The most egregious misunderstanding about the November 2020 elections, whether purposeful or not, was the idea that there were late night fraudulent “data dumps” of votes that heavily favored Democrats. “Vote dump” charts  and memes proliferated quickly across social media starting in the early hours of November 4th. They purported to show significant voting irregularities, but instead merely showed large Democratic leaning cities reporting their mail-in ballots, drop-off ballots and some early voting ballots counted and recorded in large batches. The accusations of voting irregularities at the time was completely in bad faith and this misunderstanding of how votes would be uniquely counted in the November 2020 elections had actually been predicted many weeks prior to the election. Experts at the time had said be careful of the false appearance of a “red mirage” in certain swing states when the initial election results would start to be recorded on the major news networks.

Many months prior, the legislatures in WI, PA, and MI specifically legislated that county officials could not pre-process or pre-count mail-in ballots before the in-person ballots cast on election day were first counted. Had the states of WI, PA and MI been allowed to release much of the mail-in ballots at the close of polls like Florida, it would have clearly mitigated some of the bogus claims of irregularities. Some election experts have even suggested this was not by accident and was in fact a desirable outcome for Republican legislators in these states because they knew President Trump had been trying to undermine the validity of mail-in voting.

Because of the Covid-19 pandemic and the partisan differences in how the pandemic was being treated, predictions were that most Democrats would vote early and /or via mail-in ballots and most Republicans would vote in-person on election day. It was clear to election experts that the prioritization of counting ballots based on how they were cast could easily create false appearances of success for particular candidates well before all the ballots would be counted. These same experts,  political pundits and election officials foresaw the problem of a “red mirage” in election results on election night because in-person voting (mostly Republican) would be recorded first and then later the mail-in and early votes (mostly Democratic) would be counted late in the evening and early morning hours of the 4th. There would also be differences in the volume of counting and recording because of batch counting of  mail-in and early cast ballots. Weak and ultimately failed attempts were made prior to the election to alert the general public for the potential of this misleading “red mirage” of election results early in the evening before significant amounts of the mail-in and early cast ballots had been counted.

By the morning of November 4th the fears of this “red mirage” being misinterpreted and in fact exploited by many malicious actors had become clearly evident. For example this tweet by a rather obscure Twitter user @Heide_OCE tweeted out this image at around 8:00 am central time on November 4th. The tweet and graphic was subsequently repackaged into numerous memes and even exploited by foreign actors as well. Charts and memes like this would soon serve as the basis for the claims of election fraud by President Trump and his allies. Disinformation around the November 2020 election results exploded and continues to this day.

Dozens of electoral challenges and lawsuits would be filed in the months after the November election and ultimately all would fail in the courts. However some of the expert testimony and affidavits produced seem to live on even to this day, despite the glaring errors in the analyses. Sidney Powell’s 11/25/20 legal filing claimed election fraud in Michigan and included the declaration of an “intelligence analyst” who the Washington Post would later identify as Josh Merritt. Behind the scenes, multiple “intel” groups supplemented Powell’s legal filings by scraping the internet for literally anything from anyone supporting the election fraud narrative, according to a thread by Twitter user @visionsurreal

The thread by @visionsurreal goes on to say that ‘this was a deceptive & damaging information operation designed to create the “aura” of election fraud more so than a serious investigation into credible allegations of fraud’.

Powell’s legal filing in Michigan dated 11/25/20 included a redacted document entitled “Spider Declaration” which contained the analysis of a “former electronic analysis under 305th Military Intelligence” whom Powell referred to as an “expert.”

Spider’s 11/23/20 declaration contained screenshots supporting vulnerabilities he alleged amounted to proof Dominion Voting Systems was “certainly compromised by rogue actors, such as Iran and China.” At least two screenshots mimicked ones from an anonymous Twitter researcher that went by the user handle @schaumby. This researcher was likely someone independent of Spider/Merritt and not necessarily anyone tied to military intelligence or the “intel” groups working with Powell/Flynn directly.

These screenshots show that the Powell filing and anonymous researcher @Schaumby discussed the same exact flawed data analysis.

The most immediate flaw in the analysis was the false assumption that the domain “dominionvotingsystems.com” still belonged to and was under the control of the elections software and hardware provider, Dominion Voting Systems. Both the Twitter user @Schaumby and Josh Merritt in the “Spider declaration” show an old 301 redirect from 2011 data in Archive.org where the domain “dominionvotingsystems.com” clearly redirects to the main company domain for Dominion Voting Systems at “dominionvoting.com”. At the time in 2011 historical WHOIS / domain registration records retrieved from RiskIQ clearly show that both domains were in fact registered and owned by Dominion Voting Systems. However what both @Schaumby and Josh Merritt neglect to mention in their claims of fraud and foreign interference, specifically by China, is that Dominion Voting Systems let the “dominionvotingsystems.com” domain expire in 2014 and no longer owned, used or controlled that domain in 2020 much less in any of the years after they let the registration lapse.

They neglect to mention that the domain “dominionvotingsystems.com” would be picked up on the open market and registered by a Chinese company in 2019. Thus any analysis done in late 2020 through 2021 on that domain would of course show Chinese related IP addresses, hosting SIGINT and Chinese related server components.

In fact historical data from RiskIQ shows that the domain “DominionVotingSystems.com” has passed through multiple domain brokers, foreign entities, and was even a parking page for a brief period of time, all after the company Dominion Voting Systems gave up this domain in 2014.

Even a Chinese sporting goods company apparently thought they could cash in on some of the residual Google rankings and left over internet traffic from the long ago abandoned Dominion Voting Systems domain “DominionVotingSystems.com”. It is quite possible this simple mistake will be one of the issues Dominion Voting  Systems uses in its growing list of defamation lawsuits.

The discussion in the “Spider declaration” about the connections between the company Edison Research and potential connections to Iranian servers is nonsensical. It is also not at all clear how these analyses relate to Dominion Voting Systems or the November 2020 elections.

Steve Micallef, the creator of the OSINT tool Spiderfoot, posts an excellent review where he goes point by point on how his tool was misused and the output misinterpreted within the “Spider declaration”.

Part II of our analyses will be posted in the next couple of days if we are able to view and or access any new information provided from the Mike Lindell cyber symposium. 

Eric Cybersecurity, Digital Investigations