Albert Sensors: Front Door to Sensitive Election Data?

By Patrick Colbeck

A recent article by Jim Hoft of The Gateway Pundit jogged my memory about an obscure cybersecurity device called an Albert Sensor.

Back in October 2021, I was approached with information on Albert Sensors and their possible role in subverting the integrity of our elections. I was a bit overwhelmed by the election fraud evidence flooding into me to pursue in any depth at the time. I have finally been able to perform some of the investigation into this topic that I wish I would have had time to pursue back in 2021.

Here’s what I found.

Albert Sensors

Albert sensors are cybersecurity products offered by a non-profit 501c3 organization known as the Center for Internet Security (CIS). The name “Albert Sensor” appears to be an homage to the late Albert Einstein. I find it interesting that an organization called the Center for Internet Security is being used by nearly ALL counties in America to secure election equipment considering election officials and traditional media outlets swear that this equipment is “not connected to the internet”.

These sensors consist of a Dell server running Oracle/Unbreakable Linux operation system. The server contains additional unspecified software used by CIS to manage the security services provided. Albert Sensors have been deployed in all 50 states to State, Local, Tribal and Territorial (SLTT) units of government.

Albert sensors enable CIS to perform the following functions:

• Netflow Data Monitoring
• Network Intrusion Detection
• Deep Packet Inspection (DPI)

Albert Sensors act as the gatekeepers controlling all data traffic into and out of successive layers in a given network environment.

CIS deploys Albert to SLTT government entities across America. Each of these entities have their own internal network connected to the internet. This internal network often features Election Management System (EMS) servers used to aggregate election data from other sources. These EMS servers tabulate election data from across precinct or absentee voter counting board electronic voting system tabulators. CIS shares all incoming and outgoing data with their own election operations center referred to as the EI-ISAC. Amazon Web Services are leveraged to provide load-balancing and query-related services to facilitate EI-ISAC operations.

Netflow Data Monitoring

Albert Sensors monitor the same sort of data one would expect to see in a generic “Splunk Log“. CIS refers to its record for network traffic as a NetFlow record. This record is at the heart of Albert Sensor monitoring operations.

In his Absolute documentary series regarding the 2020 election and at his 2021 Cyber Symposium in South Dakota, Mike Lindell shared data similar to the Albert Sensor “Net Flow Data Records”.

It would be interesting to see if there is any correlation between the data shared by Mike Lindell and the data passing through Albert Sensors all over the United States. CIS carefully guards access to Albert Sensor data.

You may recall the controversy regarding access to the routers used in Maricopa County, AZ during the 2020 election. County officials fought tooth and nail to prevent the release of these routers and their associated NetFlow Data. A compromise was finally reached which enabled some measure of access to this information. My analysis of this compromise and the results of the subsequent analysis can be found in my Maricopa County Word Games? post.

Network Intrusion Detection

Another CIS capability tied to Albert Sensors pertains to Network Intrusion Detection. This capability is based upon the Suricata open source network analysis and threat detection software. The Suricata platform offers intrusion alerts, protocol transactions network flow diagrams, Packet Capture (PCAP) recordings, and extracted files.

The capabilities provided by the Suricata platform seem to go well beyond Network Intrusion Detection.

Deep Packet Inspection

CIS likes to focus public discussions of its service offerings upon the ability of Albert Sensors to capture Netflow Data and the use of open source Suricata software to detect network intrusions. What it rarely discusses outside of technical forums is its capability to perform Deep Packet Inspection (DPI). These “packets” are the real treasure for cybersecurity professionals and hackers alike. Netflow Data simply provides the treasure map.

Albert sensors deployed to SLTT and election organizations collected Netflow Data and much more from across the country. CIS uses Netflow Data to enable efficient targeting of “packets” of interest. The Suricata platform enables the recording of these “packets” of interest for later analysis. These recordings are sometimes referred to as PCAP’s. DPI refers to the CIS ability to “inspect” PCAPs ostensibly to detect the introduction of malware into a given network.

In context of elections, the packets of interest would be voter registration data and election results. During Mike Lindell’s Absolute series, packet information corresponding to vote flips was shared with the general public. Once again, it would be interesting to explore the packet information obtained by CIS to see if there is any correlation with the data shared by Mike Lindell.

Einstein

The CIS Albert Sensors work in concert with another system called “Einstein”. Einstein is a cybersecurity system that has been developed and administered by the Federal CISA.

The Cybersecurity and Infrastructure Security Agency (CISA) has the mission to provide a common baseline of security across the Federal Civilian Executive Branch (FCEB) and to help agencies manage their cyber risk. This common baseline is provided in part through the EINSTEIN system. EINSTEIN serves two key roles in FCEB cybersecurity. First, EINSTEIN detects and blocks cyberattacks from compromising federal agencies. Second, EINSTEIN provides CISA with the situational awareness to use threat information detected in one agency to protect the rest of the government and to help the private sector protect itself.

CISA.gov/Einstein

While Albert Sensors are focused upon State, Local, Tribal and Territorial units of government, Einstein is focused upon security units within the federal government. CISA and CIS often work jointly on cybersecurity efforts effectively combining “Albert” with “Einstein” as a demonstration of their operational synergy.

Center for Internet Security (CIS)

Let’s go beyond a discussion of the technology and into a discussion of the people behind the technology. Exactly who is the Center for Internet Security (CIS)?

Who Works for CIS?

According to the latest publicly available Form 990 for CIS, they have 308 employees and 184 volunteers plus an unknown number of subcontractors.

CIS features a management team that has significant experience working for the federal government.

Please note that in addition to employees, CIS employs a robust suite of contractors likely privy to most if not all of the information available to employees.

How Does CIS Make Money?

One of the best ways to understand what drives the operations of any organization is to follow the money. An examination of CIS revenue sources per their Form 990 reveals that their primary source of revenue is the federal government. This revenue comes in the form of grants and various program services.

Federal Grant

The U.S. Department of Homeland Security provides annual grants to CIS in support of CISA’s MS-ISAC program.

These funds enable the federal government to offer CIS products and services for free to county governments. With a 98% adoption rate, “free” cybersecurity products and services appear to be a difficult deal for most election officials to refuse.

Here’s a sample of a CIS County Memorandum of Agreement (MOA).

This agreement or something similar to it is reported to cover 98% of the election infrastructure across America. So, while electronic voting systems used to manage elections may vary widely from county to county, there is a significant degree of homogeneity when it comes to who controls the data going into and out of these electronic voting systems. The significance of this unprecedented level of data access regarding our elections cannot be overstated.

Just to be clear, access to “any communications or data transiting” means that anyone employed by CIS including their many subcontractors and even partners would likely have access to our election data. This “data” includes user accounts, privileges, and credentials – everything one would need to go beyond “listening” to data flowing over the network and actually manipulate such data in transit.

Under the Biden Administration, this MOA has been picking up steam. On May 2021, Biden signed an Executive Order to expand the scope of the MOA’s to address more detailed “object level” data (i.e. packet information).

However, Biden signed a cybersecurity Executive Order in May 2021 that required anyone in the CDM program to sign an new agreement (MOA). This mandates they now provide the more detailed “object level” data to CISA. This is supposedly for better “assessment and threat-hunting” purposes. ALBERT customers automatically become members of MS-ISAC. This Multi-State sharing program distributes cybersecurity information amongst its 13,000 members. It’s like your PC anti-virus software which reports any cyber issue, experienced by any user, to one central command.

Source: The Gateway Pundit https://www.thegatewaypundit.com/2022/12/alberts-systems/

The previous MOA was between SLTT entities and CIS. The new MOA extends the terms of the agreement to include the federal government directly via CISA. Under the new MOA, the federal government is now effectively the middleman for all election data across all 50 states.

Program Services

In addition to federal grants related to the deployment of Albert Sensors to SLTT entities, Program Services provide a major source of revenue for CIS. These program services are broken down into the following categories in their Form 990:

• Security Best Practices
• Partner Paid
• Product Sales
• Democracy Fund
• C. Cyber Security Network (2-1-1)

Let’s take a closer look at these services.

Security Best Practices

A significant source of revenue pertains to training services for security best practices.

Partner Paid

In addition to providing “free” services to counties as part of the MS-ISAC program, CIS also offers cybersecurity benchmarking services to state, local, territorial and tribal (SLTT) government entities.

Product Sales

CIS also generates revenue by marketing their brand and various resources.

Democracy Fund

One of the significant sources of revenue cited by CIS in their Form 990 filing is an organization referred to as the Democracy Fund. Interestingly, Democracy Fund was also identified as one of CIS’s largest expenses under “Program Service Accomplishments.

It appears that Democracy Fund served as the cybersecurity advocacy wing of CIS with their target being election officials but it is difficult to discern their exact role.

C. Cyber Security Network (2-1-1)

I was unable to chase down any useful information pertaining to this CIS revenue source.

Risks

The CIS Albert Sensors have been deployed to cover 98% of America’s election infrastructure. That is a significant market footprint. This market footprint corresponds to a single point of failure for what has been designated a Critical Infrastructure Component for America – our elections. Any bad actor intent upon undermining the integrity of our elections would likely focus on this single access point.

Should we be concerned about this risk? Let’s see.

Lack of Transparency

Lack of transparency provides fertile ground for the corruption of any organization. That’s why transparency in the conduct of our elections is so important. The increasing using of electronic systems to manage the conduct of our elections makes transparency more and more difficult. Election observers can readily monitor paper transactions. However, election observers are often denied access to election systems which conduct electronic transactions. How then would the general public know if our election results had been subverted via manipulation of electronic election records?

To perform this oversight, citizens rely predominantly upon Freedom of Information Act (FOIA) requests. Unfortunately, there seems to be a pattern of “outsourcing” key government election functions to privately managed, non-government organizations (NGO’s) which are not subject to FOIA requests.

• CIS provides cybersecurity.
• ERIC manages voter registration data.
• Electronic voting system vendors tabulate our votes.

The upside to our government using outside organizations is that they are often able to secure the services of the best and brightest minds in a given field of expertise. There are significant downsides however. NGO’s such as CIS are not subject to FOIA requests. Furthermore, these private organizations are very tight-lipped in the data they share with their customers. After all, if this data was shared with public officials, this information would be subject to disclosure via FOIA requests. In this light, the use of private organizations would certainly be beneficial to anyone attempting to prevent the public from accessing key information related to election integrity.

CIS

As “gatekeepers” to our election system, CIS sits smack dab in the middle of all data flow pertaining to our election system. This is a powerful role. We know that CIS data is unavailable to the public at large because they are a private organization not subject to FOIA requests. Did you know that the data collected by CIS when monitoring the cyber traffic for their customers cannot even be viewed by their own customers? In the words of Nancy Churchill in the following article, “The Albert sensor is a true “black box system” – a node on the county network that the county cannot control and cannot monitor.”

Inside this “black box”, CIS operatives have the ability to capture, analyze and potentially modify packet information obtained via Albert Sensors. All this can be performed without any oversight by their customers or the general public.

Election Registration Information Center (ERIC)

Another important NGO pertaining to elections is known as the Election Registration Information Center or ERIC. ERIC is a non-profit 501(c)(3) membership organization consisting of state election officials working together ostensibly to improve the accuracy of state voter registration lists and educate eligible citizens on how to register to vote.

ERIC controls the information captured within state voter registration databases. These databases not only include lists of eligible voters for a given election, they also contain their voting history plus a significant amount of sensitive PII.

CIS has made reference to having customers in election integrity organizations in addition to their SLTT customers. ERIC is likely one of those customers, but this has not yet been confirmed. Because ERIC is a private organization, it also is not subject to FOIA requests. The general public has no idea how ERIC and its partners manipulate the contents of state voter registration databases. If these databases contain records that enable ineligible voters to vote, our election system is exposed to a significant avenue for election fraud.

Electronic Voting Systems

The last example of private organizations running our elections without any substantive transparency pertain to electronic voting system vendors like Dominion, ES&S or Hart Intercivic. Electronic voting systems are responsible for tabulating the votes cast on ballots across America. Due to illusory provisions in their contracts with our government, citizens and even most government officials are not allowed to examine how they tabulate the votes or even examine their audit trail.

Because they are a private organization, they are not subject to FOIA requests.

The general public cannot see how our votes are tabulated, but private Voting System Test Laboratory (VSTL) vendors such as Pro V&V or SLI can. To make matters worse, the responsibility for monitoring VSTL vendors features a former voting system vendor executive. This all makes for a very opaque, close knit community responsible for the oversight of our elections.

Lack of Data Privacy

The CIS MOA includes a provision that “computer users have no reasonable expectation for privacy”. This should raise eyebrows. After all, the data collected by CIS via Albert Sensors goes well beyond election data in scope. Since CIS deploys these sensors on State, Local, Tribal and Territorial government networks, any of the data communicated through the Albert Sensor is subject to collection and analysis. Citizens file tax forms electronically. Police investigations feature electronic records. Government assistance and health records are stored and communicated electronically. Employee records and other human resource data on employees are stored and communicated electronically. CIS has positioned itself to collect a significant amount of personally identifiable information (PII) that could be used to intimidate, blackmail, or otherwise make the life of everyday citizens quite miserable…all without public oversight.

Trustworthiness of “Trusted” Organizations

Citizens are forced to place a significant amount of trust in organizations protected from transparency. Are there “trusted” organizations without our election system that should not be trusted? What would happen if Albert Sensors and the Einstein system were to enable enemies of America to operate with impunity inside the gates of our election systems?

In an organization with as broad a reach as CIS (98% of election infrastructure), all it would take is one bad actor among its employees, contractors, customers or partner organizations to compromise the security of any network to which their products have been deployed to secure. Is the trust in organizations such as CIS warranted? Let’s find out.

Twitter Files

Twitter is a private organization that has been lionized in the media as a free speech platform that protects the general public from misinformation. This media perception of Twitter changed drastically in the wake of Elon Musk’s purchase of Twitter. Musk then proceeded to release an avalanche of information on the inner workings of Twitter known as the “Twitter files”.

The Twitter Files clearly reveal evidence that the Federal Bureau of Investigation (FBI) interfered with the 2020 election. CIS and their partners feature significant ties to the FBI. Their role as election data gatekeeper would certainly make them a tempting target of any bad actors in the FBI.

Hunter Biden Laptop

The FBI is not the only federal agency associated with election interference. The intelligence community was heavily involved as well as evidenced by the following letter released shortly before the November 3, 2020 general election.

The letter falsely insinuates that the Hunter Biden laptop containing evidence of treason by members of the Biden family was part of a Russian disinformation campaign. While this letter is rather nuanced in this connection, the “Twitter Files” show that government officials were much more assertive in their directives to block the release of any information that would cast Joe Biden in a bad light before the 2020 election.

What is most concerning is that the contents of the Biden laptop indicate significant financial contributions by China to the Biden family. Against this backdrop, the former Director of National Intelligence John Ratcliffe issued a memo on January 7, 2021 entitled “Views on Intelligence Community Election Security Analysis” in which he asserts the views of China cyber analysts were suppressed by the incoming administration so as to give the impression that China was not interested in influencing our elections.

CIS and their partners feature significant ties to the intelligence community. Their role as election data gatekeeper would certainly make them a tempting target of any bad actors in the intelligence community.

Democracy Fund

Now let’s have a closer look at one of the partners of the Center for Internet Security known as The Democracy Fund. The Democracy Fund is a strange bedfellow for CIS.

The Democracy Fund is a charity created by eBay founder Pierre Omidyar to help the Democrat Party and fund leftwing media. They provided funding to the NSGIC (National State Geospatial Council) and partnered with CTCL to push the “Geo-Enabled Elections” initiative. They want to create GIS map departments in targeted elections to digitize all voters into a lat/long, to map their location. Sophisticated mapping is the lefts key to targeting voters. Their efforts to connect GIS systems with electronic voting systems enables anyone with access to the GIS system to also have access to election records not available to the general public.

Democracy Fund was also involved with the “Voting Information Project” (VIP). This was brainchild of left leaning Pew Charitable Trust in partnership with Google. It collects massive amounts of election information from States and Counties, including sample ballots, polling places, and voter registration. The VIP project controls and disseminates election information to voters nationwide. Democracy Fund also hired a consultant in 2017 to work on an election modeling project that lasted years. This same consultant was on the NIST team that created our election data standards. Democracy Fund pushes the corrupt Ranked Choice Voting system and supports leftwing voter registration organizations like Rock the Vote, Democracy Works, and FairVote.  

The Amistad Project has mapped out the financial ties between the Democracy Fund other progressive organizations such as the Center for Tech and Civic Life (CTCL).

CTCL has been cited in numerous equal protection lawsuits related to election integrity.

No matter how you slice it, any CIS connection to the Democracy Fund should raise the eyebrows of anyone concerned with election integrity.

What products and services were provided to the Democracy Fund by CIS in exchange for their payments?

Were they provided with “inside the gates” access to sensitive election information?

The answer is difficult to tell because both Democracy Fund and CIS are private organizations not subject to FOIA requests.

CIS and their partners feature significant ties to the Democracy Fund. Their role as election data gatekeeper would certainly make them a tempting target of any bad actors in the Democracy Fund.

Shutdown DC

There are many other organizations tied to election interference which involve current federal employees and contractors. Shutdown DC is one of these organizations which you have probably never heard about. Millie Weaver exposes their operations in the following story featuring Zoom calls attended by federal employees and contractors.

The federal government should have a very insignificant role in the management of our elections yet as Biden’s Executive Order and Zoom calls such as the one referenced in Millie Weaver’s post indicate, there are individuals within the federal government with definite plans to exert significant influence in our elections.

CIS and their partners feature significant ties to current and past federal employees. Their role as election data gatekeeper would certainly make them a tempting target of any bad actors in the federal government.

Effectiveness

Some may argue that the use of private organizations not subject to transparency is worth the risk due to the cybersecurity threats posed by hackers and state actors. In this light, it is reasonable to ask “are Albert Sensors effective at securing government sites from cyber threats?” As it turns out, there is significant evidence that they are not effective.

Despite the use of the name of widely respected genius Albert Einstein, Ferry County, WA county officials were not impressed when nearby Lincoln County was the victim of a ransomware attack a month after the installation of their Albert sensor. CIS reportedly didn’t even notify Lincoln County officials of the attack. Ferry County commissioners later voted to remove their Albert Sensors but around 98% of America’s election infrastructure still uses them.

Albert was not the only half of the “Albert Einstein” collaboration to have failed to protect organizations. The CISA Einstein system didn’t prevent Federal Agencies from being compromised by the Solar Winds Orion Platform intrusion.

The SolarWinds Cyber-Attack was successful because it compromised a trusted software component responsible for updating client software installations. It was successful because it had planted malware inside the supposedly secure cyber walls protecting over 18,000 SolarWinds customers including CISA itself. It certainly would be interesting to know if CIS, the gatekeeper of our nation’s election data, was also a SolarWinds customer. If so, whoever was behind the 2020 SolarWinds hack, likely had control over who our President would be.

If Albert Sensors increase the risk of bad actors having the ability to control election data all across the country yet they are not effective at protecting government systems from hacking, we need to seriously investigate whether or not cybersecurity is the real reason they have been deployed. After all, we could mitigate the need for such cutting edge skills in the management of our elections by simply counting paper ballots by hand, but that’s not the path they chose. We should be asking why they chose not to follow the lead of countries such as France and the Netherlands who tabulate paper ballot votes by hand. Instead, we blindly trust our government officials when they pursue electronic voting systems to manage election records and tabulate our votes.

CONCLUSION

Those who support the assertion by the former CISA Director Chris Krebs that the 2020 election was “the most secure election in American history” have long claimed that our electronic voting systems are secure from man-in-the-middle attacks due to the use of firewalls, VPN’s, secure tunnel protocols and organizations such as the Center for Internet Security.

How do we know this? They tell us that it is so, of course.

What happens if we as citizens seek to investigate the security of our elections ourselves? We are prevented from getting access to the information necessary to demonstrate that the chain of custody regarding our election records has been maintained.

When we protest, we are told that we need to trust them. They then proceed to engage private organizations to perform most of their dirty work knowing full well that these organizations are not subject to our primary investigative tool as citizens – the FOIA request.

We already have substantive evidence of federal employees engaged in plots with private organizations to undermine the integrity of our elections.

It was big news when social media company Twitter collected $3,415,323 since 2019 from the FBI in exchange for censoring Biden’s political opponents. The Center for Internet Security collected $42,904,994 from the Department of Homeland Security in a single year.

CIS capabilities go beyond influencing public opinion. Through the use of Albert Sensors, CIS is the gatekeeper for the data that determines who wins our elections. There is little to no oversight of their efforts. Do we need another billionaire to purchase CIS to finally find out what really happens to our election data?

The American people are unwittingly placing an inordinate amount of trust in a private organization and the organizations with whom it collaborates. The SolarWinds hack was enabled by the corruption of a trusted software component. What happens when our elections are hacked by trusted individuals?

We are told that there are security protocols in place that prevent internet-based “man-in-the-middle” attacks that could manipulate the results of our elections. What happens if the dreaded internet-based “man-in-the-middle” attacks are actually performed by individuals “in-the-middle” of an organization’s trusted network environment? What if the manipulation of election data occurred within the vaulted security walls that we have erected around our election data? How would we ever know?

Today’s system is designed to prevent us from ever knowing. That lack of transparency should concern every citizen in our nation…especially in light of the evidence of “trusted” individuals in government already haven been caught attempting to manipulate our elections.

It is time to apply President Reagan’s “trust but verify” policy to private organizations at the center of our modern electronic voting systems such as CIS and ERIC. We either need to make CIS and ERIC subject to FOIA requests or we need to remove the risks they pose by returning to hand counts of paper ballots.

RELATED STORIES

• Election Results Are Missing Key Audit Trail Links
• PIT Revelations: Why are internet connections a bad idea for election equipment?
• How Do Counties Roll-up Votes from Precincts?
• Messaging Battle: Dominion Security Vulnerabilities
• January 6th…the Rest of the Story
• CITIZENS GUIDE: Mitigate Risk of Electronic Voting Systems Stealing Elections
• 110 Articles Affirm America’s Computerized Voting System Is Vulnerable
• Rigged: Who Gets Access to Electronic Voting Systems?
• Election System “Air Gap” Myths
• Maricopa County Word Games?