Notes on Russell Ramsland briefing on Electronic Vote Changing
anons this video was posted a few breads back and it is a goldmine of information: https://www.youtube.com/watch?v=ficae6x1Q5A
I took notes on it and added some of my own analysis
pt 1/5
https://www.youtube.com/watch?v=ficae6x1Q5A Informaton Operation Ep7: Interview w/ Cyber Source w/ Hard Evidence of Electronic Vote Changing: Election Fraud
CDMedia streamed live 11/5/20
Host L Todd Wood reveals the mechanics behind the electronic vote steal operation in an interview with powerful source.
Russell Ramsland
group specializing in cyber ops
also does physical sec
accomplished people, letter agencies
disenchanted with what saw under Obama admin
commercial firm
involved in election system, logs from activist
Dallas, TX election 2018 so-called “blue wave”
logs: concerned, how could this possibly be?
tracking journey 2yr
self-funded internal investigation
Summary of Findings
– 2002 HAVA [Help Americans Vote] Act
counties don’t run elections anymore
gave billions $ states to redo election system
contract with private companies to run your elections
no standards for security
no transparency no supervision
– air-gap myth. voting co’s own manuals show this
– foreign-owned servers outside contry, they are the last ones to control
so-called “unofficial” votes -> but eventually control “official”
unofficial/official behind the same firewall
my guys can easily go from the unofficial to the official
– no sec stds (ex NIST) to certify election software
– SoS [Secretraries of States] don’t understand what they’re doing
– software so bad and so porous, anyone wishing to hack and change votes can change audit trail
– cannot go back forensically, have to catch in real-time
Nov 14, 2018 – examination of 2018 General Election
1137pg log from Dallas county central tabulation system
bogus voter roles, bogus voters ->
polling station equipment hacked / defectively designed ->
[^= VOTER FRAUD : usual area of concern – becoming a smokescreen]
“it is really out there and it is going on in massive amounts –
the polling station equipment can really be hacked, I had a guy
sit in a car outside a polling station in his car and in 3min he
was inside the polling station equipment using his cellphone –
so all that’s real – but that’s not what we’re talking about today.”
[Sidney Powell interview last week references this cellphone hacker scenario (she knows)]
focus: central counting tabulation & server
where your vote goes
-> remote computing capabilities that compiles/distributes votes
“they can redistribute the votes and they can reupload them”
= ELECTION FRAUD: new area of concern
Evidence of Tampering?
compare audit log error messages for Dallas and Bexar
abnormal activity
Central Accumulator Error Message (Post L&A) / Dates Occurred in Dallas / 847 Pcts Dallas / 768 Pcts Bexar (San Antonio)
Time Stamp Mismatch / 11/5&7 / 1741 / 1502
Update & stop checking / 11/5&7 / 2 / 13
CREATE LOG IMAGE LOG FAILED / 11/6 / 3 / 0
Collect Audit Data failed / 11/6 / 3 / 0
CREATE EVENT LOG FAILED / 11/6 / 12 / 0
CLEARED VOTING TERMINAL AUDIT DATA / 11/6 / 6 / 0
Votes exceed ballots / 11/5&6&7 / 1027 / 0
DATABASE RESET / 11/3&4 / 2 / 0
Precinct already updated / 11/6&7 / 160 / 18
REPLACED (Election Day) / 6-Nov / 96 / 1
Repeated COLLECT AUDIT DATA FROM COMPACT FLASH / 11/5&6 / 4 / 1
Dallas vs San Antonio (Bexar county): same co [ES&S] running election
San Antonio very very blue, hypothesis: logically only 1 race they’d mess with (Ted Cruz v. Beto O’Rourke), shouldn’t see much
but should see a lot going on in Dallas. our concern was true
1027 times votes exceed ballots = you have loaded more votes for candidates than ballots actually cast!
[Rudy 11/19 presser calls this OVERVOTE, but here this means voting for more candidates than allowed]
between early voting / election day, saw warning 1027 times
each time not 1 vote, can be 20-30x
never appeared in San Antonio log
hard DB reset
early voting: votes d/l from precincts. force regenerate, entire db reset, then reload somewhere else from not original data
saw 2x in Dallas – never in San Antonio
preinct is already updated operator ES&S didn’t care, yolo update it anyway
REPLACED – 96x in Dallas, entire precincts replaced
COLLECT AUDIT DATA FROM COMPACT FLASH – not original data sticks from precincts, something different. 4x
initial assessment: not looking good
pt 2/5
Findings
– Research existing reports on voting complications
Everest Report (12/7/2002)
Matt Blaze & Harri Hursti
https://twitter.com/mattblaze https://www.cise.ufl.edu/~butler/pubs/everest.pdf
EVEREST: Evaluation and Validation of Election-Related Equipment, Standards and Testing
outlined company-by-company, all the vulns, alter votes, 1″ thick report
many findings still relevant!
C-Span Panel (2016)
Matt Blaze Testimony US Hse. Comm 1/9/20
ES&S Security Test Report Electionware 5.2.1.0 8/28/17 Freeman Craft McGregor
17 critical, 49 important vulns – NOT FIXED
24 critical, 51 important vulns in electionware clients – NOT FIXED
Missing OS patches
SCAP [Security Content Automation Protocol] Misconfigurations
Windows 2008 R2 STIG [Security Technical Implementation Guide] / Firewall / .NET / IE9
Windows 7 STIG / USBCG [United States Government Configuration Baseline https://csrc.nist.gov/Projects/United-States-Government-Configuration-Baseline/USGCB-Content/Microsoft-Content/Windows-7]
BIG-IP support: even worse [is this F5 TMOS? https://en.wikipedia.org/wiki/F5_Networks#BIG-IP]
– Spot tested prior findings: they still exist
– Read manuals, operator can change vote
Source code: all available out there
– Traced entire voat trail
29 states: stored, controlled, and reported by a Barcelona Co. servers in Frankfurt
Barcelona Co. in bankrupcy don’t even know who owns it [shell/front company?]
* BMD [Ballot Marking Devices]
12 months, 6 voting companies: ES&S, Dominion, Hart, Tenex, Demtech, SGO Smartmatic = 92% of market in 2018
audited public facing sites
– admin name/pw for critical files in open
– Voter Reg list by precinct (worldwide) including DL info and PII [Personally Identifying Information]
– all previous vote uploads
– all source code many companies using same basic source code structure
[evidence against “Setting the Record Straight” dominionvoting.com November 21, 2020 statement https://archive.is/F18Ui claiming Dominion and Smartmatic do not share any code]
SW porous, operators & outsiders can change votes utterly undetected
no audit trail (Hart)
erasable/changable audit trail (ES&T, Dominion ) – NO EVIDENCE of vote changing can be found
“we found no evidence” – you won’t! catch in realtime
– access to entire AWS [Amazon Web Services] databases
– all ballots “we saw the new Dallas ballots before Dallas did”(!)
– all counting/tallying functions [interrogate DB, how many votes to each place]
result: make any candidate win/lose by directly altering votes at server/DB level
for any election most companies conduct
worldwide
silly myth that our entire nation’s voting system isn’t connected to internet
totally connected to the internet. network map of IPs
county sites sharing SSL certificates
should have own cert – but shared by
ssl.connect.clarityelections.com
Issued by: Go Daddy Secure Certificate Authority – G2
Exp Wed, Feb 17, 2021 at 1:30:21 PM Pacific Standard Time
Server certificate [ssl.connect.clarityelections.com.pem]
subject=OU = Domain Control Validated, CN = ssl.connect.clarityelections.com
issuer=C = US, ST = Arizona, L = Scottsdale, O = GoDaddy.com
https://crt.sh/?q=ssl.connect.clarityelections.com
63 different domain names – different counties all secured w/ same cert
browardsoe.org cocovote.us download.electionplanning.com electionconfig.secureballot.clarityelections.com elections.mywoodcounty.com enrinput.clarityelections.com galveston-tx.connect4.clarityelections.com mchenry-il.connect.clarityelections.com mchenry-il.connect4.clarityelections.com ncsbe.gov pbcelections.org recorder.countyofventura.org sboe.state.nc.us ssl.connect.clarityelections.com state-ky.connect4.clarityelections.com testbed.connect4.clarityelections.com testbed2.connect4.clarityelections.com testwv.uat.connect5.clarityelections.com virtualmail.clarityelections.com voteindianriver.com voter-registration-fl.connect.clarityelections.com wv.demo.cfinance.clarityelections.com adamsvotes.com bastropvotes.org browardsoe.org capemaycountyvotes.com ccclerkrec.us cocovote.us coffeecountyvotes.com contracostacore.us dallascountyvotes.org egovernmentproducts.com elections.co.shasta.ca.us elections.erie.gov galvestonvotes.org greggcountyvotes.com hudsoncountyclerk.org jeffersonelections.com macoupinvotes.com madisoncountyvotes.com martinvotes.com miramarvotes.com monmouthcountyclerk.com monmouthcountyvotes.com morgancountyelections.com ncsbe.gov ocgovboe.net pbcelections.org rockwallvotes.com sarasotavotes.com sboe.state.nc.us scpclerkofcourt.com ssl.connect.clarityelections.com thewillcountyclerk.co thewillcountyclerk.com thewillcountyclerk.comm votedenton.com voteindianriver.com votelimestone.com votelubbock.org warrencountyvotes.com whowontheelection.com wv-uocava.com
pt 3/5
High-level view of voting system
EMS [Election Management Systems]
Mid-level co’s ( Harp [vs Hart?], 30+ others) use vote co’s hardware & software
Vote co’s: ES&S, Hart, SGO Smartmatic, Dominion, Premier (Diebold), Tenex
Central counting: pollbooks/voter rolls, tabulation/reporting SW, unofficial/official DB [Stored in cloud!]
-> Clarity Elections, Tampa FL – owned by SCYTL, Barcelona. 28 states use this ENR [Election Night Reporting] system
Clarity servers in Frankfurt, DE. ex: Dallas, TX .csv d/l, created +6 TZ _east_ = Europe
+GCR, VR Systems, Arikkan
-> to Associated Press or Decision Desk HQ -> media
bug/malware in Scytl allows capturing creds reporting into system
Official db -> Sec of State, but doesn’t really matter, can go (((unofficial)))->official
Found ways to change votes at:
– Voting place
– Tabulation SW (ex in KY)
– Unofficial db
– Election Mgmt Systems
– Clarity Elections (its a mess)
Dallas in 2018
credible people reporting they saw NGP VAN playing in these DBs
NGP VAN = Voter Analytics for Dems , ala Cambridge Analytics in 2016 but NGP VAN was ignored
look at history of primaries, draw relationships early voting to election day
algorithms based on primaries + early voting, predict what happens on election day
at end of early voting, “how many early votes needed to be +/- to win on Election Day?” projection
original votes from precinct sent via Flash memory cards
-> ES&S Operator at county level -> updating Clarity/AWS -> Scytl/cloud
ES&S Op has its own laptop, brought in/out of tabulation room during early voting/election day
observed taking a thumbdrive out of laptop and plugging in
we saw NGP VAN interacting with this stream
they want to get early votes and upload every single day
so they can upload and change their election day forecast
wtf was NGP VAN doing putting things into the stream? = timestamp mismatch (1000x)
Typical Scytl vulns
QSnatch malware, inside Scytl staging, fake login, backdoor, exfil
Persistence: impossible to run needed FW updates, once infected full factory reset must be done on the device
Prove to yourself Scytl is hosted in Frankfurt, DE
scytl.com = 52.57.209.147 = ec2-52-57-209-147.eu-central-1.compute.amazonaws.com AMAZON-02 ASN16509 Germany https://bgpview.io/asn/16509
[11/22 update:
scytl.com has address 18.196.162.197
scytl.com has address 205.178.189.131
scytl.com mail is handled by 0 scytl-com.mail.protection.outlook.com.
197.162.196.18.in-addr.arpa domain name pointer ec2-18-196-162-197.eu-central-1.compute.amazonaws.com.
131.189.178.205.in-addr.arpa domain name pointer wf.networksolutions.com.
hosted on same AWS server:
scytl.com mysitepre.scytl.com socialmedia.scytl.com owa.scytl.com ppm.scytl.com mysite.scytl.com ots.scytl.com owasppre.scytl.com mielectionspro2014.scytl.com epropagande.scytl.com owasp.scytl.com test.scytl.com agm.scytl.com bck.scytl.com unauthorized.scytl.com mail3.scytl.com premi2014.scytl.com demo.scytl.com hrm.scytl.com alm.scytl.com edemocracy-experience.scytl.com inside.scytl.com smtp2.scytl.com dmspre.scytl.com
pb
eu-central-1 = Europe (Frankfurt) Region in AWS https://docs aws amazon com/AWSCloudFormation/latest/UserGuide/cfn-sample-templates-eu-central-1 html
scytl us = 107.180.228.13 dp-1f0253cda2.dreamhostps.com as of 1/20, before, it was on Amazon server-54-192-30-99.iad89.r.cloudfront.net…]
Kentucky margin of win/loss
They were called into look into the results. 1.4m votes cast, every Republican won big, margin 200-300k… EXCEPT for the Governor:
Governor : Matt Bevin (R) -5,086
AG : Daniel Cameron (R) +221,125
APA : Mike Harmon (R) +204,960
Treasurer : Allison Ball (R) +300,935
Comm. Ag : Ryan F. Quaries (R) +276,319
SoS : Michael Adams (R) +64,562
This may sound familiar. Trump was comforably ahead in 5 key battleground states with Dem governors.
Suddenly all 5 states stop counting at same time, offline 3hr, online suddenly, massive votes (3 states: all) for 1 candidate only “absolutely impossible”
KY votes stored overseas, they didn’t know . Click link unofficial votes
https://results.enr.clarityelections.com/KY/97213/web/#/summary
Scroll to bottom: © 2019 Copyright: scytl us
CNN footage : GOP’s Bevin trailing in KY gubernatorial race. Live feed from Clarity from AP or DDHQ, as updated with votes.
Andy Beshear 673,948 -> 674,508 gained 560 votes
Matt Bevin 662,235 -> 661,675 lost 560 votes wtf?
https://www.youtube.com/watch?v=0GCAm8M0PgU 560 votes instantly swap between two candidates on live TV
This is VOTE SWITCHING ‘ in the computer
1120 votes switched about 20% off loss margin
pt 4/5
Tabulation SW problems
Query 1: straight party tickets, refine by governor’s race
Getting undervotes
Precinct C148 ballots cast: 21, overvote: 0, undervote: 8, R: 5, D: 8, L: 0
Query 2: query governor’s race, refine by straight party ticket
Ballots cast: 21, write-in: 0, overvote: 0, undervote: 0, Bevin (R): 4, Beshear (D): 17, Hicks (L): 0
Reordered query, shouldn’t matter
Same precinct, same votes cast, but all undervotes gone away. +8 to D
Undervote: skip voting a race, leave blank
Undervotes awarded to the Democrat, depending on how write the query
What are we doing?
Open Records – downloading files of cast votes daily in Dallas, building DB
assign unique identifier to voter record to flag changes, detect tampering
through Wednesday, saw 57k votes altered during early voting
cast by one person, voted by another?
10 blocks of Westminster St. in HP had votes purged, partially reloaded changed
double-voting
people with no voter ID voting
Houstin: 250k votes altered on 10/14
just generating from county’s published records
Ghosts _ : people using another person’s residence, but actual residents never heard of
ex: voting residence: 3632 Haynie, Dallas, 75205 in precinct 2225
5 ghosts, never heard of, each voted twice, living overseas:
Foltz, Kimberly Ann SOS:2128937012,id:4897614 DOB: 1959, reg: 7/14/20
Orlando, James Ventura SOS:2130317289,id:4460996 DOB: 1961, reg: 11/8/16
Orlando, Matthew Richard SOS:2167198026,id:4897618 DOB: 1999, 7/14/20
Orlando, Zachary Francis SOS:2167198019,id:4897616 DOB: 1997, 7/14/20
site where you can plugin your address and see if you have “ghosts” in your residence:
http://www.openrecords.org/voting/search_voters.html
Phantoms : checkin on poll books as one person, but vote shows up as someone else
affidavits, going to polls and being told already voted! but they haven’t.
Dallas Central County said wife voted but she’s been dead 5 years.
Purged or tampered : county posts as voted, then later deletes or changes.
Dallas: 57k instances, 250k in Houstan. Somedays number is so high can only be done by computer program.
individual person cannot change 250k or 40k votes in a day.
often see 100 here, 200 here, can be local operator playing in the game.
local operator: can +/- votes
Election Fraud or Voter Fraud?
MI: In the dead of night, suddenly 138,339 ballots (2.9% turnout), all unattested, show up and every single one of them is for Biden .
Called a data input error. Not an input error unless local operator is adding votes.
America or Venezuela?
5 key battleground states, D governors, all suddenly quit counting at the same time, in the dead of night, resumed 3hr later.
Trump was comfortably ahead in all of them when stopped, once resumed, enough new ballots found in all 5/5 states, suddenly Biden has caught up.
Even more incredibly: virtual every “found” ballot was for Biden.
MI: now known was a bogus file upload
WI: had more votes than entire registered voters
Nationally 50-60% turnout huge
100%+ is really huge turnout
pt1
pt2
pt3
pt4
Notes on Russell Ramsland briefing on Electronic Vote Changing
pt 5/5
What can you do?
Stop buying this junk.
SoS issuing waivers to these companies, contravene state law.
Make sure you don’t have ghost voters at your house (Houston/Dallas, TX: http://www.openrecords.org/voting/search_voters.html)
Demand your states clean their voter roles
Vote on Election Day to throw off the forecasts [in line with Trump’s rally recommendations (he knew)]
Gap early voting->election day, gives people lot of time to figure out how many votes need to move around
Which is what we saw when 5 states took 3hr hiatus to “find” votes, sure enough they did
Volunteer as judge, clerk, poll watcher (do an affidavit)
Forensic database analyst
Lawsuits. Sue these people! Draw media attn educate public.
We can never have another election as shamelessly rigged as this one
Go back to real paper ballots . Not BMDs [Ballot-Marking Devices] and area voting. Identified 10 ways to change BMD votes.
Require real safety certification standards for software. EAC 2.0 [Election Administration Code], an idea, was NEVER done. Was supposed to require no Internet connection.
If we get those standards, need DHS or 3rd party do a PEN test to meet standards.
Ignore CISAS proclamations, they don’t even know its connected to the Internet. [Chris Krebs, CISA: FIRED 11/17/2020 https://twitter.com/realDonaldTrump/status/1328852354049957888]
Require spot RLA [Risk-Limiting Audits] on true Paper Ballots
Consider national blockchain voting system [tamper-proof time series audit trail]
Attempts to get to appropriate authorities
Made many attempts
Some attention from congressmen
Pete Sessions (TX-17) knew his race was rigged, filed complaint. He was now re-elected. Strong warrior to start cleaning up this mess.
Have tried to get CISA to listen, the people in DHS, supposed to be keeping us safe – they would NOT take a briefing.
They were willing to have a very short few minute phone call, and that was it. No followup whatsoever. Wonder why?
Been to FBI twice. The FBI has no interest in looking at this.
Found some people in DHS at field-level , spent a full day, took a lot of data, put out to private contractors.
Every one of contractors came back: omg, this is right, the data is right, this is horrible. Unable to accelerate up the chain of supervisors. They’re getting resistance from above.
DoJ prosecutor, was involved in their cybercommission, pretty darn technical. Looked at it: this isn’t evidence, this is proof . Helped submit to FBI first time, FBI did nothing .
July 2019: went into FBI to try to look at it. The FBI is not interested, thinks it is a political hot potato, may not have people qualified…
Another case involving CP, FBI was given a laptop, they had it connected to the Internet. That’s crazy, you never do that! It immediately defragged and got rid of the evidence.
Is it purposeful? Idk
Is it incompetence? Idk
But the FBI is doing nothing about this.
Tried to take to AG (TX). Didn’t want to do anything. Some of them did. But deferred to SoS. Can’t really pursue any of this fraud or even look at it without SoS asking us to.
SoS of course very unresponsive to looking at these problems.
Top leadership: Greg Abbott (TX gov), not even willing to take this briefing seen today.
This briefing was the tiniest piece of evidence amassed in this 2yr investigation .
Going to be lawsuits, reporters (2-3 very interested)
The federal govt is going to have to act. States going to have to act.
Can’t pretend the emperor has beautiful new clothes. Bring in some people serious about really securing elections.