Sept. 24, 2021 - Bannon's War Room
57:36
| 
| Speaker | Time | Text |
|---|---|---|
| Next slide. | ||
| Let's talk about the failure to preserve the operating system logs. | ||
| I don't have a chain of custody for what happened to these votes after they were deleted. | ||
| It may be a plausible explanation. | ||
| I simply don't know at this point. | ||
|
unidentified
|
Next slide. | |
| Let's talk about the failure to preserve the operating system logs. | ||
| As I explained earlier, the earliest time frame that was covered by the EMS logs, security logs was 5 February. | ||
| That clearly does not cover the election time period. | ||
| Now there's a very good reason why it didn't. | ||
| And if you go down to that last bullet there, you'll see there were three distinct time periods in which log entries were overwritten. | ||
| And let me explain how the log entries work a little bit. | ||
| So on the EMS, there's a user-defined setting that you can define how much quantity of logs are retained before they get overwritten. | ||
| Okay? | ||
| In this particular case, the EMS security log setting was set to 20 megabytes of data. | ||
| So The Windows operating system will preserve all the security logged entries up until the point at which it reaches 20 megabytes of data. | ||
| At that point, it starts following a first in, last out approach to log retention. | ||
| So as you create a new entry, an older entry is deleted and overwritten inside of that log file. | ||
| Now, first and foremost, we need to remember that we do have that 22 month federal mandate. | ||
| So it's clear that at least what existed on the EMS when we received it as part of this audit, we did not have The time period covered by that federal mandate as it was supposed to be covered. | ||
| That security log was not turned over as part of any other documents that we have by Maricopa County. | ||
| So I'm going to assume at this point that it's not available for us to look at or else they would have turned that over to us. | ||
| Now if you look at that last bullet, That first in, first out approach all of a sudden becomes readily apparent as to what happened on these distinct dates. | ||
| So on each of these dates, an individual executed a script and that script repeatedly looked for a blank password for all of the accounts on the system. | ||
| Depending on the system, there were only about 16 accounts That we're present on a given system. | ||
| So this script was run multiple times. | ||
| On 2-11, 462 log entries were overwritten by this script. | ||
| On the 3rd of March, 37,686 log entries were overwritten by this same script. | ||
| On the 3rd of March, 37,686 log entries were overwritten by this same script. | ||
| On the 12th, which is the day before we received the system, Thank you. | ||
| There were 330 log entries overwritten by that script. | ||
| Now the challenge here is that I know that this occurred. | ||
| I know which account did it. | ||
| It was the EMS admin account. | ||
| If you reflect back to what I just said about the lack of accountability of assigning that user name to an individual, it now becomes extremely difficult to prove who did it. | ||
| Okay? | ||
| Now, luckily, we happen to have some historical data from the M-TEC video feeds. | ||
| And so we leveraged that data to backtrack and align these times and we have captured screenshots of Maricopa County people at the keyboards during those time periods. | ||
| Okay? | ||
| Now, we've identified those individuals, but we will not release their names because we understand what the scrutiny is and what the impacts would be to those individuals. | ||
|
unidentified
|
Thank you. | |
| But I just want to tell you That the very point that they did not have an assignment of that username makes this extremely difficult to get to the bottom of things like this. | ||
| And this is not, unfortunately, an isolated occurrence in the course of this audit. | ||
| Next slide, please. | ||
| For example, On 2-1-2021, the SQL logs on the EMS indicate that the RTR admin account purged the general election results from the database on the EMS. | ||
| Now, remember the lack of log retention at this point. | ||
| We could not find any logged entry that corresponded To this activity from security logs. | ||
| Those Windows security logs only went back to the 5th. | ||
| But everything was purged on the 1st of February. | ||
| That's also right before The two audits commissioned by the county were due to commence. | ||
| I believe they commenced on the second of February. | ||
| So, once again, accountability of who had access to the RTR admin account, when that password is actually shared among all of the accounts, becomes extremely difficult. | ||
| So who did it, right? | ||
| Why did they do it? | ||
| You would think that if you were doing an audit the next day that you would want to have the full context of the election to be audited. | ||
| But that clearly was not the case in this instance. | ||
|
unidentified
|
Just to clarify, so this is a log file specifically from report, report, tallying, I'm sorry, results tallying and reporting, which is the Dominion software. | |
| That entry says that someone went into the program and clicked on something that said, I want to purge all the results for this election. | ||
| That goes through and that deletes all the records within it. | ||
| And if you actually take a look, you can see the success. | ||
| It's like the second line up. | ||
| You know, that it completed successfully and it literally deletes all of the files on the NAS directory as well, which is where all the results from the election are contained, where all the images from the election are contained, and all those other details. | ||
| So some individual went into an application and they chose specifically to run something that would clear all records in the system that was used to generate the official results the day before an audit started. | ||
| Next slide, please. | ||
| I'd like to talk a little bit about anonymous logins. | ||
| Now, anonymous login entries are common in the Windows operating system. | ||
| And they're most common when used in conjunction with accessing Windows shares, SMB shares, file shares, etc. | ||
| But there's a pattern to that functionality inside of the log files. | ||
| And you'll see on the left there that that is a normal anonymous login activity accessing an SMB share. | ||
| You'll also notice that for the purposes of security, we have redacted specific elements to include the host name and the IP address and some of those types of things. | ||
| But the fact of the matter is, is that those items are recorded as part of that normal anonymous log activity. | ||
| You will have the host name that logged into it. | ||
| You will have the IP address that originated the request. | ||
| In most cases, you'll have the username as anonymous. | ||
| But that username is then Validated against the access control lists and the user authentication mechanisms and validated. | ||
| So the very next log entry in a normal anonymous activity is a validation of that user's credentials to access that particular device or process or whatever they were accessing. | ||
| What you see on the left is something that we discovered in the logs, which is what I call atypical anonymous login, okay? | ||
| You will notice that none of those items that are captured by normal activity are present in this log. | ||
| You don't have an IP address of the originating device. | ||
| You don't have a host name of the originating device. | ||
| And furthermore, when I look at these in context of the actual security log itself, there is no validation of a user's credentials immediately following this. | ||
| There are hundreds of these types of anonymous logins in the security logs that we do have. | ||
| I cannot tell you at this point if the same type or pattern of activity occurred during the election cycle because These logs don't exist that cover the election. | ||
| But I can tell you that without access to that router data and the network data, I cannot validate whether or not these were legitimate accesses. | ||
| You'll notice that it is a login type 3, so it was a remote access. | ||
| I cannot tell if this is a legitimate access or an unauthorized access at this time. | ||
| Next slide, please. | ||
| So we also took a look at what happened when the EMS was booted up. | ||
| And let me walk through the methodology here to kind of assuage everybody's concerns. | ||
| So when we actually imaged all these processes and these systems, By the way, we imaged 770 devices and we gathered over 114 terabytes of original forensics data. | ||
| We preserved that in a forensics image file that I could then Leverage without fear of modifying or changing anything on the original device. | ||
| So we took that image file and we turned that into a virtual machine. | ||
| I created a enclave that I could boot that virtual machine up into and that I could then monitor the boot processes without connecting to the internet, without exposing any voted data to unauthorized users. | ||
| And I actually booted up the EMS to see what happened, what it was listening for, and to identify if there was in fact any zero-day malware in the memory. | ||
| What we did discover is that, as you would expect, there were a number of ports. | ||
| This is a normal part of an operating system. | ||
| Ports are used to establish connections and provide functionality to the operating system. | ||
| We've discovered 59 of those that were open. | ||
| And while most of these things were what I would have expected, there were some unexpected high port activity specific to the WinIT EXE, which controls your accesses and your logons, and your DNS, which controls your domain name service. | ||
| So if you go and you type in yahoo.com, The computer will use the DNS service to actually determine which IP that is so that you can connect. | ||
| And then the DHCP server. | ||
| All of those are normal, valid Windows processes. | ||
| But for example, DNS, the default port on that is port 53. | ||
| In the case of EMS, we not only had the port 53, but we also had DNS monitoring on a high port. | ||
| And I won't list that port number here in this open forum. | ||
| But that was a little bit unexpected. | ||
| I will tell you that on the EMS that you were utilizing both IPv4 and the newer version IPv6 enabled, so the services had dual functions with dual listening ports and things of that nature. | ||
| There were ports and there were services that were enabled that allowed remote access. | ||
| Okay, so the RDP protocol, for example, as well as the terminal services were enabled on the EMS. | ||
| Okay, next slide. | ||
| As part of that memory analysis, we did a complete check of the callouts and the attempts to connect from the EMS out to the Internet. | ||
| Now, once again, the county has repeatedly said that these were isolated systems, etc., etc., etc. | ||
| The EMS attempted to connect to those IPs, most of which are normal. | ||
| I would take a look at the Level 3 parent, the EDGCAST connections there, and I would probably request from the Maricopa County the documentation for those functions that rely on those connections and to determine whether or not those are certified or not. | ||
| We were not provided any of that certification document. | ||
| But those are the two items up there that I would ask Maricopa County for some further clarification on. | ||
| As part of this analysis, I was able to determine that there was no zero-day malware in the memory at boot up of the EMS server. | ||
| Next slide. | ||
| Let's talk about Internet history and connections, okay? | ||
| As you will recall, Maricopa County commissioned two independent auditors to come in. | ||
| Both of those auditors had a finding that there was no internet connection at the time that they conducted the audit. | ||
| When I initially did the analysis, and I was only searching the What's called the allocated space, so the allocated space is what you as a user see when you open up Internet Explorer or when you open up File Explorer. | ||
| When you see that directory structure, that's allocated space. | ||
| When I looked at the Internet history of the allocated space, I had the same conclusion as the auditors did. | ||
| However, I took this one step further. | ||
| I actually carved the unallocated space in the entire file system for internet artifacts. | ||
| And when I did that, the history was significantly different than both the representation by the auditors and the representation by Maricopa County that these systems had never connected or were exposed to the internet. | ||
| And we found internet activity and multiple visits on the EMS server, three of the EMS client workstations, one adjudication workstation, and then the ReWeb 1610 and the Regus 1202. | ||
| Now, before I get into this, I want to kind of walk through my methodology a little bit. | ||
| So it's very common for Operating systems to have default URLs, compatibility caches, things of that nature that may have an internet URL as part of that artifact. | ||
| So, in order to ensure that we didn't get any of that default data, I only reported on Internet artifacts that, one, the date occurred after the installation of the Dominion software, so after the 6th of August, 2019, and that had multiple visits to the same site, okay, with dates after that timeframe. | ||
| So that would eliminate any of the default URL artifacts that may have been on the system. | ||
| Next slide, please. | ||
| Okay. | ||
| So from the EMS server, you'll see that there's actually three visits to the same site on the same day. | ||
| Okay? | ||
| That clearly is not a private URL or a private IP address. | ||
| And so what I can tell you is that the EMS server, at least on that date, was connected to the Internet. | ||
| Now, I'd also like to point out that relying on the unallocated space for these artifacts, I don't have a complete History of all the internet connections because things get overwritten things get changed things of that nature But the importance of this is is that at some point in time? | ||
| specifically those last visited dates This device was connected to the internet now If you look at that date, there's also a correlation to the purging Of the database. | ||
| It's the day before the audit. | ||
|
unidentified
|
Almost the same time exactly. | |
| Almost the same time exactly. | ||
| Obviously this requires an explanation. | ||
| Next slide please. | ||
| When we talk about the EMS client Here are the connections. | ||
| Now, the nine connections at the top there, you'll see that as far back as February of 2020, there were four connections made to that URL, to the Microsoft URL. | ||
| And then on the 22nd, which coincidentally enough is during the time of the audits, there were five connections to the Microsoft URL. | ||
| I included that lower set of findings to illustrate that the importance of some of the items that were not produced to us. | ||
| So, not all of the election-connected devices We're produced to us for analysis. | ||
| And that IP of a 192.168.100.11 is a private network that was the election network. | ||
| And you will see that it accessed a bunch of web pages off of that device indicating that it was a configurator or it was a file server or something of that nature. | ||
| I want to draw your attention to that very last line, the M underscore network underscore wireless LAN dot HTML. | ||
| That was accessed on the 19th, or excuse me, on the 30th of October 2019. | ||
| 2019. Now we have not received any information about any wireless LAN configurations, but yet here you have someone accessing it from the EMS client to access what I can only surmise was a wireless LAN configurator on that date. | ||
| And you can see that the EMS Admin 01 account was used for that. | ||
| Once again, who the actual human was behind that account I cannot tell you because of the shared passwords and the shared user accounts. | ||
| But I can tell you that not all the devices were produced to us that would have shed significant light on our findings. | ||
| Next slide. | ||
| Okay. | ||
| Once again, this is EMS Client 3. | ||
| And you can see that there are six visits to Microsoft.com, and the last visit was on the 3rd of February, 2021. | ||
| Now, keep in mind that those previous five visits were obviously before that time frame, and we don't have a record by nature of this artifact when each of those visits occurred. | ||
| Next slide. | ||
| Okay. | ||
| Now, Rereb 1601 is kind of an interesting case. | ||
| Now, once again, we did not receive any network configuration diagram. | ||
| We did not receive any functional information as to the network. | ||
| You know, it was one of those things that as an auditor, in most cases, I can go back to the person being audited or the entity being audited and say, what is this? | ||
| Okay, how did this function? | ||
| How did this interact? | ||
| In this particular situation, there was extreme resistance and quite frankly, in my opinion, obstructionistic actions taken by the county to prevent this type of exchange. | ||
| Now, this system clearly was connected to the Internet. | ||
| Now, whether or not that was by design, or whether this is one of those isolated and protected systems that the county has indicated never touched the Internet, I cannot tell you. | ||
| But I can tell you that it had significant Internet access. | ||
| And this is only something that would fit on the screen, right? | ||
| There's literally thousands of connections to the Internet by this system. | ||
| Based on the naming convention, I would assume that this is some form of a web-based server that was used in the election system because it was produced under the subpoena, which that was one of the requirements for. | ||
| Now, the other thing that I will tell you is that this device was produced to us on an external 4 terabyte hard drive. | ||
| And originally it was represented to us as this was a forensics image of this device. | ||
| When we actually looked at it, we found that all of those devices that were produced on the external four terabyte hard drives, they were simply an operational system clone of that device and it was not preserved in a forensics manner. | ||
| What I can also not tell you is what steps were taken on the part of the county to ensure that the unused portion of that hard drive not occupied by this device. | ||
| I cannot tell you what steps were taken by them to ensure that those were wiped or zeroed out so that we would not commingle data. | ||
| Okay, so I do want to caveat these findings and the Regis findings with those statements. | ||
| But clearly, these devices had continual and repeated access to the Internet. | ||
| Next slide. | ||
| This is the Regis 1201. | ||
| And that, by the way, is the host name, not the function of this device. | ||
| And once again, you see repeated access. | ||
| That IP address is actually the public IP address for the Maricopa.gov public URL. | ||
| Next slide. | ||
| So I appreciate your diligence and your patience on this. | ||
| As we think about what I've talked about today, it really boils down to accountability, right? | ||
| And making sure that our election systems are secured. | ||
| I will tell you that they were not, based on any measure | ||
| That I, as an IT professional, performing countless vulnerability assessments and incident responses, that I have occurred, had a client that engaged me, had this state of a network, it would have resulted in a failure on our audit. | ||
| So at this point, I would like to remind people that from a totality of what these findings are, there simply is no accountability by anyone accessing these devices. | ||
| You had shared passwords. | ||
| You had shared user accounts. | ||
| You had remote access. | ||
| If someone could get access to this system, They wouldn't need a zero-day exploit. | ||
| The systems were so far out of date from a security compliance standpoint that it would have taken the average kiddy hacker less than 10 minutes using Metasploit to hack this system. | ||
| And I would like to remind everyone that's listening to this that when you have a network of computers like you have in these voting systems, It only takes one person bringing in a little hockey puck with admin access to provide external remote access to that voting system. | ||
| And in the situations where you don't have accountability, you have shared usernames and you have shared passwords, you simply cannot guarantee the security and the accountability on those systems. | ||
| And I thank you very much for your time, and I'm available for questions if you have any. | ||
|
unidentified
|
Thank you, sir. | |
| We appreciate that. | ||
| We're not doing questions at this time since it's just a presentation. | ||
| We will have committee hearings that will give everybody the opportunity to ask questions in the future, so thank you. | ||
| Okay, we are going to go back to Mr. Logan. | ||
| For those that are looking at your watch, the bulk of this is done, but there's still some more important things to do. | ||
| Mr. Logan is going to quickly, because we are running over time, go through his recommendations of what improvements the Senate might be able to help do through legislation. | ||
| And then Mr. Pullen is going to quickly give his report about the independent ballot count the Senate did. | ||
| And then we have Ken Bennett standing by, who was our Senate liaison, who will be giving you the observations that he noted when he was there working every day. | ||
| So, Doug, could you do me a favor and go through those recommendations quickly, please? | ||
| Is it working or are you clicking? | ||
| Okay, just click a bunch of times until it's on the screen and we'll talk through it. | ||
| Because if I can't control it, it's going to take too long. | ||
| OK. | ||
| And pull your mic up closer, please. | ||
| Everybody's texting me saying they're having a hard time hearing you guys. | ||
| I have a lot of transitions on it, so if you just click and show it all up at once. | ||
| We're watching the live hearing of the State Senate, Karen Phan, live from the State Capitol in Phoenix. | ||
| Now, continuing on to the presentation, I'm going to turn back to the Cyber Ninja guys who are going to roll this up. | ||
|
unidentified
|
We saw a lot of indications that there was Old, potentially old information in the voter rolls, and it's very important that our voter rolls remain clean. | |
| If they don't remain clean, it would facilitate, it makes it easier for almost any type of way that someone might want to take advantage of the system. | ||
| If only the people who are registered to vote and could show up to vote are in the voter rolls, that makes it more difficult. | ||
| And already when you go into the DMV, you can register to vote. | ||
| But specifically, if you change your license to another state, if you change your address, which are things that people are usually pretty diligent about taking care of, that should also update your voter registration details so that when you're out of state and you're in another state, it's not possible for your old voter rolls to be used by you or anybody else. | ||
| Specifically, we recommend that the NCOA is a natural change of address. | ||
| It's something put up at the U.S. | ||
| Postal Service. | ||
| I view a ballot basically like money. | ||
| And we should not be just mailing money to people who are not necessarily still at that address or have moved. | ||
| So check in the NCOA before you mail out ballots will help make sure that the currency of the ballots are only ever received by individuals who are legitimate voters who are still living at that location. | ||
| So 90 days before the election, in addition you should check it right before mail-in ballots if you're not ever effectively mailing currency out to an address where someone has moved to another state. | ||
| I understand that the EPM and guidance from the Secretary of State suggests that the Eric and Social Security Master's death list and others should be checked regularly against voter rolls, but I believe it needs a little bit more oomph to it and that there should be a legally required frequency for counties to do so to make sure that they're regularly being maintained rather than just a guidance that it should be done at some stage. | ||
| Talk a little bit about election software, both from the report I have out of Antrim and specifically with what some of the Inconsistencies and oddities that we're finding about the voter roll system both here and quite frankly across the country. | ||
| I highly recommend that we pass legislation that requires that these applications that are extremely important are built up to a higher standard and specifically are making sure that they're ensuring the confidentiality and integrity of the systems. | ||
| The Open Web Application Security Project is known as a leader in the application security space, and they specifically have something called the Application Security Verification Standard, or the ASVS. | ||
| It has levels 1 through levels 3. | ||
| Level 3 is for a sensitive system, and I would highly recommend that it would be a requirement for anything that's associated with voter rolls or voter systems that they would build up to that standard. | ||
| Doing so makes sure that the application itself has the necessary standards built into it in order to make sure things aren't altered and that there are appropriate logs, if so, in order to take care of that. | ||
| Specifically with that, it's always a good idea to run the ASVS assessments on a regular basis, usually every three or four years. | ||
| And specifically that the vendors should be required to attest that the ASVS standard was fully applied. | ||
| I further recommend that the vendors, you shouldn't be able to use the same vendor over and over again for any type of certification activity. | ||
| It creates too much opportunity for, if there was some Impropriety by a vendor that you could continue to pass. | ||
| So rotating vendors at least every three years and putting that in the law would help ensure that not only are these being assessed, but they're assessed up to a higher standard. | ||
| And this goes beyond specifically what the EAC is requiring because quite frankly, based on everything that's being said, the EAC is not requiring anything close to what is necessary in order to protect our election system. | ||
| And hopefully that will get better over time, but in the meantime Arizona can be a leader in this area. | ||
| Okay, voting machines. | ||
| Specifically, legislation should be considered that requires following of all the CESA guidelines for election systems and equipment, and that any variances against those should be documented, and there has to be risk memos that are signed off and should be public by the appropriate for any derivations from those guidelines. | ||
| Now those guidelines cover pretty much everything that Mr. Cotton was covering today. | ||
| Everything from setting up baselines in the systems, everything from baselines and network processes, making sure that user accounts are handled properly, and all those details are all covered by that. | ||
| So it's a very simple legislation that basically says that guidance needs to be followed. | ||
| Legislation should be considered which requires assignment of individual usernames and passwords. | ||
| Mr. Cotton's talked about that a lot today. | ||
| Legislation should be considered that requires real-time network monitoring of all election equipment, even on the air-gapped networks. | ||
| So there is some indication of what occurred there. | ||
| It may seem odd to have that on an air-gapped network. | ||
| But as Mr. Cotton was mentioning, there's very small devices that you can take in, and if you can plug them into a network port, you can effectively give the entire network internet access. | ||
| I mean, they're physically very small, they can be hidden easily, and if you've got real-time network monitoring on the systems, especially where the EMS is, you can identify that and at least have a log of it and potentially prevent it before anything happens. | ||
| and legislations to be considered that would prohibit it, internet capable election management system servers or equipment for being utilized. | ||
| There's a number of devices that when you look at the serial numbers from the ProP and VNSLI audits, they show that they had Wi-Fi cards and stuff put into them. | ||
| Anytime the capability is within a device, there's the potential for it to turn on, or for someone to turn it on and activate it or use it to connect to some other device like... | ||
| So it's highly recommended. | ||
| If the equipment's not even there, then you can't have a failure to configure create any issues. | ||
| So legislation that far, not just preventing Internet access, but preventing any type of capability in the device would help ensure the integrity, especially as we keep being told that things are not connected to the Internet. | ||
| From the voting machine standpoint, county employees should have all the administrative access on all election equipment sufficient to independently validate all configuration. | ||
| The fact that Maricopa County said they did not have the hardware tokens necessary in order to see if their election equipment was connected to the internet or not, Um, is extremely, extremely alarming. | ||
| Um, the accountability, the county needs to be able to hold vendors accountable. | ||
| Um, we may use subcontractors for various different actions, but the responsibility always falls on the county. | ||
| Um, and therefore they need to always have all access. | ||
| That should not be something they can relegate to somebody else. | ||
| In addition, election voting machines should have a paper backup of all ballots which can be used to confirm votes were cast as intended. | ||
| And these machines must be regularly maintained to vendors maintenance schedule. | ||
| One of the things that was found in some of our examination of the paper ballots is a lot of things were miscalibrated or otherwise not following general manufacturer guidance. | ||
| If we want to To make sure that we get the intended results out of things always, we should make sure that whatever goes through logic and accuracy testing, whatever it is that's a standard equipment being used, is the same thing we're using on Election Day. | ||
| And if you're testing a system with something different than what has happened in the real world, it's not a very good test. | ||
| And legislation should be considered that requires that paper stocks used on Election Day conform, again, to manufacturer specifications, and that it's been tested properly. | ||
| No, we think that you should have legislation that should consider creating an audit department that should regularly conduct audits on a rotating basis across all the counties in Arizona. | ||
| To the best of my knowledge, nobody is currently doing this, but based on the audit we performed, There was a lot of processes and procedures that were not conducive to effective audits. | ||
| The way that stuff gets better is by regularly checking it and regularly validating it. | ||
| And now that the whole world is looking at our elections, I think it's very important that we take advantage of that and make sure that That what is done in our election departments is brought up to the same standards that financial industry uses in other critical systems. | ||
| It should not be an area that's lagging. | ||
| When our voting equipment helps choose the most powerful individual in the world, there's a lot of adversaries that would like to take advantage of that and we need to treat it accordingly and make sure that it is being audited so that those standards are maintained. | ||
| Legislation should be considered that requires batches of ballots to be clearly labeled, separated from each other in a manner that cannot easily be mixed together, and easily connected to the batches run through the tabulation equipment. | ||
| There was a lot of hoops we had to jump through to even connect a box of ballots to what was run through the software in order to match those two up. | ||
| And that is something that should be simple to do, again, because it facilitates audits, and those audits facilitate accountability. | ||
| Well, a full audit like what we did this time, it cannot always be done. | ||
| The better the record keeping is, the easier it is to do partial audits to confirm things, and that's something the audit department can do on a regular basis, in addition to, you know, sometimes doing full audits. | ||
| But it's just, it's not cost effective to do that every single year. | ||
| Legislation should be considered to penalize, purposely inhibit a legislative investigation or an officially sanctioned audit of an election. | ||
| I think why that's in there is a little bit obvious. | ||
| Audits are really effective when you have the cooperation of the management who control things and it's very, very difficult to manage them. | ||
| That's why financial services, if you have your typical financial audit, if you don't comply with the audit you can literally be put in jail at times. | ||
| Okay, ballots. | ||
| Legislation to be considered that will make ballot images and cast vote records artifacts from an election that is published within a few days of the results being certified for increased transparency and accountability of the election process. | ||
| These are things that we think is important for the Arizonans and the American public to be able to see and validate and see with their own eyes. | ||
| Currently in Arizona, we had a judge that stated that we could not make the ballot images publicly available. | ||
| There should be nothing that links, once a ballot comes out of its envelope, there should be nothing that links it back to a person, and there should be absolutely no reason why it shouldn't be able to be public. | ||
| Legislations further be considered which require all ballots to be cast on paper with security features such as watermarks or similar technology with a detailed account of what papers were used. | ||
| With our paper analysis, we wanted to be able to say that this is a legitimate paper and valid and real, and we wanted to be able to say this is not legitimate paper. | ||
| But with as many wide number of papers that were used, I think we're estimated over 10 different copies, different types of paper, it's very difficult to make that. | ||
| But if there's official paper that's kept track of, it'd be much easier for an audit, when it's conducted, to be able to say without a shadow of a doubt whether it is in fact printed on legitimate paper. | ||
| Mail-in voting should incorporate an objective standard of verification for early voter identification, similar to the ID requirements for in-person voting. | ||
| It seems likely that mail-in voting will continue to increase. | ||
| From a security standpoint, I advocate no more mail-in ballots, but that's not probably realistic. | ||
| So that being the case, if it's going to continue, we need to have good identification requirements. | ||
| And thank you for your time, Madam President. | ||
| Thank you, Mr. Logan. | ||
| I appreciate that very much. | ||
| We'll take all those into consideration. | ||
| I'm sure we'll have more. | ||
| Let's go now to Mr. Pullen. | ||
| Randy Pullen was our co-legislative liaison there as they saw the work building up quite so much. | ||
| Mr. Pullen, could you give us just a tad of your background? | ||
| And as to why I selected you to please do this independent count. | ||
| Thank you, President Phan, as well as Chairman Peterson. | ||
| Thank you for your commitment to this forensic audit and your resilience over the last six months as we went through it. | ||
| Thank you. | ||
| Okay, just real quickly about me personally. | ||
| I graduated from Arizona State University undergraduate in math and chemistry and an MBA in 1981. | ||
| I sat for and passed the CPA exam in 1980, became a CPA, and I've been a CPA since then. | ||
| Employment-wise, I started out working on my MBA as a I was working at an engineering company writing software for them, and then I joined Deloitte Haskins and Sells and began working in their audit department and helped them develop and test the first statistical sampling software system for doing audits. | ||
| I became a partner at Panelcurve Forrester, and then again I went back and became a partner at Deloitte and Touche, where I focused on financial auditing, specifically for bank savings and loans in the hospitality industry. | ||
| I actually did get involved in forensic audits, so I understood how they functioned and what you had to do in order to complete them. | ||
| I started my own company back in the 90s. | ||
| I still do consulting and accounting services. | ||
| I also started an IT company in 2001. | ||
| Wage Watch, which still exists to this day, and we developed software that's still considered some of the best in the industry that we're in. | ||
| Background-wise, The Senate decided they wanted to do an independent count of the ballots in order to confirm the count by the county as well as the count by Cyber Ninjas on the forensic audit. | ||
| And so that was kicked off on June 28th. | ||
| They selected me to run that Uh, machine count. | ||
| Again, it goes back to my experience and knowledge. | ||
| Uh, I immediately got Brian Blim, who was the attorney who had worked on the floor of the Coliseum and was the legal counsel that dealt with any forensic issues that came up on the floor during the hand count. | ||
| Uh, and by that, by the end of June, he was no longer a contractor with The Cyber Ninjas, he was independent and he agreed to assist in the machine count. | ||
| We also enlisted a lot of former volunteers who had worked on the floor doing tally counts as well as working in the corrals. | ||
| This is the presentation of an independent Senate count that was going to go. | ||
| We're going to cut back to it. | ||
| But I want to, as we get down to the closing moments of our coverage of this, I want to bring in Matt DiPerno, Seth Keschel, and Boris Epstein. | ||
| Is Matt DiPerno still with us? | ||
|
unidentified
|
Matt? | |
| Yeah, I'm here. | ||
| Matt, Matt, here's the question. | ||
| You've sat through this. | ||
| You've looked at these reports. | ||
| Give us a couple minutes of your assessment of how this has played out today. | ||
| Your thoughts. | ||
|
unidentified
|
Well, I think remarkably that what they're finding is a lot of the stuff that we found in our own investigation in Antrim County in Michigan. | |
| Much of this matches. | ||
| I counted over 57,000 bad votes that they detailed as they went through this, and that is enough To draw into a significant question this election, and I think the Arizona Senate needs to consider decertification at this point. | ||
| Matt, how do people get to you? | ||
| We'll try to get you back on tomorrow. | ||
| How do people get to you, follow you on social media? | ||
| You guys are fighting it out up there in Michigan. | ||
|
unidentified
|
At mdperno on Twitter and dperno4mi.com is my webpage. | |
| There's no doubt your assessment today, from what you've seen, the report, and watching this presentation, that the decertification process should start in Arizona? | ||
|
unidentified
|
Not only that, but the Attorney General in Arizona should start a criminal investigation. | |
| Both of those things should happen. | ||
| Matt DiPerna from Michigan. | ||
| Thank you very much. | ||
| We'll come back to you. | ||
| I want to bring in Captain Seth Keschels. | ||
| Captain, you've been on this, the reason Texas people should know today there's four counties because of Seth Keschels' work. | ||
| Seth, can you give us your assessment today? | ||
| So I just endorsed Mr. DiPerno for Attorney General of Michigan, and I have to say I disagree with him a little bit that they should consider decertifying. | ||
| They must decertify. | ||
| You just heard evidence from Dr. Shiva and also Doug Logan and his team that not just the 50,000 plus that were listed in the leak, but another 17,000 duplicates that Dr. Shiva came up with from the early voting. | ||
| You also have the 255,000 mismatch between the final voted file and the EV33 file. | ||
| Then you have the failure of the county to turn over the logs and routers. | ||
| So at what point is this something that is so riddled with fraud where you don't need to twist anybody's arm to do the right thing? | ||
| Because people that voted for all candidates of all parties were disenfranchised and this is now a civil rights issue. | ||
| Captain Keschel, your assessment of, where was Katie Hobbs? | ||
| Katie Hobbs, who's a commentator on MSNBC and CNN every night. | ||
| I'm kind of shocked at the level of mismanagement, recklessness, you know, disregard for process. | ||
| It's pretty stunning how detailed this was and shocking from the electronics, from the machines, to the process of counting the ballots, all of it across the board. | ||
| What's your assessment of Katie Hobbs, Secretary of State? | ||
| I think she's presiding over corrupt voter rolls, because when an analyst takes a look at the voter rolls in Arizona, you see historic Republican gains in Maricopa County, which are consistent with Trump's popularity with the Republican Party in a Republican state, and then blown away, far and away above all norms, Democrat registration pushing the state left artificially, making people believe this narrative that California is going to turn every state in the West blue and turn itself twice as Democrat as it was in 2000. | ||
| You can also see that there appears to be a very sophisticated operation to defraud the county, and with it, the states. | ||
| Two-thirds of the vote comes from it. | ||
| But the board, you know, this audit was supposedly so minor, right, as it was presented in the media and has been lied about with the leak. | ||
| It is not a recount. | ||
| It is an audit. | ||
| So if I give you five counterfeit $20 bills, you're going to tell me you have $100, at least until we verify that those bills are fake. | ||
| But you have Steve Joukri just resigned from the Maricopa board. | ||
| Why would he do that if this audit wasn't a serious thing? | ||
| Captain, real quickly, how's your... and by the way, I just want to make sure, you support fully going right now, right into the decertification process? | ||
|
unidentified
|
100%. | |
| You can't allow this to continue. | ||
| This is our system of electing the world's most powerful person, but not just that. | ||
| There were 11 other races in the county that I was on your show, and I listed as danger close, and that was with Liz Harris' canvassing findings. | ||
| And the pressure needs to be put on the Arizona Senate to investigate Liz Harris' canvass findings, because it can all be validated. | ||
| So if they really want to try to show her wrong, they're going to have every opportunity, and I think they're going to fail. | ||
| It's the canvas, not the count. | ||
| Captain Keschel, how do people track you down? | ||
| How do they follow you on social media? | ||
| My Telegram channel, at Real S. Keschel. | ||
| K-E-S-H-E-L. | ||
| Captain, thank you very much for joining us. | ||
| Look forward to trying to get you tomorrow. | ||
| Boris, you've been on this since the early morning hours of November 4th. | ||
|
unidentified
|
Yes, I have. | |
| Okay, talk to us. | ||
| From the moment I was at the White House, when Fox News wrongfully called Arizona for Joe Biden, this is the moment we have been waiting for. | ||
| This is the moment that you, the MAGA patriots, the MAGA posse, the movement under the leadership of President Trump, this is what we've been waiting for. | ||
| There's one word to describe what came down today, and that word is receipts. | ||
| And we have said this was coming. | ||
| Some of you have gotten frustrated with me. | ||
| Got a little impatient. | ||
| But we told you, day in, day out. | ||
| Day in, day out. | ||
| Shoulder to the wheel. | ||
| Good days and bad days. | ||
| But we're going to get there. | ||
| Well, guess what? | ||
| We are now there. | ||
| Not only are there over 50,000 illegal ballots coming out of this audit, and by the way, you're also going to find out that a previous version of this report, before it was watered down, before it was worldwide exclusive for War Room Right Now, before this report was watered down, at the behest, hey, I'm going to say it, of some folks with the Arizona State Senate, at the behest... Not senators. | ||
| I'm going to say, from everything I understand, the legal counsel, as lawyers tend to do way too much, came in and messed with the process. | ||
| What was the stronger version? | ||
| The stronger version said specifically that the Arizona election in 2020 should have never been certified. | ||
| Let me hear that quote again. | ||
| Let me pull it up. | ||
| Why don't I pull it up and give it to you? | ||
| And you're reading it off of? | ||
| I want everybody to understand this. | ||
| There's another version of this out that was not the version that was presented today that's even tougher. | ||
| Here's from a version from Cyber Ninjas that was watered down. | ||
| Quote-unquote in bold. | ||
| The election should not be certified and the reported results are not reliable. | ||
| One more time. | ||
| Worldwide exclusive. | ||
| The election should not be certified, and the reported results are not reliable. | ||
| And you know what else? | ||
| This version, in no way, has the nonsense about the counts matching up. | ||
| You know why? | ||
| Because there were about four or five hand counts done, and maybe one of them matched up, and the rest of them didn't. | ||
| Well, guess what? | ||
| If there's four or five counts done, and none of them match up, and one comes kind of close, there is no matching up. | ||
| They took that out. | ||
| They took the other four or five. | ||
| They just smoothed it over. | ||
| They smoothed it over and said, oh, this is positive. | ||
| Explain that. | ||
| We only got a couple. | ||
| Explain that. | ||
| Take a second to explain that to this audience. | ||
| The leak last night was all around one sentence. | ||
| That the positive news is that the hand count, let's be honest, the hand count of the legal and illegal boats matched, the hand count matched the Maricopa County count. | ||
| This is what MSNBC went with. | ||
| It was leaked to them specifically. | ||
| It was leaked to them specifically, it was weaponized. | ||
| Why? | ||
| Because it was put in there, it was put in there to somehow show that the numbers matched up. | ||
| We know for a fact that a previous version of that same report did not contain that sentence. | ||
| We know for a fact that there were several, remember we said this on this air, that there were several, many, many counts done. | ||
| And that only one of them came close to matching up. | ||
| Some were 30,000 votes up, some were 20,000 down. | ||
| Difference between what was certified and turned over. | ||
| So this was all over the place. | ||
| What is the bottom line? | ||
| The bottom line is that we now know that this election should not be certified. | ||
| It has to be decertified. | ||
| It could have been certified. | ||
| Could not have been certified. | ||
| And whoever leaked, by the way, whoever leaked that sentence did it on purpose. | ||
| Whoever watered down this report did it on purpose. | ||
| But, signal not noise. | ||
| The information today that over 50,000 illegal ballots. | ||
| The absolute ludicrous, ludicrous mishandling of the machines and the wiping of the machines and the information before the audit started is criminal. | ||
| It is criminal. | ||
| This is a vital step in the 3 November movement to get to the bottom of the election. | ||
| The next step is twofold. | ||
| De-certification and investigations by Attorney General Branovich in Arizona. | ||
| Tomorrow morning at 10 o'clock, we're going to be back in the War Room. | ||
| Peter Navarro is going to be here. | ||
| We're going to go through this, deconstruct everything that went on, put context on it, and talk about the path forward. | ||
| And I think you're seeing tonight, and by the way, Cyber Ninjas, I think they showed great job. | ||
| Ben Cotton, remember that name, Ben Cotton. | ||
| And remember, we're not machine guys here, but I've got to tell you. | ||
| There's so many stunning revelations today from Ben Cotton's presentation, and he's one of the most highly respected guys in cybersecurity. | ||
| That is a game-changer. | ||
| I mean, my jaw was dropping what he was saying. | ||
| I know people in the room were pretty stunned, too. | ||
| You heard the whistles and the crowd reaction. | ||
| We'll be back at 10 o'clock tomorrow morning. | ||
| Boris, big day. | ||
| The people that granted out, the Patriots out there at the new Concord Bridge that did this, it's just amazing. | ||
| God bless the Patriots. | ||
| God bless you. | ||
| God bless the audience. | ||
| And for all the days that we've been here, all the days we've been talking, all the times we've come in hot, this is why we did it. | ||
| And this is only the beginning. | ||
| The freight train of audits is going from Arizona to Pennsylvania to Wisconsin to Michigan. | ||
| I gotta tell you, 100%, and for all the liberals and progressives, producers that watch this, President Donald J. Trump is gonna be lit up on this right now. | ||
| This is outrageous. | ||
| I'm already seeing it on my Twitter. | ||
| This is outrageous, and no offense, the guys at Fox News, It just is absolutely outrageous. | ||
| You called it that early in the evening. | ||
| Outrageous. | ||
| Okay, we're gonna be back at 10 o'clock tomorrow morning. | ||
| Thanks so much. |
Export Selection