitter mash-medium mash-nomargin mashsb-noshadow\" href=\"https:\/\/twitter.com\/intent\/tweet?text=&amp;url=https:\/\/www.conservativenewsdaily.net\/breaking-news\/?p=30706&amp;via=ConservNewsDly\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Twitter<\/span><\/a><a class=\"mashicon-subscribe mash-medium mash-nomargin mashsb-noshadow\" href=\"#\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Subscribe<\/span><\/a><div class=\"onoffswitch2 mash-medium mashsb-noshadow\" style=\"display:none\"><\/div><\/div>\n            <\/div>\n                <div style=\"clear:both\"><\/div><\/aside>\n            <!-- Share buttons by mashshare.net - Version: 4.0.47--><p>&nbsp;<\/p>\n<h3><strong>Were Dominion and SolarWinds aware of back door in the system which allowed for election fraud?<\/strong><\/h3>\n<p>Two days ago we reported that a CISA emergency directive called on all federal civilian agencies to review and power down or disconnect all SolorWinds Orion Products:<\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"OgrkB47LDM\"><p><a href=\"https:\/\/www.thegatewaypundit.com\/2020\/12\/breaking-big-cisa-emergency-directive-calls-federal-civilian-agencies-review-compromise-disconnect-power-solarwinds-orion-products-immediately\/\">BREAKING BIG: CISA Emergency Directive Calls on ALL Federal Civilian Agencies to Review Compromise and Disconnect or Power Down SolarWinds Orion Products Immediately<\/a><\/p><\/blockquote>\n<p><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;BREAKING BIG: CISA Emergency Directive Calls on ALL Federal Civilian Agencies to Review Compromise and Disconnect or Power Down SolarWinds Orion Products Immediately&#8221; &#8212; The Gateway Pundit\" src=\"https:\/\/www.thegatewaypundit.com\/2020\/12\/breaking-big-cisa-emergency-directive-calls-federal-civilian-agencies-review-compromise-disconnect-power-solarwinds-orion-products-immediately\/embed\/#?secret=pzR7EoKqy5#?secret=OgrkB47LDM\" data-secret=\"OgrkB47LDM\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<p>Per <a href=\"https:\/\/www.tenable.com\/blog\/solorigate-solarwinds-orion-platform-contained-a-backdoor-since-march-2020-sunburst\">experts on the Internet<\/a>, a certain version of SolarWinds contained a backdoor since March of 2020.<\/p>\n<blockquote><p>On December 13, several news outlets, including <a href=\"https:\/\/www.reuters.com\/article\/us-usa-cyber-amazon-com-exclsuive\/exclusive-u-s-treasury-breached-by-hackers-backed-by-foreign-government-sources-idUSKBN28N0PG\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Reuters<\/a>, <a href=\"https:\/\/www.washingtonpost.com\/national-security\/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm\/2020\/12\/13\/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">The Washington Post<\/a> and <a href=\"https:\/\/www.wsj.com\/articles\/agencies-hacked-in-foreign-cyber-espionage-campaign-11607897866\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">The Wall Street Journal<\/a>, reported that multiple U.S. government agencies were the victims of a significant breach reportedly linked to hackers associated with a <strong>nation-state<\/strong>. Additional reporting has since confirmed a direct connection between this breach and <a href=\"https:\/\/www.nytimes.com\/2020\/12\/08\/technology\/fireeye-hacked-russians.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">last week\u2019s breach<\/a> of cybersecurity firm FireEye.<\/p>\n<p>According to a <a href=\"https:\/\/twitter.com\/dnvolz\/status\/1338255684085964800\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">tweet<\/a> from Dustin Volz, reporter for The Wall Street Journal, the source of the breach was \u201ca flaw in IT firm SolarWinds.\u201d<\/p><\/blockquote>\n<p>The backdoor was available in March through June versions of SolarWinds:<\/p>\n<blockquote><p>The backdoor resides in a dynamic-link library (DLL) file name <strong>SolarWinds.Orion.Core.BusinessLayer.dll<\/strong>. The file was digitally signed by SolarWinds with a valid certificate on March 24, meaning it would be trusted by the underlying operating system and would not raise any alarms.<\/p>\n<p>The backdoored DLL file was seeded as part of SolarWinds software builds between March and June 2020, which are accessible via the SolarWinds website. Once an organization installed the malicious software update, the backdoored DLL file would remain in hibernation for a period of two weeks before beginning its operation. This is one of the stealthy elements of this operation. FireEye says in its blog post that the backdoor also managed to \u201cblend in with legitimate SolarWinds activity\u201d in order to evade detection.<\/p><\/blockquote>\n<p>SolarWinds filed a report with the SEC where they mention that 18,000 customers had the backdoor problem:<\/p>\n<blockquote><p>On December 14, SolarWinds <a href=\"https:\/\/d18rn0p25nwr6d.cloudfront.net\/CIK-0001739942\/57108215-4458-4dd8-a5bf-55bd5e34d451.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">filed a Form 8-K<\/a> with the U.S. Securities and Exchange Commission that sheds light on the potential impact from this incident. In the 8-K, SolarWinds says it believes the number of customers with an active installation of Orion products containing this backdoor is \u201c<strong>fewer than 18,000<\/strong>.\u201d<\/p><\/blockquote>\n<p>A highly sophisticated adversary (China?) planted malicious codes on SolarWinds software:<\/p>\n<blockquote><p>According to the Microsoft TAR and the FireEye blog post, a \u201c<strong>highly sophisticated\u201d adversary<\/strong> managed to breach the supply chain of SolarWinds, a company that develops IT infrastructure management software, resulting in the placement of malicious code inside of the company\u2019s Orion Platform software builds.<\/p><\/blockquote>\n<p>There is no mention of SolarWinds in the Antrim County Michigan forensic audit report, so we don\u2019t know which version of SolarWinds was used by Dominion in Antrim County:<\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"YYUecXRKqU\"><p><a href=\"https:\/\/www.thegatewaypundit.com\/2020\/12\/antrim-county-michigan-forensics-audit-results-dominion-voting-machines-released\/\">First Look: Antrim County Michigan Forensics Audit Results of Dominion Voting Machines Released<\/a><\/p><\/blockquote>\n<p><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;First Look: Antrim County Michigan Forensics Audit Results of Dominion Voting Machines Released&#8221; &#8212; The Gateway Pundit\" src=\"https:\/\/www.thegatewaypundit.com\/2020\/12\/antrim-county-michigan-forensics-audit-results-dominion-voting-machines-released\/embed\/#?secret=75TR5vgAYy#?secret=YYUecXRKqU\" data-secret=\"YYUecXRKqU\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<p>Two <a href=\"https:\/\/www.thegatewaypundit.com\/2020\/12\/dominion-voting-machines-trying-hide-relationship-solar-winds\/\">IT professionals have reached out<\/a> to us to share the following about SolarWinds and their Dominion connection:<\/p>\n<p>One reader shared with us some thoughts about SolarWinds technology:<\/p>\n<blockquote><p>I work in IT and I am now left wondering if Solar Winds was used as a <strong>backdoor \u201cjump host\u201d to get into Dominion<\/strong> machines. If the machines each had a unique hostname and they were being connected to a central network it is a rational way to explain it. A \u201cjumphost\u201d is a server (which is very bad security practice, by the way) that contains all the hosts on a network with their hostnames and ip addresses so you can just \u201cjump\u201d to them or remote to them. If they did indeed put a backdoor in Solar Winds and connected these to a network, this is how they would do it: Solar Winds might be hacked to be a jumphost. I cannot say this is true for sure, but it is worth digging into. A \u201cjumphost\u201d is bad because it puts all your hosts and devices into one basket and if a hacker gets in there, you can only imagine what a nightmare they can create.<\/p><\/blockquote>\n<p>Another IT professional shared this:<\/p>\n<blockquote><p>I am also an IT professional that uses SolarWinds. We use SolarWinds to manage network equipment, servers, etc. SolarWinds is a very powerful tool. SolarWinds has a scripting tool capable of automated task scheduling for configuration management. So say you had 1000 or more voting machines spread across the country. You could build scripts to download data from or upload data to rapidly in seconds. SolarWinds services and accounts are granted elevated permissions on equipment to perform these tasks. Hackers could take over a company\u2019s SolarWinds management server to use as a \u201czombie\u201d and orchestrate attacks on voting machines from all over making it difficult to track.<\/p><\/blockquote>\n<p>If the versions of SolarWinds were not timely updated, this problem with SolarWinds would be in place through the election and would therefore allow for election fraud using the Dominion voting machines.<\/p>\n<h3><strong>So the question that should be asked is whether SolarWinds and Dominion knew of the breach and were working with the foreign adversary to ensure the backdoor remained open in the 2020 election so they could steal the election for Joe Biden?<\/strong><\/h3>\n<p>The post <a href=\"https:\/\/www.thegatewaypundit.com\/2020\/12\/dominion-used-version-solorwinds-orion-platform-provides-backdoor-access-voting-machines\/\" rel=\"nofollow\">Dominion Used a Version of the SolorWinds Orion Platform Which Provides Backdoor Access Into their Voting Machines<\/a> appeared first on <a href=\"https:\/\/www.thegatewaypundit.com\" rel=\"nofollow\">The Gateway Pundit<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Were Dominion and SolarWinds aware of back door in the system which allowed for election fraud? Two days ago we reported that a CISA emergency directive called on all &#8230;<\/p>\n","protected":false},"author":1,"featured_media":2273604,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mo_disable_npp":"","fifu_image_url":"","fifu_image_alt":"","footnotes":""},"categories":[],"tags":[],"class_list":["post-30706","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/posts\/30706","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/comments?post=30706"}],"version-history":[{"count":0,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/posts\/30706\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/media\/2273604"}],"wp:attachment":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/media?parent=30706"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/categories?post=30706"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/tags?post=30706"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}