Election Hacking? A Review of the Allied Security Operations Group Antrim Michigan Forensics Report

(Editor’s note: Multiple staff contributed their expertise and analysis to this article.)

Well, that was a fun November.

Now that we’re deep in the throes of President Donald J. Trump’s certified re-election loss, real conspiracies are coming to light. And, we love to hate conspiracies, it is the lifeblood of Bullshido. So, it’s time we take a hard look at Dominion, or more specifically, a suit filed in Antrim County, Michigan, and the subsequent findings.

But, before we strap in for this long ride, it’s necessary to point out that our mission, as willing continued participants in this thing we call civilization, is to root out corruption and identify preventable mistakes. Maybe some shady stuff happened, in this election; certainly much has been alleged, and we’ll get to those, in turn. This is not a defense of Dominion, it is an examination of bogus and/or faulty claims, and why they undermine real efforts at countering corruption.

While reviewing most security analysis and reporting there is usually a proven event to work back from, such as a data breach, malware alert, or other known incident. Then, the researcher attempts to recreate how this occurred and maybe if apparent point to a motive. However, in the case of the Allied Security Operations Group (ASOG) reporting on Dominion’s voting systems, it seems the original premise of the investigation was flawed. The report assumed immediately that there was wide scale fraud in the 2020 election, a premise that has been without hard proof. As a result, there was no “smoking gun” event to work back from. Therefore, what follows is a series of basic security reviews, assumptions and conjecture that does not much as prove the original hypothesis, that fraud has occurred, but a situation where an analyst could say “Yes, I can see it is possible.”

Cue our chief actor, Russell James Ramsland, Jr., a “cyber security expert,” who boasts an MBA from Harvard, and a political science degree from Duke. Not a whiff of education on computer forensics, electronics, or any sort of technology on his resume, but that’s OK – we can still smell him from here. To be fair, it is not requisite to have experience with boots on the ground when you’re just a middling executive that is being held out as the head of this investigation. However, we think that experience in those issues would have prevented some of the claims he has proffered. We will use the term “they,” often, as Ramsland has indicated that it was a team effort at ASOG. But, our conclusion is that Ramsland should be embarrassed to have entered this tripe into the public record (spoiler alert).

First, Ramsland has come to some small amount of infamy, during the course of this process, for misidentifying cities in one state, for those in another, and providing statistical analysis of voting counts which defy belief. In one case, an over 780% increase in voter turn-out led his list of alleged misdeeds. That is perfect red meat for an audience that wants to believe in their disenfranchisement, in spite of the bald face of facts.

But, the piece de resistance is this forensics report, which we find several issues with. You may read the full report, here, at your convenience:

Before getting too deep, it’s important to understand how this process works. First, a voter fills out a ballot, by coloring in the circle (or rectangle) next to their choice. You know, the kind of thing you learn in grade school. Then the ballot is cast by feeding it into a scanning machine. The scanner tallies the individual choices into buckets, both digitally and literally. If you have used a spreadsheet program, you can think of these digital buckets as cells on the spreadsheet. Periodically, the digital buckets are carried on a memory card to a central tally machine. That final step plays heavily in this report. The paper ballots are retained, in case a recanvassing and recount needs to occur.

The Report

We’ll skip the opening “we’re great at what we do, because reasons,” and head right for B.2:

“We conclude that the Dominion Voting System is intentionally and purposefully designed with inherent errors to create systemic fraud and influence election results.”

That is a pretty extraordinary claim and one that we want to sink our teeth into. If true, the safety of mankind is at risk.

In computer parlance, an error is the failure of a piece of software or a system to accomplish its designated purpose. Generally speaking, errors in computing are the result of bad input data, or flawed programming logic. ASOG gets this pretty much correct, and then makes some bad leaps. Computer software always does what its programmers have told it to. The allegation is that there is some “magic,” in play to cause ballot rejections, which require human intervention. This is key, ground zero. A rejected ballot should be rejected again, if the software is operating correctly, or without human intervention. In fact, it was the upstream tabulation machines which were at fault for the majority of the issues claimed in this report.

“The system intentionally generates an enormously high number of ballot errors.”

The system is a motorized optical scanner. This means it needs periodic maintenance, such as cleaning and lubrication. It also means that a ballot could be rejected if it is inserted incorrectly. As the source code was redacted, we don’t have a remedy to determine the validity of this claim. Suffice to say that the judge hearing the case would have to be in on the conspiracy, if there was sufficient evidence presented to support this claim, as he released this report but ensured that the internals were redacted.

“The electronic ballots are then transferred for adjudication. The intentional errors lead to bulk adjudication of ballots with no oversight, no transparency, and no audit trail.”

The Adjudication Problem. On Page 3, we are revealed to the stunning figure that the Dominion System rejected 81.96% of votes as needing review. These ballots were sent to an Adjudicator for review. That is, by definition, oversight – how else would they get counted? There is an assumption that the votes at this point could be changed by human intervention, however there is no proof that they were. In fact, in the report there doesn’t seem to be any code review or reverse engineering of the Dominion code base to determine why nearly 82% of votes required review. Software updates are commonly mentioned throughout the report, but nothing about what error or bugs were fixed in these updates is related.

“We disagree and conclude that the vote flip occurred because of machine error built into the voting software designed to create error.”

That sentence should be taken out and shot for crimes against the English language. His trampling of the meaning of error is abhorrent.

“We observed an error rate of 68.05%. This demonstrated a significant and fatal error in security and election integrity.”

No, it demonstrates that the scanning machines were not able to recognize the chicken-scratch Michigan voters learn in their pathetic public schools. (Editor note: Hey! I gradumated from Michigan public schools!)

“68.05% of the events were recorded errors. These errors resulted in overall tabulation errors or ballots being sent to adjudication… All reversed ballots are sent to adjudication for a decision by election personnel.”

Exactly. They were sent to humans for manual review. Perhaps we should revisit the human error angle? Are you not reading your own report?

“Ballots sent to adjudication can be altered by administrators, and adjudication files can be moved between different Results Tally and Reporting (RTR) terminals with no audit trail of which administrator actually adjudicates (i.e. votes) the ballot batch.”

So, the software worked, and humans are to blame. About 3 paragraphs apart, you should be able to find these:

“The Dominion Voting System produced systemic errors and high error rates both prior to the update and after the update; meaning the update (or lack of update) is not the cause of errors… This was a 2020 issue not seen in previous election cycles still stored on the server. This is caused by intentional errors in the system.”

First of all, an update to the software should have gone through the same rigorous testing that led to the initial error which necessitated an update. It should not have been certified by Michigan authorities to be put in place without such testing. Again, this is not a software error.

Despite their own report making the case for human error, they continue on to allege the following:

“The statement attributing these issues to human error is not consistent with the forensic evaluation, which points more correctly to systemic machine and/or software errors. The systemic errors are intentionally designed to create errors in order to push a high volume of ballots to bulk adjudication.”

They are saying human error is not responsible, and then saying human error is responsible. And, there is scant if any evidence that any ballot was not properly adjudicated.

Meanwhile, the State has published a more easily digestible explanation – the update in question was related to a specific configuration and was most certainly human error. Relying on the spreadsheet analogy, from earlier, the digital buckets were mislabeled internally. This is a configuration error caused by a human, and it was identified and fixed. But, again, not a software error, intentional or otherwise.

The Security Posture Problem. As expected with offline servers in small districts the Security posture of the server was poor. Unencrypted and not regularly updated is pretty par for the course, however, again the report only concludes that with enough access and knowledge of the system, the server could be accessed covertly. However, there was no evidence of modification or hostile software installation. Similar to coming up to a home, with an easily pickable lock. Just because a thief could break in doesn’t mean you have been robbed. Especially if you aren’t missing anything. The one point that is of interest is the missing security logs prior to 11:03pm on November 4, 2020. Unfortunately, they are never mentioned again. What were this logs? Were they on the voting machines, the Windows Server they forensically imaged? Are they from the Operating System or Voting Software? Was any attempt made to recover them? Was was the Log Rotation Schedule? How often are the logs cleared by the OS or the software. Without further information this could be evidence of covering up misdeeds or basic server maintenance. For some reason, the report neglects to go down this path.

The ASOG report goes on to describe their methodology and detailed findings, many of which are redacted. Suffice to say that Ramsland draws a picture of a system that has been woefully mismanaged, perhaps criminally so. He makes sure to get in jabs at Canada and China, which is not strictly necessary for a forensics report. But, drawing a line from poorly managed systems to a hack or an intentional software glitch is an incorrect conclusion, based on the information presented. Perhaps someday we’ll get to see the redactions restored and can draw a different conclusion, but you can rest assured that the enormous amount of scrutiny given to Dominion across 28 states and Puerto Rico means that the machines themselves work correctly, when maintained and operated correctly.

Overall, the report spends most of its time assuming the election fraud as happened and goes about trying to prove it. With a lack of evidence of tampering, it makes every minor error, software update and less than perfect security posture evidence of a massive fraud narrative. This reads less like a network attack and more like a conspiracy theory.

As a footnote, Dominion has now filed a Cease and Desist order against Sydney Powell, she that was dismissed from Trump’s legal team. You can read about that, here.