Dominion Democracy Suite 5.5 Deployed with Open SQL Server Port 1433 – Direct Database Modification Possible from Any Internet-Connected Device (PA)

[Established Fact – As to SQL port configuration and demonstrated vulnerability] Forensic analysis of Dominion’s Democracy Suite in multiple jurisdictions established that SQL Server port 1433 was configured to accept connections from any IP address worldwide. Port 1433 is the standard network port for Microsoft SQL Server – the database engine underlying the Democracy Suite. An open, world-accessible SQL Server port means that any actor with valid database credentials could directly connect to the election database from any internet-connected device and execute queries against it: inserting, modifying, or deleting records in the vote database without passing through any certified application interface and without generating any entry in the certified application-level audit trail. The Mesa County forensic team demonstrated this vulnerability empirically: using a non-Dominion workstation and an iPhone SQL client, they were able to directly modify election database records in a Mesa County Democracy Suite environment. Whether this architectural deficiency – present in the certified deployment configuration shipped to all Democracy Suite jurisdictions – was exploited in any Pennsylvania county is a forensic question that has not been answered, because the external IP transmission logs from the Fulton County forensic examination have not been fully disclosed.