CISA's Emergency Directive 21-01 states that "SolarWinds Orion products … are currently being exploited by malicious actors. This tactic permits an attacker to gain access to network traffic management systems. Disconnecting affected devices … is the only known mitigation measure currently available."
The emergency directive issued by CISA Dec. 13 called on all federal agencies to review their networks for any indicators of compromise caused by "malicious actors" and disconnect or power down those using SolarWinds Orion as soon as possible. A CISA statement on the same day added: "All agencies operating SolarWinds products should provide a complete report to CISA by 12:00 p.m. Eastern Standard Time on Monday, Dec. 14."
CISA Acting Director Brandon Wales said: "The compromise of SolarWinds' Orion Network Management Products poses unacceptable risks to the security of federal networks. [The emergency directive] is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners – in the public and private sectors – to assess their exposure to this compromise and to secure their networks against any exploitation."
Voting machines supplied by Dominion used the SolarWinds Orion platform, which hackers managed to breach by means of a malicious code weaved in a software update. The malware was designed in such a way that the victim would not be alerted of any intrusion: Hackers even went to significant lengths to blend into normal network activity. The malicious code aimed to spy on the U.S. Department of the Treasury and Department of Commerce.
The SolarWinds Orion platform being compromised adds to the list of issues Dominion voting machines are facing. Initially, Dominion was flagged after a "glitch" in its system caused 6,000 votes for Republicans to be counted as Democrat ones in Michigan.
In addition, a number of cybersecurity specialists have pointed out security concerns regarding Dominion voting machines. Cybersecurity expert and Trump legal team witness Col. Phil Waldron said during a Nov. 30 hearing in Arizona that the voting machines are vulnerable to offsite and onsite manipulation. He pointed out that the machines could be connected to the internet and "be hacked to manipulate votes," posing a severe security risk. (Related: CONFIRMED: Dominion voting machines in Georgia were remotely controlled during election… foreign interference now a FACT.)
Another cybersecurity consultant testified in Georgia about laxly implemented server security measures during the state's August 2020 primaries. Poll observer Harri Hursti observed two county offices enabling "unsafe remote access" to the servers such as frequent use of flash drives, frequent access of the internet and use of outside unauthorized applications. Hursti remarked that such practices "drive a hole" through supposedly secure servers, adding: "Without these basic protections, malware can far more easily penetrate the server and the operative voting system software."
Aside from this, Hursti also noted that Dominion technical staff did not regularly update server logs in full and even "made deletions" in some sections. Secure and complete server logs play a key role in system security as they "provide the detailed activity trail necessary for the identification of security threats and server activity," the expert said.
A third expert who served as a former military intelligence analyst claimed in an affidavit that other countries managed to connect to Dominion's servers. Their affidavit supporting attorney Sidney Powell's Nov. 23 lawsuit showed that foreign entities has connections with Dominion network nodes. A network based in China's Hunan province, an IP address from Iran and users from the Serbian capital of Belgrade where Dominion has operations were among the outside entities that connected to the nodes. (Related: Analysts claim Dominion's server connected to Iran and China.)
VoteFraud.news gives you the latest on Dominion voting machines being compromised.
Sources include:
CourtListener.com [PDF]