I’ve done some Computer Forensics work. Some of the jargon in the report may need a bit of explaining to the non-technical reader. So I’m going to go through their report, quoting some bits of it, interpreting others, in the hope that can help clarify.
Original PDF here and I’ve downloaded it. If the original disappears I can upload my saved copy. Note that cut/paste of pdf text often changes formatting in strange ways, so don’t be surprised if my text is reflowed or different fonts.
The heading of the report just says who did the forensic review, on what date, for whom.
Allied Security Operations Group
Antrim Michigan Forensics Report
REVISED PRELIMINARY SUMMARY, v2
Report Date 12/13/2020
Client: Bill Bailey
Attorney: Matthew DePerno
Then you present your credentials and bona fides to show competence and fealty to law.
A. WHO WE ARE
1. My name is Russell James Ramsland, Jr., and I am a resident of Dallas County, Texas. I hold an MBA from Harvard University, and a political science degree from Duke University. I have worked with the National Aeronautics and Space Administration (NASA) and the Massachusetts Institute of Technology (MIT), among other organizations, and have run businesses all over the world, many of which are highly technical in nature. I have served on technical government panels.
2. I am part of the management team of Allied Security Operations Group, LLC, (ASOG). ASOG is a group of globally engaged professionals who come from various disciplines to include Department of Defense, Secret Service, Department of Homeland Security, and the Central Intelligence Agency. It provides a range of security services, but has a particular emphasis on cybersecurity, open source investigation and penetration testing of networks. We employ a wide variety of cyber and cyber forensic analysts. We have patents pending in a variety of applications from novel network security applications to SCADA (Supervisory Control and Data Acquisition) protection and safe browsing solutions for the dark and deep web. For this report, I have relied on these experts and resources.
So we’ve got the Management Weenie who depends on “experts” who’s reputation we are to trust based on a client list of Hot Names. OK, but not perfect. I’d rather see the credentials of the Techs who did the work, but frankly, that usually only shows up in a detailed tech report, not in the one shown to other non-techs. So this is what I’d expect and likely “good enough”. They do this for a living, and do it for a lot of big “Name names”. I’ll live with that.
B. PURPOSE AND PRELIMINARY CONCLUSIONS
1. The purpose of this forensic audit is to test the integrity of Dominion Voting System in how it performed in Antrim County, Michigan for the 2020 election.
So their search / testing is limited strongly in scope. Dominion Voting System only and in Antrim County only. That’s a narrow search. You will be depending on probability and projection to extend that over any other machines, process or locations. OTOH, they can do a “deep dive” in a narrow pool. So it’s an “exemplar” of what might be elsewhere, not a conclusion about all.
2. We conclude that the Dominion Voting System is intentionally and purposefully designed with inherent errors to create systemic fraud and influence election results. The system intentionally generates an enormously high number of ballot errors. The electronic ballots are then transferred for adjudication. The intentional errors lead to bulk adjudication of ballots with no oversight, no transparency, and no audit trail. This leads to voter or election fraud. Based on our study, we conclude that The Dominion Voting System should not be used in Michigan. We further conclude that the results of Antrim County should not have been certified.
That’s the top level Executive Summary. That’s also pretty strong assertion. You don’t do that if you can’t back it up. (It’s too easy for the Tech Guy, under cross exam, to spill the beans that you oversold what he said…). They are basically saying the machine is designed for fraud, and they determine one clear method. Generating excessive failed ballots that go to a single person without oversight who can either just trash them, or assign them to any candidate they like. That’s fraud on the face of it (though phrased more gently as ‘leads to’).
Then the money quote assertion of not fit for purpose “should not have been certified”. I.e. your election was trash.
3. The following is a breakdown of the votes tabulated for the 2020 election in Antrim County, showing different dates for the tabulation of the same votes.
Tables from PDFs don’t cut/paste well, so ‘hit the link’ to see it. The key bit is
Date Total Biden Trump 3rd Party Total POTUS votes Nov 3 16,047 7,769 4,509 145 12,423 Nov 5 18,059 7,289 9,783 255 17,327 Nov 21 16,044 5,960 9,748 241 15,949
So first off, the Total changes dramatically in 3 different runs on 3 different days. Total POTUS votes change by almost a range of 5k out of 12k to 17k (so around 30%) and there’s somewhere around 4k or a few hundred, or almost 1K who voted everything BUT the BIGGEST thing on the menu, POTUS. Seems strange to me, but maybe?
The “biggie” is that on election night, they have a Biden “win” by 3,000 (so win % close to total Trump vote… very unlikely and strange, but only one machine so statistically possible. At this point prior election R vs D would be helpful information). BUT the hughe thing is that on the next 2 runs, Trump wins by either 2.5k or 3.7k
That discrepancy is just crazy high as a percentage of votes. This, alone, says the machine is flaky and the software changes have dramatic effect. (By implication other machines of the same make are likely just as dodgy).
Just the “Never the same way twice” is a big red flag of corrupt hardware or software.
4. The Antrim County Clerk and Secretary of State Jocelyn Benson have stated that the election night error (detailed above by the vote “flip” from Trump to Biden, was the result of human error caused by the failure to update the Mancelona Township tabulator prior to election night for a down ballot race. We disagree and conclude that the vote flip occurred because of machine error built into the voting software designed to create error.
Or “Liar liar pants on fire”… The Tech will have said “She said WHAT? That’s just BS. Look, it’s the software in the two versions that’s doing it. Let me show you…”
5. Secretary of State Jocelyn Benson’s statement on November 6, 2020 that “[t]the correct results always were and continue to be reflected on the tabulator totals tape . . . .” was false.
Or “She really told a huge whopper of a lie.” The Tech will have said “Which tape? Run 1, 2, or 3?
6. The allowable election error rate established by the Federal Election Commission guidelines is of 1 in 250,000 ballots (.0008%). We observed an error rate of 68.05%. This demonstrated a significant and fatal error in security and election integrity
Here’s our “Legal Standard” that the machine must meet. Nearly NO errors at 0.0008%. 1 in 1/4 million. You would expect zero errors in a sample of 20k out of 250k 11 out of 12 times.
7. The results of the Antrim County 2020 election are not certifiable. This is a result of machine and/or software error, not human error.
The machine is a joke, with an outrageous error rate, and the election that used it are just as trash. It’s the machines / software that’s broken and not some “human error”. Tech will have a detailed tech explanation of what they did to discover and prove it was software / hardware, and why they conclude it was “by design”.
8. The tabulation log for the forensic examination of the server for Antrim County from December 6, 2020 consists of 15,676 individual events, of which 10,667 or 68.05% of the events were recorded errors. These errors resulted in overall tabulation errors or ballots being sent to adjudication. This high error rates proves the Dominion Voting System is flawed and does not meet state or federal election laws.
They got 68% wrong instead of 0.0008%. That doesn’t even pass the stink test. It is way more wrong than right. 68% of your “ballots” were decided by someone (unknown) who could just give them to anyone. That’s nuts. (“Nuts” is a technical term ;-) Oh, and it’s illegal too. Both State and Federal laws ignored / trashed.
9. These errors occurred after The Antrim County Clerk provided a re-provisioned CF card with uploaded software for the Central Lake Precinct on November 6, 2020. This means the statement by Secretary Benson was false. The Dominion Voting System produced systemic errors and high error rates both prior to the update and after the update; meaning the update (or lack of update) is not the cause of errors.
“Re-provisioned” means it got new software on it. Dated from November 6, 2020. CF Card is Compact Flash card. This comes in several physical shapes, from nice big ones about the size of a stack of 4 to 6 credit cards. Kind of like a giant SD card.
43×36×3.3 mm (Type I)
43×36×5 mm (Type II)
Weight 10 grams (typical)
Usage Digital cameras and other mass storage devices
So first off, this tells me that with a swap of a common card, I can change the software on the machine. That’s creepy.
Then the proof for the “Liar liar” statement. They tested before and after the update and both make errors by the bucket (but different errors).
10. In Central Lake Township there were 1,222 ballots reversed out of 1,491 total ballots cast, resulting in an 81.96% rejection rate. All reversed ballots are sent to adjudication for a decision by election personnel.
Almost ALL the ballots from one township were really determined (cast) by some anon-Poll Worker. For whomever they wanted to vote for.
11. It is critical to understand that the Dominion system classifies ballots into two categories, 1) normal ballots and 2) adjudicated ballots. Ballots sent to adjudication can be altered by administrators, and adjudication files can be moved between different Results Tally and Reporting (RTR) terminals with no audit trail of which administrator actually adjudicates (i.e. votes) the ballot batch. This demonstrated a significant and fatal error in security and election integrity because it provides no meaningful observation of the adjudication process or audit trail of which administrator actually adjudicated the ballots.
Ballots go in two buckets, “normal” and “poll worker can diddle them or trash them”. They can also be moved around from different terminals (RTR) used by different folks, with no audit trail / information. (So the evidence of the Diddle can be easily lost / hidden / never seen).
12. A staggering number of votes required adjudication. This was a 2020 issue not seen in previous election cycles still stored on the server. This is caused by intentional errors in the system. The intentional errors lead to bulk adjudication of ballots with no oversight, no transparency or audit trail. Our examination of the server logs indicates that this high error rate was incongruent with patterns from previous years. The statement attributing these issues to human error is not consistent with the forensic evaluation, which points more correctly to systemic machine and/or software errors. The systemic errors are intentionally designed to create errors in order to push a high volume of ballots to bulk adjudication.
Just Oh My God how many went into “Poll Worker’s Diddle Inbox”! We didn’t see this in the past, so suspicion moves to software from hardware. The prior results are still in the server, so we have the proof of that. The assertion of intent is unusual. This implies to me that the Tech said “Look at the code right here, that just has to be deliberate”. Probably in disassembly form, so not something anyone else would understand if they saw it.
Then are repeat that “human error” is just wrong and not consistent with what was found.
Then they include a link to a Twitter Video demonstrating the Diddle.
13. The linked video demonstrates how to cheat at adjudication:
14. Antrim County failed to properly update its system. A purposeful lack of providing basic computer security updates in the system software and hardware demonstrates incompetence, gross negligence, bad faith, and/or willful noncompliance in providing the fundamental system security required by federal and state law. There is no way this election management system could have passed tests or have been legally certified to conduct the 2020 elections in Michigan under the current laws. According to the National Conference of State Legislatures – Michigan requires full compliance with federal standards as determined by a federally accredited voting system laboratory.
County staff either criminals or idiots, your choice. BASIC software updates not done (i.e. wide open to bugs and hacks).
15. Significantly, the computer system shows vote adjudication logs for prior years; but all adjudication log entries for the 2020 election cycle are missing. The adjudication process is the simplest way to manually manipulate votes. The lack of records prevents any form of audit accountability, and their conspicuous absence is extremely suspicious since the files exist for previous years using the same software. Removal of these files violates state law and prevents a meaningful audit, even if the Secretary wanted to conduct an audit. We must conclude that the 2020 election cycle records have been manually removed.
Log files are critical to audits and system maintenance. Missing or corrupted logs are SOP for system hacks and fraud. I find logs missing without great explanation, I’m going full “penetrated and hacked” forensic audit on the box.
Blaring sirens and flashing red lights, spotlight on “Criminal act of sabotage against the law done here!” Pretty much hollers to me that a Vote Diddle was definitely done and this is the evidence of the cover-up.
16. Likewise, all server security logs prior to 11:03 pm on November 4, 2020 are missing. This means that all security logs for the day after the election, on election day, and prior to election day are gone. Security logs are very important to an audit trail, forensics, and for detecting advanced persistent threats and outside attacks, especially on systems with outdated system files. These logs would contain domain controls, authentication failures, error codes, times users logged on and off, network connections to file servers between file accesses, internet connections, times, and data transfers. Other server logs before November 4, 2020 are present; therefore, there is no reasonable explanation for the security logs to be missing.
That the server security logs were wiped is horrible. Pretty much shouts at you that the machine / software was corrupted. Why else cover the tracks. An “audit trail” is the normal record of what happened in an audit log. While “forensics” looks deeper. Things like do the dates and binary stamps of a claim in a log file match that elsewhere in the file meta-data? “Advanced Persistent Threats” means the backdoors left behind by the most skilled hacks. Things like modifying the firmware for a disk drive or hiding hacking / backdoor tools in the “empty” space in a file system (The blocks not used for the file system or files). Why I complain about firmware on a machine that I can’t inspect, like the Intel chips “management engine”. This kind of backdoor is down in the layers that only super-hackers work with, write tools for (other than the folks who design it at manufacturers).
Then a “dig” at outdated System Files. I.e. virus and protection stuff way out date and “Warez” in the wild can let a Script Kiddie waltz in. That is, the techniques to hack your system are already well known enough to be circulating on the Web as scripts than even an idiot can run.
The Diddlers have erased the log file information about internet connections and data changes and more. So when folks say “No evidence it was connected to the internet”, that may be factual, but useless to say, as there is also no evidence it was NOT connected.
So the wipe of log files extends even to the security logs / server.
17. On November 21, 2020, an unauthorized user unsuccessfully attempted to zero out election results. This demonstrates additional tampering with data.
“unauthorized user” is geek speak for “hacker or attempt by an idiot who has no legal right on the box”. Someone without legitimate log-in credentials for the box.
So word got out they were auditing, and on the day of their second run, they observed an attempt to scuttle their run. Definitely a Data Diddler on the loose “tampering”. Then “additional” confirms that the Tech has already found other evidence of Data Diddle.
18. The Election Event Designer Log shows that Dominion ImageCast Precinct Cards were programmed with new ballot programming on 10/23/2020 and then again after the election on 11/05/2020. These system changes affect how ballots are read and tabulated, and our examination demonstrated a significant change in voter results using the two different programs. In accordance with the Help America Vote Act, this violates the 90-day Safe Harbor Period which prohibits changes to election systems, registries, hardware/software updates without undergoing re-certification. According to the National Conference of State Legislatures – Michigan requires full compliance with federal standards as determined by a federally accredited voting system laboratory.
We’ve got the time stamps for when the software was changed to Do The Diddle, then when the cover-up update happened. 23 Oct 2020 for the Diddle version, cover-up on 5 Nov 2020. First thought for me is “Why update the software just after the counting is done?” Smells foul and clearly cover-up.
Then, the Techs had both sets of software and demonstrated that the two versions give different results. Prime evidence that the Oct update was entirely to change the results. Both updates violate the law, so not Standard Procedure at all.
Change requires re-certification, this was not done. So deliberately hiding the change. More crimes.
19. The only reason to change software after the election would be to obfuscate evidence of fraud and/or to correct program errors that would de-certify the election. Our findings show that the Central Lake Township tabulator tape totals were significantly altered by utilizing two different program versions (10/23/2020 and 11/05/2020), both of which were software changes during an election which violates election law, and not just human error associated with the Dominion Election Management System. This is clear evidence of software generated movement of votes. The claims made on the Office of the Secretary of State website are false.
Double Stating things for emphasis in this #19. It was software based fraud. It does change votes. The only reason for the double dip of update before / overwrite after election is a cover-up. It wasn’t human error and “Liar Liar” again at the SoS.
20. The Dominion ImageCast Precinct (ICP) machines have the ability to be connected to the internet (see Image 11). By connecting a network scanner to the ethernet port on the ICP machine and creating Packet Capture logs from the machines we examined show the ability to connect to the network, Application Programming Interface (API) (a data exchange between two different systems) calls and web (http) connections to the Election Management System server. Best practice is to disable the network interface card to avoid connection to the internet. This demonstrated a significant and fatal error in security and election integrity. Because certain files have been deleted, we have not yet found origin or destination; but our research continues.
The hardware can connect to the internet. They put a “scanner” on it. That’s a small computer that inspects network packets and lets the network Tech see what’s going on. Are there packets? What kind? Headed to where? What they found was an active ability to connect (just add wire or wireless modem). An API is used to connect a program to the rest of the system and let it run. The thing in the system that your program uses to tell it what to do. That inter face ought to have been turned off.
Then we again have evidence of a “Clean up on aisle Hacked” in missing tracking files. But they are continuing to dig at it.
21. Because the intentional high error rate generates large numbers of ballots to be adjudicated by election personnel, we must deduce that bulk adjudication occurred. However, because files and adjudication logs are missing, we have not yet determined where the bulk adjudication occurred or who was responsible for it. Our research continues.
22. Research is ongoing. However, based on the preliminary results, we conclude that the errors are so significant that they call into question the integrity and legitimacy of the results in the Antrim County 2020 election to the point that the results are not certifiable. Because the same machines and software are used in 48 other counties in Michigan, this casts doubt on the integrity of the entire election in the state of Michigan.
We know the software tossed ballots to the “Diddle Bucket”, so we can conclude pretty easily that they had to be handled by someone. BUT the logs are gone and with that any evidence on the machine of who did it. But 68% of the votes were really voted by some anon-Poll Worker. Given that, no way you can claim the results are accurate and certifiable.
Given that the same machines (and presumably the same software) was used all over the place, the implication is that those places are just as broken and the whole thing is bogus.
Now, IF different machines had DIFFERENT software run, then that, too, says something very wrong happened and you can’t trust the election to be correct. No matter which way you turn, the election is bogus where these machines and software were used.
Next comes a big block citing the applicable laws and Executive Orders. Basically saying “do it right or else”.
23. DNI Responsibilities: President Obama signed Executive Order on National Critical Infrastructure on 6 January 2017, stating in Section 1. Cybersecurity of Federal Networks, “The Executive Branch operates its information technology (IT) on behalf of the American people. The President will hold heads of executive departments and agencies (agency heads) accountable for managing cybersecurity risk to their enterprises. In addition, because risk management decisions made by agency heads can affect the risk to the executive branch as a whole, and to national security, it is also the policy of the United States to manage cybersecurity risk as an executive branch enterprise.” President Obama’s EO further stated, effective immediately, each agency head shall use The Framework for Improving Critical Infrastructure Cybersecurity (the Framework) developed by the National Institute of Standards and Technology.” Support to Critical Infrastructure at Greatest Risk. The Secretary of Homeland Security, in coordination with the Secretary of Defense, the Attorney General, the Director of National Intelligence, the Director of the Federal Bureau of Investigation, the heads of appropriate sector-specific agencies, as defined in Presidential Policy Directive 21 of February 12, 2013 (Critical Infrastructure Security and Resilience) (sector-specific agencies), and all other appropriate agency heads, as identified by the Secretary of Homeland Security, shall: (i) identify authorities and capabilities that agencies could employ to support the cybersecurity efforts of critical infrastructure entities identified pursuant to section 9 of Executive Order 13636 of February 12, 2013 (Improving Critical Infrastructure Cybersecurity), to be at greatest risk of attacks that could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security (section 9 entities);
This is a national security imperative. In July 2018, President Trump strengthened President Obama’s Executive Order to include requirements to ensure US election systems, processes, and its people were not manipulated by foreign meddling, either through electronic or systemic manipulation, social media, or physical changes made in hardware, software, or supporting systems. The 2018 Executive Order. Accordingly, I hereby order:
Section 1. (a) Not later than 45 days after the conclusion of a United States election, the Director of National Intelligence, in consultation with the heads of any other appropriate executive departments and agencies (agencies), shall conduct an assessment of any information indicating that a foreign government, or any person acting as an agent of or on behalf of a foreign government, has acted with the intent or purpose of interfering in that election. The assessment shall identify, to the maximum extent ascertainable, the nature of any foreign interference and any methods employed to execute it, the persons involved, and the foreign government or governments that authorized, directed, sponsored, or supported it. The Director of National Intelligence shall deliver this assessment and appropriate supporting information to the President, the Secretary of State, the Secretary of the Treasury, the Secretary of Defense, the Attorney General, and the Secretary of Homeland Security.
We recommend that an independent group should be empaneled to determine the extent of the adjudication errors throughout the State of Michigan. This is a national security issue.
Their conclusion is a biggy. Calling for the cited legal process to be done, and for a full survey of all the election results in Michigan to see just how bad it really is. Citing “National Security” makes it an international question and brings in Trump’s EO on international interference.
24. Michigan resident Gustavo Delfino, a former professor of mathematics in Venezuela and alumni of University of Michigan, offered a compelling affidavit [Exhibit 2] recognizing the inherent vulnerabilities in the SmartMatic electronic voting machines (software which was since incorporated into Dominion Voting Systems) during the 2004 national referendum in Venezuela (see attached declaration). After 4 years of research and 3 years of undergoing intensive peer review, Professor Delfino’s paper was published in the highly respected “Statistical Science” journal, November 2011 issue (Volume 26, Number 4) with title “Analysis of the 2004 Venezuela Referendum: The Official Results Versus the Petition Signatures.” The intensive study used multiple mathematical approaches to ascertain the voting results found in the 2004 Venezuelan referendum. Delfino and his research partners discovered not only the algorithm used to manipulate the results, but also the precise location in the election processing sequence where vulnerability in machine processing would provide such an opportunity. According to Prof Delfino, the magnitude of the difference between the official and the true result in Venezuela estimated at 1,370,000 votes. Our investigation into the error rates and results of the Antrim County voting tally reflect the same tactics, which have also been reported in other Michigan counties as well. This demonstrates a national security issue.
Appeal to prior art. So rounded up a Professor who did a bunch of prior statistical work. (Realize that when I was in school, “Computer Science” was not a major and “computers” and programming was taught in either the Engineering College or the Math Department. Math majors often get a fair amount of computer work / theory.
He, the Math Prof., outlined the how, and the how much, and they found the same pattern he had found in Venezuela, when a study of the Antrim County (and other counties) was done.
Again, a call to “National Security”.
Breaking For Part Two
At this point, this posting is getting long enough that WordPress editor is having lag issues. So the rest of the examination will come in another posting.
I’m also in need of a refill of the coffee cup and a “bio-break”, so it might be a while…