Ben Cotton - CyFir - Cyber Ninjas Hearing

His presentation at the Cyber Ninjas hearing in September 2021.
Low def video, you can see the slides at https://www.azsenaterepublicans.com/cyfir-report

-basic security failures: shared passwords and accounts, not updating antivirus or doing patch management
-59 open ports, unexpected high port listening activity by Windows processes
-unapproved dual boot setup/ second hard drive present with non-Maricopa County data. network connects to internet on boot up.
-Maricopa scrubs the internet history, but CyFir finds it elsewhere
-logs regularly overwritten and deleted intentionally

-85k files deleted from the end of early voting through Nov. 5
-entire General Election and hundreds of thousands of files deleted from EMS on Feb 1, the day before Maricopa starts their internal audit
(later we find out, they deleted the entire folder of databases on April 12 2001, 10 days before turning over gear to Cyber Ninjas)
-over a MILLION files deleted from Nov. 1 to March 16 (doesn't include April 12)