Leaked voting machine BIOS passwords may implicate Q-friendly county clerk

Ron Watkins, conspiracy theorist and QAnon enthusiast released photocopies last week of a Dominion voting machine installation manual. These pages contained basic instructions to configure BIOS passwords (required to modify some system settings) as well as iDRAC (a standard network remote control tool that the manual requires the administrator disable).Watkins posted a video claiming to be from a whistleblower, which exposed Dominion’s "most egregious lie" that Dominion could remotely manage the machines. Watkins also shared several screenshots of Election Management Systems hardware that his "whistleblower” had access to.While none of Watkins screenshots, which will be instantly familiar to anyone who has ever administered enterprise-grade hardware, are as damaging to the voting machines, they did cause problems for Tina Peters, Mesa County's county clerk, Colorado.BIOS, iDRAC, and NICs - Oh my!Ron WatkinsRon WatkinsWatkins claims that Dominion's Election Management Systems are connected to the Internet, and can be controlled remotely by Dominion. His blurry video and blurry screenshots and photocopied manual pages try to portray voting machines that are connected to the Internet, but can be remotely managed by Dominion.This narrative is flawed because it only shows a generic set server hardware with instructions to block the Internet and disable remote management. Watkins' video combines footage of John Poulos, Dominion CEO, telling US senators that these machines weren't intended for Internet connectivity with footage from the BIOS interface of EMS servers. BIOS shots also include configuration options for iDRAC (a Dell-specific technology that allows remote control of server hardware).AdvertisementCuriously, Watkins also addressesPoulos' assertion that Dominion doesn't have the passwords required to access these technologies. In his "whistleblower video", a Dominion employee stated that "[We don’t have access] to the BIOS passwords...the state is keeping them." He ignores the instructions in the installation manual to disable iDRAC completely.Watkins seems determined to convince less technical-savvy viewers that Dominion designed these machines to remotely manage at all times. This narrative is contradicted both by Dominion’s own installation procedures, and the fact the state manages BIOS Passwords (which anyone with physical access could use to enable iDRAC).It is possible to argue that voting machines should not be built using generic server hardware that includes functionality such as iDRAC. However, that case seems to be less convincing than the one Watkins wants.A small slip-up could be enough to expose the whistleblower.Watkins cluttered his Telegram with photos of EMS server screen screens, including one of a bootable Acronis Partition Manager showing the device's drive layout. The caption he used was: "Individual frame need to be redacted very carefully." A small error could expose the whistleblower. (This screenshot redacts volume name for a portable SSD that is connected to an EMS machine.Watkins appears to be more interested in practice than advice. Another photo, with the caption "our whistleblower risks his life /his livelihood /his everything," shows a spreadsheet with BIOS passwords that covers a small number of computers including EMS servers and client systems.Watkins may have intended the spreadsheet photo as a scare tactic to get his audience to believe that anyone could access the EMS system or that Dominion could. Watkins' main goal was actually the photo. He exposed passwords that are managed at the state level. When Colorado discovered the photo, it determined that the passwords belonged to Mesa County systems.AdvertisementThe chat is now open to the secretary of state for ColoradoColorado Secretary of State Jena Griswold issued an executive order in response to the leakage of BIOS passwords. As reported by the Grand Junction Daily Sentinel, it required the Mesa County Clerk and Recorder to provide surveillance footage and documents showing how and who the BIOS passwords were accessed.This is a real order. The BIOS passwords are protected under policy. They should be only available to those state and county workers who have been background checked. Mesa County Clerk Tina Peters cannot demonstrate proper chain of custody to explain how the leaked information was kept. This could lead to the decertifying of the county's electoral systems.Pro-Trump and anti-Biden.While there is no evidence to directly link Peters to the leak, it's tempting to suspect her. During the 2021 Capitol Insurrection Peters attacked Twitter with a series deleted tweets alleging that the 2020 presidential election was fraudulent. She also claimed that she, as an administrator of county elections, had inside information about how to fake an election.Peters also tweeted a baseless statement that the "vaccines are troubling in their mechanics in RNA" A better world would not allow COVID vaccine fearmongering to be connected to election-machine safety. But in this world it puts Peters even further into Watkins' circle of intertwined conspiracy theory theories.The Colorado Springs Gazette's Pat Poblete reports that Peters has not responded to Secretary of State Griswold’s order to turn equipment, surveillance footage and documents over to him. Peters instead flew to South Dakota where she spoke at a "Cyber Symposium" hosted in her honor by Mike Lindell, MyPillow CEO and a conspiracy theorist.Peters was not present so Griswold obtained a warrant for a search and sent a team to Mesa County Clerk's Office. Peters, who was speaking at Lindell's symposium said that Griswold had "invade[d]] my elections department today," and complained that "we don’t know what they were doing inside there." Her chief deputy clerk wasn't allowed to watch the search. Griswold herself stated in a press release that her inspection team was "accompanied at every time by officials from Mesa County."Peters claimed that she was not involved in the security breach and made no mention of her personal involvement. She also hinted that she will release additional information about Mesa County's voting systems at Lindell’s symposium on Thursday.