Thu Aug 12 04:33:10 +0000 2021

 · 6 min read
 · trapezoid of discovery

[tweet] [link]
Recapping the craziness from cyber symposium day 2. Starting with Dr. Doug Frank saying:

"Remember how told you around the country we had sympathetic clerks?" (note the 's')

"We've been able to do full forensic imaging of the machines...before, during and after the elections"

[tweet] [link]
One of my favorite moments from this morning was is Frank pausing his description of the images with

"You want me to hold on? Oh you're talking to somebody else? I just don't wanna get in trouble...but I will!"

You can hear laughter from the audience

[tweet] [link]
Jim in the frame with Ron?

[tweet] [link]
Also, sorry if you can't see Doug Frank, but the chyron is blocking him. He's in the lower right corner.

[tweet] [link]
Let us never forget this extremely weird moment where Dr. Doug Frank led the crowd in "America the Beautiful"

[tweet] [link]
Here's a clip of Phil Waldron stating that the Antrim Co., MI EMS image will also be publicly available, and that it had been made available yesterday to at least one breakout room.

Waldron can't seem to get his story straight re: the provenance of the image.

[tweet] [link]
Waldron says "This [Mesa EMS] information as well as the Antrim information will be available..I mean, this, again was a publicly available file found that uh..found last-er-yesterday afternoon, last night, and um, we'll be able to point you where that file was"

[tweet] [link]
Waldron continues "..and again, whether it was Antrim Co., MI, uh which the breakout teams, I understand that one breakout room yesterday was able to get that image, and hopefully this afternoon the other breakout room will be able to get that image"

[tweet] [link]
Here's why these statements are bad for Waldron:

  • He says the Antrim images were "publicly available" "last night" meaning, the evening of 8/10 or early morning 8/11
  • But he also says that a breakout room had access to the Antrim image on the afternoon of 8/10

[tweet] [link]
The thing is, as far as I can tell, the only images that were publicly released were for Mesa Co., Colorado, and they were released at 5:41 AM CST on 8kun

How would the breakout room have access to images of Antrim's EMS that were never publicly available?

[tweet] [link]
Assuming Waldron's not mixing up Antrim and Mesa - and it doesn't seem like he is - I can take a guess at how the breakout room would have had access to the Antrim images:

ASOG, of which Waldron is a part of, were part of the team that forensically imaged the Antrim machines

[tweet] [link]
Conan Hayes, mentioned by Ron during the conference yesterday, was also a part of the team that imaged the Antrim machines.

Doug Logan and Ben Cotton also had access to the Antrim County forensic images.

https://www.depernolaw.com/uploads/2/7/0/2/27029178/[14]_ex_12_cyber_ninjas_1.pdf https://www.depernolaw.com/uploads/2/7/0/2/27029178/[13]_ex_11_cotton_1.pdf

[tweet] [link]
Unlike Mesa County, where the leaked images seem to have been procured by someone named Gerald Wood (or maybe Conan Hayes, based off Ron's statement), there's less plausible deniability for the Antrim images:

The only people that had access to them were DePerno's team

[tweet] [link]
This could be bad news for DePerno's team. When they were granted access to the machines, a protective order was put in place prohibiting them from distributing the forensic images without the courts permission.

https://bloximages.chicago2.vip.townnews.com/record-eagle.com/content/tncms/assets/v3/editorial/7/8d/78d95322-374b-11eb-8fec-3fdfe95b2a93/5fcc0d5d6e7fd.pdf.pdf

[tweet] [link]
So either DePerno's team willfully distributed the images, or they...lost custody of them and someone else did?

But even if it were the latter, the images never ended up getting published online, so someone would have had to personally provide them to the breakout rooms

[tweet] [link]
Waldron disclosed their strategy by failing to keep his story straight: they wanted to publicly release images of both Antrim and Mesa County EMS via torrents. Ideally before anyone in the breakout rooms had access to them.

That's also why Ron hyped torrents for 2 weeks.

[tweet] [link]
But they botched the timing of the release of the Mesa EMS images, and failed to release the Antrim images entirely, so they lost their chance at plausible deniability and legitimately claiming that "someone else happened to publish them online"

[tweet] [link]
For my AZ friends, here's what this means:

2 of the handful of people that had access to the Antrim images were Doug Logan and Ben Cotton.

Those Antrim images now have a chain of custody problem and have violated a court issued protective order

Are Logan or Cotton the leakers?

[tweet] [link]
Interesting, @ErrataRob is confirming that the breakouts had access to Antrim images that "they downloaded from the internet last night".

However, I still can't find them posted anywhere, and the current images only seem to be for Mesa.