Sign in

The Curious Case of Coos County - Air Gap Myth

Audit Oregon

3 min read
The Curious Case of Coos County - Air Gap Myth
Photo by Zach Lezniewicz / Unsplash

Just because a machine is not connected with a cord does not mean you can not connect to it.

The Premise

Time and time again the Coos County Clerk has stated emphatically that the Clear Ballot election machines are secure because they are "air gapped". She implies that if the computers, or router, in the internal network are not physically connected to the outside World by a network cable, or modem phone cord, it is secure.

Over three decades of professional, high-end, computer experience has shown us that this is certainly NOT the case. Most modern computers have numerous ways to connect including multiple wi-fi adapters and bluetooth. Most medium and professional grade computers have integrated remote access features that can be used even if the main computer is turned off.

Quick Test

Grab your cell phone. Do a Google search of "air gap". What results did you get? How did you get those results if your phone was "air gapped"?

Computers don't have cell modems, you might say. Our answer would be, are you absolutely sure?

Dell Computer Specifications

The Clear Ballot systems the County uses for the elections are run on Dell computers. Dell has a system called iDRAC, integrated Dell Remote Access. This allows Out of Band (OOB) management of the system.

From the Dell website...

In systems management, out-of-band management (OOB), or lights-out management (LOM), is a process for accessing and managing devices and infrastructure at remote locations through a management plane separate from that of the production network. OOB allows a system administrator to monitor and manage servers and other network-attached equipment by remote control regardless of whether the machine is powered on or whether an OS is installed or functional. It is contrasted to in-band management, which requires the managed systems to be powered on and available over their operating system's networking facilities.
OOB can use dedicated management interfaces, serial ports, or cellular 4G and 5G networks for connectivity.

When we ran hundreds of Dell computers in the past, in dozens of data centers Worldwide, we used this system. We had to because we did not always have direct physical access to the machines, especially if they were down. It was very useful for remotely fixing a system or updating software.

Washington County

Washington County, Oregon, recently had a lawsuit regarding election records as well, 22CV07782. They use the same Clear Ballot systems as Coos County.

In court, under oath, the Washington Clerk proudly stated that she was responsible for turning the modem on and off every day for their system. That does not mean it is done that way in Coos County, but it does raise questions.

Software Updates

The Clear Ballot system in use here has two Windows machines and one Ubuntu (Unix style operating system) machine. Each of those operating systems require regular security updates, usually daily. Windows has Windows Defender. Ubuntu has apt update which checks the online Ubuntu repository for security updates.

If these systems can not talk to the outside World how are they getting these updates? When asked they simply stated that "Clear Ballot takes care of it". How exactly was never revealed.

Election Updates

How do the election results get from the Clear Ballot systems to the systems they use to report the results? If not connected by the network then they are probably using USB thumb drives. This opens up another security issue, but since this is an "air gap" article we won't proceed further.

Conclusion

Just because a system does not have a cable connected to the outside World does not necessarily mean it is secure. Since we can not inspect the systems, and the log files we were allowed to see lacked proper data, we can not make a conclusion one way, or the other, about security.

It does make us curious. It should make you curious, too.

Sign up for more like this.

Enter your email
Subscribe