Thu Sep 23 23:39:19 +0000 2021
[tweet] [link]
Been relatively quiet today because I've been preparing for the AZ audit results tomorrow. I'll start live tweeting in a thread under this tweet when the event starts at 1PM MST/PST/GMT-7.
[tweet] [link]
To set expectations for this thread: I'll be focusing mostly on the cyber claims and the meta around the audit. Follow @Garrett_Archer for informed commentary on the ballot related findings
[tweet] [link]
I was pretty zonked out by the time the report leaked publicly yesterday, so I didn't get a chance to fully dive into the details, but you've probably heard that the recount showed that Biden won by a slightly larger margin than had been previously reported. However...
[tweet] [link]
That's being spun by audit Telegram into:
"Of course he still won, they counted the same fraudulent ballots that elected him in the first place. When they reveal how many of those ballots are FAKE, you'll see that Trump actually won by a large margin"
[tweet] [link]
It'll be interesting to see if the audit team runs with that narrative.
Either way, the report's written in such a way that we can expect them spin tiny discrepancies (that are likely due to their lack of experience) into "startling revelations" that indicate fraud occurred
[tweet] [link]
Wendy Rogers, Mark Finchem and Sonny Borreli have been making a lot of noise about decertification, but I'm pretty sure that's just a fundraising gimmick (signing Rogers' decertification petition bounces you to a donation page lol)
The real end goal is legislative reform
[tweet] [link]
Some initial thoughts on the leaked draft.
Tweet of get_innocuous/1441489830324563970
[tweet] [link]
Other people to keep an eye on during this: @HarriHursti @ErrataRob @kskoglund @philipbstark @eddie1perez
[tweet] [link]
Stream here BTW: https://www.azleg.gov/videoplayer/?clientID=6361162879&eventID=2021091005
[tweet] [link]
Argh, my stream keeps dying, trying this link thanks to @PuzzleGauntlet https://player.invintus.com/?clientID=6361162879&eventID=2021091005
[tweet] [link]
Here's the contact with Shiva for his work on the audit.
Tweet of get_innocuous/1438237462241808385
[tweet] [link]
If I understood correctly, a "scribble" could be a bad signature, but is not guaranteed to be a bad signature. And the threshold for identifying scribbles was intentionally low...which means there's a good chance most of those are false positives, right?
[tweet] [link]
Yes, Warren Petersen, let's go back over Shiva's credentials.
Because they're hilarious.
[tweet] [link]
Notice how not a single one of these credentials has anything to do with elections or voting.
[tweet] [link]
Doug Logan's repping his GIAC certifications that have been expired for years.
Tweet of get_innocuous/1425880626457055234
[tweet] [link]
Missing from Cyber Ninja's audit security: Snipers
Tweet of get_innocuous/1432934062033829890
[tweet] [link]
Logan mentioned that counters were all Maricopa residents, and completely glossed over this information that's included in the leaked draft.
[tweet] [link]
Canvasses not in scope, but they said they were going to include data from Liz Harris' canvass in the leaked draft report.
[tweet] [link]
CISSP is an intentionally broad certification.
Tweet of ErrataRob/1441510791115689984
[tweet] [link]
The "real maricopa audit" is making it's way through Telegram. Ann Vandersteel claims "they" threatened Logan and his family if he put it out.
[tweet] [link]
I have serious doubts about the authenticity of the report circulating on Telegram. Among them is that the filename says "final" yet the "DRAFT" watermark is intact. As a result, I won't be sharing that out. It'll be fun to see if it's accurate though.
[tweet] [link]
Reminder that Ben Cotton's DFIR certificate is from his own company.
Tweet of get_innocuous/1413261925962575875
[tweet] [link]
He referred to his DFIR certifications as "various"
Tweet of get_innocuous/1403458754960498688
[tweet] [link]
It's hard to patch airgapped systems, because the systems are intentionally kept offline. Ditto AV definitions.
Further, had the AV definitions actually been up to date, that would have been used as proof the machines were connected to the internet.
This is silly.
[tweet] [link]
addresses this in his review of Antrim.
https://www.michigan.gov/documents/sos/Antrim_720623_7.pdf
[tweet] [link]
Cotton's pivoting from "they should have been updated" to "the EAC's guidelines are bad if they say systems can't be patched".
Well, maybe. It's worth considering supply chain attacks, a la Solarwinds, and how that could impact electronic voting systems
https://www.sans.org/blog/what-you-need-to-know-about-the-solarwinds-supply-chain-attack/
[tweet] [link]
Regarding logs, and whether they're considered "election records" and thus subject to the preservation record requirements that voting records are subject to: the CO SoS has recently argued in court that system logs are not considered election records.
https://www.sos.state.co.us/pubs/newsRoom/pressReleases/2021/20210922SecretarysOpeningBrief.pdf
[tweet] [link]
This would follow SOP. It's typically the designated election official's duty to backup election records*.
*Again, the definition of what counts as an election record is important
Tweet of Garrett_Archer/1441522232623198212
[tweet] [link]
In other news the @AuditWarRoom ban evasion account seems to have been suspended
[tweet] [link]
Weird to list the file roll oversize in MB but then talk about individual log entries instead of continuing to use file size.
[tweet] [link]
It's also worth noting that 20MB is the default rollover threshold for Windows Event Logs. No one intentionally set the rollover threshold to 20MB.
[tweet] [link]
hope you're enjoying this
Tweet of nickmartin/1441524720776613891
[tweet] [link]
No idea why Cotton thinks he can't disclose the "high port" that DNS was listening on
[tweet] [link]
Cotton's talking about how he discovered "artifacts" that indicated systems he evaluated connected to the internet.
The last time he did this he found Windows Defender virus definitions and claimed that indicated machines had connected to IPs in Taiwan.
Tweet of get_innocuous/1382422402215211009
[tweet] [link]
This URL: also likely from AV definitions. Google it.
https://otx.alienvault.com/indicator/domain/az725175.vo.msecnd.net
[tweet] [link]
Sounds like we're getting close to the end of the presentation. At this point I've heard enough to know that the "final" draft I mentioned was making its way through Telegram was very likely audit fan fiction. Once I can confirm this, I'll share a side-by-side comparison
[tweet] [link]
Again, this is why it's important that people have domain specific knowledge when they audit elections.
Tweet of ErrataRob/1441531009615474690
[tweet] [link]
This is one of the recommendations that's in the Telegram version of the "final" report 😂😂😂
[tweet] [link]
They may be gearing up to split timelines, and claim that the auditors were pressured into releasing a version of the report that more closely resembles the draft.
Meanwhile they'll spread their doctored version around as the "actual final version".
Welcome to the auditverse
[tweet] [link]
Here's a good illustration of the above point: Shiva's TWO FULL SLIDES worth of questions because he's never done an election audit before.
[tweet] [link]
Ken Bennett reiterates that the audit did not "fail" because it accurately shows that Biden won the election.
[tweet] [link]
David Clement's was very enthusiastically sharing out what he thought was the final version of the audit report. The differences between the fanfic he was sharing and the actual report are HILARIOUS.
[tweet] [link]
Gateway Pundit, of course, was also duped. https://www.thegatewaypundit.com/2021/09/patrick-byrnes-releases-report-executive-summary-based-audit-results-2020-election-arizona-never-certified/
