Here is the affidavit by CyFIR’s Ben Cotton on an anonymous user remotely accessing the Antrim County EMS.
First, he points out IP addresses from Taiwan and Germany.
Each machine was connected to the internet by Verizon modems.
All of the administrators shared the same password except two who didn’t use a password.
The hard disk weren’t encrypted.
Microsoft SQL was set so an unauthorized user could manipulate the database.
The Antrim EMS last updated their Windows Defender Antivirus on 7/16/2016. LOL.
An anonymous user logged on 11/5/2020 at 5:55:56 PM and 11/17/2020 at 5:16:49 PM EST.
I’m blown away that hackers would be able to get past all the administrators using the exact same password, the administrators not using passwords, and get past the Windows Defender Antivirus updated in 2016 to access the “most secure election in history”❗
More to that documentation: