Cyber Ninjas' Doug Logan publicly presented his still incomplete report for the Maricopa County forensic audit to the Arizona State Senate on Sept. 24. One finding alone in his report shows 255,326 votes that have no corresponding record of having been received.
Logan's Presentation Number One shows data indicating the Maricopa County election was anything but perfect. UncoverDC will write a series of stories, breaking down the entire audit report by presenter, starting with Mr. Logan's Cyber Ninja team report and the overview of his team's findings. The report is incomplete because the County has yet to turn over routers, Splunk logs, and other subpoenaed materials. A separate story on the ballot paper is also forthcoming.
Doug Logan, CEO of Cyber Ninjas, was responsible for overseeing the granular, forensic audit of the 2.1 million paper ballots in Maricopa County. His presentation is shown in five parts and refers to his team's physical examination of the physical evidence—the ballots and the boxes containing them. Logan's report mentions the paper stock used and the investigation of kinematic artifacts. On multiple occasions, he says a full report on the paper is coming.
The parts of the Cyber Ninja report are broken down as follows:
- Presentation One was the results portion of his presentation and was presented in a PowerPoint format. (downloadable PowerPoint file).
- Presentation Two, also presented in PowerPoint format, refers to his team's recommendations for legislative reforms based on his findings. (downloadable PowerPoint file.
- Vol. 1 refers to The Executive Summary & Recommendations.
- Vol. 2 references the Operations & Methodology used.
- Vol. 3 refers to Result Details.
Also presenting were two others:
- Dr. Shiva Ayyadurai, the founder of EchoMail, who forensically analyzed a compressed copy of the original images of the Early Vote Ballot Envelopes, found 17,322 duplicates. The original images were not supplied, per Mark Finchem, who spoke with UncoverDC late Sunday. "They gave Shiva compressed images, not originals. Which now opens up a whole new line of questions. Like where are the original images? How about where are the originals that were supposed to be actual images."
- Ben Cotton, the founder of CyFIR, investigated the digital findings and the alleged multiple cybersecurity issues.
255,326 Ballots Cast With No Record Of Having Been Received
Slide 26 of Logan's PowerPoint tells a big part of the story. Among other things, this graphic indicates 255,326 ballots were cast that have no record of having been received. Notably, Vol. 3 of the Cyber Ninjas report is also significant and recaps Ben Cotton's findings. Vol. 3 summarizes all findings investigated by Cyber Ninjas and CyFIR.
Cyber Ninjas/PP1/Slide26/9/24/2021
An explanation of file name clarifications and the data they represent:
- VM55 is a computer file that contains the name and voting method (early, in-person, etc.) of everyone who had cast a ballot in the election.
- EV33 is a computer file that contains a listing of all early votes received by the County: voter name and the particular early voting method employed by each such voter (by mail or in-person early voting).
- Everyone that was indicated within VM55 as having cast an early vote should have appeared in EV33. EV33 records the manner and date in which the County received the early vote.
UncoverDC reported on the audit executive summary Friday after the public hearing. The following table from the Summary Finding Report shows over 57,000 illegal votes, almost 6x the margin of 10,457 votes tallied on Nov. 3 for Biden. Notably, this total does not include the 17,322 duplicate ballots found by Dr. Shiva.
Summary Finding Report/Maricopa Audit/9-24-2021
The Cyber Ninjas team looked at a number of issues. One of their findings centered on individuals who moved—checked against the Melissa Personator, a well-recognized commercial database. Slide 29 shows 27,807 people moved out of the County prior to casting their ballot.
Moved/Maricopa County/Cyber Ninjas/slide 29
The team also looked at voter registration anomalies in the voter rolls. They contacted the County to ask about the procedure for registration, specifically asking whether registration dates change. The County answered the "only time a voter may have two dates of registration is if their registration has previously been canceled and the voter registers again."
Voter Registration Question/Cyber Ninjas/Slide 31
AFFSEQ was also discussed. AFFSEQ "is a unique number found in the voter roll system that is associated with a single transaction to a single user." 2,861 voters shared a "unique number" with someone else at one time or another.
AFFSEQ/Cyber Ninjas/Slide 32
Slide 33 shows a number of anomalies listed by type when tallying the numbers for the ballots.
Slide 33/Types of Voter Anomalies
Logan mentions in his executive summary some critical data points, some of which are explained in detail in the CyFIR findings report. A total of 284,412 images were either corrupt or missing.
Highlights include "263,139 ballot images that are corrupt and unreadable TIFF format images," a finding notated as 6.4.3 Corrupt Ballot Images in Vol. 3 of the Cyber Ninjas report. Many anomalies were noted in Vol. 3 and in CyFIR's report that critically affected the integrity of the Maricopa election in November.
Ballot Images Corrupted/Cyber Ninjas Vol. 3
There were "21,273 ballot images entirely missing from the forensics images of the election equipment."
Missing/Cyber Ninjas/Vol. 3
A canvass was initially recommended in the original contract. To date, no official canvass has been conducted under the direction of the Arizona Senate due to federal pushback and resistance from Arizona Democrats and Secretary of State Hobbs.
However, a canvass was conducted by Liz Harris and about 1,000 or more volunteers. Her canvass found well in excess of the numbers needed to put the election in question. An official canvass would be an invaluable reconciliation of the ballots inspected because it would verify whether the voters who seem to have voted actually did vote.
What is Next?
In summary, numerous red flags and anomalies throughout the audit process would indicate that the November 2020 election in Maricopa County should never have been certified. Numerous procedural rules were ignored. Many ballots are of uncertain origin, counted erroneously, and Cotton's data show multiple incursions into the system to write scripts that deleted massive amounts of information. Jovan Hutton Pulitzer's reports on the paper are forthcoming and could be critical pieces of the puzzle.
Maricopa County resisted cooperation with the forensic team, throwing obstacles in their way at every turn, making a difficult task even more difficult for the auditors.
The Executive Summary states:
"Logs appeared to be intentionally rolled over, and all the data in the database related to the 2020 General Election had been fully cleared. On the ballot side, batches were not always clearly delineated, duplicated ballots were missing the required serial numbers, originals were duplicated more than once, and the Auditors were never provided Chain-of-Custody documentation for the ballots for the time period prior to the ballot's movement into the Auditors' care. This all increased the complexity and difficulty in properly auditing the results; and added ambiguity into the final conclusions.
Maricopa County failed to follow basic cyber security best practices and guidelines from CISA. Software and patch protocols were not followed • Credential management was flawed: unique usernames and passwords were not allocated • Lack of baseline for host and network activity for approved programs, communications protocols and communications devices for voting systems."
It remains to be seen what will happen next. Some of the findings—including possible criminal findings—will probably be sent to the Attorney General, Mark Brnovich. Brnovich on Tuesday asked Maricopa County to preserve all 2020 election documents and data. Brnovich tweeted on Tuesday that the Senate audit report raises serious questions.
The state legislature may decide whether to nullify the Presidential aspect of the election and reclaim the electoral college electors under their unenumerated powers under the 10th Amendment. However, action by the Arizona legislature could prove difficult given that many in both Houses have not been particularly supportive of the audit. Obstruction has been the name of the game in Maricopa, even going so far as to publish "fake drafts" of the report just prior to its release on Friday.
On Monday, Rep. Mark Finchem said the following to UncoverDC. He believes "there are ten solid votes for nullification between both Houses and about 25 wind-walkers—those who go wherever the political winds blow." Time will tell whether the legislator numbers will be sufficient to move the needle and deliver what many Arizona voters want—trust in the integrity of their vote.