Tuesday, November 17, 2020

November 7, 2014: Scytl has all the tools it needs for election fraud

 

From the Columbia Free Press:

Free Press readers may be familiar with Scytl, the promoter of online and mobile voting, and their apparent connections to the intelligence community. Renewed research into Scytl has revealed new connections to the intelligence community, new market positioning, and new opportunities for both personalized surveillance and electronic election fraud.

Scytl's 2012 entry into the American election market occurred through the purchase of SOE software, a Tampa based manufacturer of election management and reporting software known as the Clarity suite. Scytl initially maintained essentially a front address in Virginia while digesting SOE during the the 2012 election cycle. Since then there has been a pattern of SOE rebranding and reorganizing itself along with a merger and new set of strategic partnerships.

Through looking at Scytl's ownership and investors, we can see a more frightening pattern of investment and market synergy. In 2012 the Free Press broke the news of the connection between one Scytl's parent companies, Nauta Capital, and Carrier IQ, a maker of mobile phone applications with obvious spyware uses. Nauta's expansion into this market sector along with an expansion into mobile devices, voice bio-metrics, social network monitoring, online gaming, and cloud computing should raise an eyebrow.

SOE is no longer SOE. SOE is now calling itself “SOE, A Scytl Company.” There are no other Scytl companies in the US that have been identified at the time of this writing. It would appear from this rebranding that there is the intention of there being more “Scytl Companies” in the future. This rebranding may be PR deflection of Scytl's overseas origin and ownership, or it may have a dual purpose.

Representatives of the Ohio Green Party traveled to Tampa in order to meet with SOE and purchase custom software for tracking voter registrations and other election management tasks. SOE's name is not on the office building's marquee or directory and garnering face time with company officials proved difficult. During the eventual interview the SOE spokesperson said that the company only does “custom work for governments” and referred the party to “Scytl” for “specialized election work.”

SOE saw a period of management chaos after being purchased by Scytl. Reviews online of working there tell vague tales of revolving doors in some of the top offices combines with rapidly shifting project priorities. This chaotic pattern seems to have changed and there is now a clear management team in place. This management team has a number of principals that stand out.

Starting the list is Pere Valles, who came directly from Scytl. He is now CEO. He is Scytl's man running SOE. He is also on the board of Scytl by virtue of representing the interest of a key investor in Scytl, Balderton Capital. Balderton is a British not entirely spun-off spin-off of Benchmark Capital that has a history of investment in tech companies of interest to the intelligence community. For instance, Benchmark has invested in Nextdoor.com, which Vulcan Capital (Paul Allen's venture capital firm) also invested in. Vulcan Capital is also invested in Scytl. The Free Press has done previous reporting on Nextdoor as a nexus of investment for intelligence community related venture capital firms.

Valles was previously with three other companies. Prior to Balderton, he was Vice President and CFO of Globalnet, a telecom provider. He appears to have been brought in to effect the sale of that company to Titan L-3, a major defense and intelligence contractor. The sale of Globalnet, two years in the making, was finalized just as the Abu-Gharrib scandal broke in 2004. One of Titan's employees was a translator at the prison and was exposed in subsequent reports to have raped at least one juvenile prisoner. He was not fired.

Prior to Globalnet, Valles worked for the accounting firm KPMG and prior to that he was a principal at Diamond Cluster consulting, along with all of the founders of Nauta Capital.

Scytl's Vice President of Communications is Michelle Shafer, who is the quintessential voting machine industry shill. She has previously served in a similar capacity with Sequoia Voting Systems, Hart Intercivic and Calibre Systems. The last of the list is a defense industry firm that made a brief attempt to enter the election industry through the delivery of absentee ballots to armed forces personnel abroad.

Another SOE Vice President is Brian O'Connor. O'Connor came to SOE recently from Crossmatch Technologies. Crossmatch is a provider of biometric technologies to the defense department and department of homeland security. Four current executives at Crossmatch came from another biometric technology company, L-1 Identity Solutions. L-1 was founded by Robert LaPenta. LaPenta is also one of the founders of and still a major stockholder in L-3 Communications, the parent company of Titan L-3 communications.

Prior to working at Crossmatch, O'Connor worked for Sequoia Voting Systems and Global Elections Systems just prior to the latter's acquisition by Diebold. Diebold later spun Global Election Systems off as Premier Elections Systems. The later was then purchased by Election Systems and Software (ES & S). Federal anti-trust regulations forced ES & S to spin Premier off again. It was then purchased by Canada-based Dominion Voting Systems. A month later Dominion also purchased Sequoia.

SOE has expanded its market share through at least one merger. In 2013 SOE acquired Oklahoma based Maxim Consulting. Maxim has offices in Oklahoma City and Dallas and was an IT firm specializing in Oracle database management and integration. Their entry into the elections industry was voter registration management software. Their largest contract was with the Cherokee Nation. They executed this contract in partnership with Texas-based voting machine manufacturer Hart InterCivic.

The merger gives SOE a complete set of products from Registration, through ballot production and election management, to vote counting and tabulation and election night reporting. Although the relationship between Hart and SOE is not clear post merger, Michelle Shafer's former tenure there as well as her continued residence in Austin where Hart is based bodes well for the continuation of their relationship.

Scytl also has a strategic partnership with ES & S. Thus through only two executives and a strategic partnership, Scytl's management team has a relationship or an inner working knowledge of every major voting systems manufacturer active in the American market.

The Free Press's research into Scytl began with noting the ownership of Scytl by Nauta and Nauta's ownership of Carrier IQ, a cell phone spyware manufacturer. Carrier IQ is not the only mobile phone applications company that Nauta has invested in.

One of Nauta's a principals, Dominic Endicott, previously worked for Booz Allen Hamilton. Booz Allen is a major defense and intelligence contractor. They employed Edward Snowden and subcontracted him out to the NSA, for instance. Endicott's tenure at Booz Allen was in their mobile and wireless practice, interfacing with almost every major cellular manufacturer and service provider.

In addition to being Nauta's man on Carrier IQ board, Endicott is also Nauta's man on the board of Mobile Aware, another maker of cell phone applications. Mobile Aware's practice centers around customer care applications. These applications help a customer diagnose problems, contact technical support, pay their bills online, even give other subscribers minutes. The surveillance potential as well as the intrusion and spyware potential of such a set of applications is unparalleled in commercial products.

Nauta is also invested in GreatCall, which operates as Jitterbug. Jitterbug is a cell phone manufacturer specializing in making cell phones for Senior Citizens. The products feature louder speakers and larger buttons as well as improved customer diagnostics.

Scytl's technology is designed to allow a user to vote using a phone. Scytl's sister companies record the keystrokes made on the phone, provide customer care including billing and provide better access for seniors. These technologies together allow a persons’ cellular usage habits as well their metadata to be kept, and thus build a predictive user profile.

People talk on the phone. A person's voice is unique. A person's voice can be recorded. One of Nauta's investments also can use a person's unique voice as identification. Nauta is invested in a voice recognition software company called AGNITiO. AGNITiO, like Scytl was founded by a former professor in Spain. Nauta has two of its principals on AGNITiO's board, Carles Ferrer and Al Sisto. Carles Ferrer is also on the board of Scytl. His previous places of employment include TRW, now owned by defense contractor Northrup Grumman. Al Sistos was formerly chief operating officer of RSA Data Security, a major encryption software manufacturer. Another Nauta's guy on AGNITiO's board is Francis C. Harvey. Harvey served as secretary of the Army from 2004 to 2007 at the height of the Iraq War and during the Abu-Gharrib scandal. According to his biography Harvey also served on the board of three companies owned by the Bush family friendly Carlyle Group and held a vice-chairmen position at two of them. The Carlyle group had an ownership interest in Booz Allen Hamilton, where Nauta principal Dominic Endicott formerly worked.

In addition to voice and mobile data, Nauta is invested in social media gaming. They are an investor in Social Point Gaming, the third largest maker of games for facebook. These games and interaction give a gaming administrator deep insight into the habits and personalities of the players through monitoring their interactions and the associated chats. An earlier key investor in Social Point, Greylock Capital Partners, has strong ties to the intelligence community. Greylock's chairman, Howard Cox, also sits on the board of In-Q-Tel. In-Q-Tel is a non-profit venture capital firm run by the CIA. Greylock also invested in Nextdoor.com along with Benchmark Capital, the American sister firm of Scytl investor Balderton. Scytl investor Vulcan Capital is also invested in Nextdoor, which is a neighborhood based social networking platform.

Although Greylock is not invested in Scytl they do seem to have some interest in elections. During the most recent general election, a Greylock partner, Reid Hoffman, invested $500,000 in a State Assembly candidate David Chiu in San Francisco. This figure represents nearly $3 per voter in the district. The previous office holder in that district, Tom Ammiano, spent a little more than half as much in his entire previous campaign. Ammiano is not eligible to run again because of term limits.

Given all the data that Social Point, Carrier IQ, Nextdoor, Mobile Aware, AGNITO and Jitterbug could generate, a surveillance regime would need analysis tools. Fortuitously, Nauta is invested in BrandWatch. BrandWatch allows companies to follow their brand through multiple social media platforms to see what the public thinks about their products, what advertising and concepts resonate with the public, and who the opinion leaders are. The British television network SkyAtlantic uses Brandwatch to fine tune its marketing of Game of Thrones. Balderton Capital joined Nauta investing in Brandwatch and has a seat on its board.

Nauta is also invested in iJento, another marketing data analysis company that specializes in web analytics. Their web claims they provide “Multi-Channel Customer Intelligence.” Nauta is represented on their board by both Carles Ferrer and Al Sistos.

Scytl and Brandwatch are not the only places that Balderton and Nauta cross paths. In order to store and process the data generated by the sundry tools products and services offered by Scytl's many sister companies, an organization would be almost forced to seek a solution through cloud computing. Nauta and Balderton together have made a strategic investment that would handle such a contingency. That investment is in the Spanish cloud computing company Abiquo, where Nauta is again represented by both Carles Ferrer and Al Sistos.

The complete package of Social Point, Carrier IQ, Nextdoor, Mobile Aware, AGNITO and Jitterbug, iJento, Brandwatch, and Abiquo would give a malicious actor all they need to rig an election that used Scytl and SOE's software packages. CarrierIQ and Mobile Aware provide backdoors through Scytl's security. The rest can be used to build a set of predictive profile voters which can be used in deciding which votes to change.

Ballot tampering is a part of election rigging. Voter suppression is another critical component. SOE has an app for that.

SOE's flagship product before its acquisition by Scytl was the Clarity ePollbook. The Clarity Pollbook is an electronic pollbook built on the Android tablet platform. Its nearest competitor, one built by ES & S, is also running on an Android tablet. The security vulnerabilities in the ES & S product were documented by the Free Press in a previous article. For brevity, these tablets can be attacked via SD card, USB thumb drive, bluetooth, cellular network, backup subversion, internet and the cloud they perform additional backups too.

Both companies would likely defend their product by claiming that the secure socket layer (SSL) encryption would protect them from eavesdropping and thus a man in the middle attack. It is not known what version of Android ES & S is using, but many of SOE's Clarity devices are using Android 4.1.

Android 4.1 is vulnerable to a well publicized weakness in its SSL suite called HeartBleed. Although the Heartbleed attack was fixed on the server side, potentially millions of clients are still vulnerable without vigilant updates. Some 61% of all Android devices made run Android 4.1. A Forbes columnist said of the weakness "Some might argue that [Heartbleed] is the worst vulnerability found (at least in terms of its potential impact) since commercial traffic began to flow on the Internet." The USA Today reported that the NSA was aware of this weakness some two years before it was discovered by civilian researchers. It is not known how many Clarity devices remain unpatched and in circulation at various county boards of election around the nation.

Subverting the pollbooks would allow a malicious attacker to tamper with a voter registration to deny a vote. An attacker could also mark a voter as having turned in an absentee ballot and thus already voted, thus denying them a chance to actually vote at the polls.

Combining this voter suppression potential with the overlapping predictive capabilities of Nauta's other investments and you have the potential for a complete package of surveillance, suppression and fraud.

No comments: