On Sep 24, 2021, the Arizona Senate heard presentations from the key auditors, presenting their findings.

The audit report identifies more than 57K questionable votes, intentionally deleted election files, and other suspicious voting machine activity. 1

The official written reports can be obtained from The Arizona State Senate Republican Caucus, or we’ve included direct links below.

Show Full List of Reports
Cyber Ninjas Report
(recount and ballot audits)
Presentation 1
  Presentation 2
  Report Volume 1
  Report Volume 2
  Report Volume 3
CyFIR Report
(voting machines & cyber security)
Presentation from Ben Cotton, CyFIR Founder
EchoMail Report
(ballot envelopes)
Report by Dr. Shiva Ayyadurai
Randy Pullen’s Report Presentation
  Report
Ken Bennett’s Report (election procedures) Presentation
  Report
Senate President Karen Fann Letter to Attorney General Mark Brnovich

We recommend checking The Arizona State Senate Republican Caucus website for the latest versions, in case they release further reports or updates that we have not listed here.

Major issues identified:

  • 255,326 early votes are recorded in the VM55 file of counted ballots but are missing from the EV33 file 2

  • 17,322 duplicate votes (where voters sent in 2 or more ballots) that were illegally counted in the final certified tally (a large surge of these were dated the week following the election) 3

  • 27,807 ballots cast from individuals who had moved prior to the election, and are unlikely to have physically received their ballots legally

  • Envelopes without signatures that were stamped as “approved”

  • Ballot envelopes showing an apparent “approved” stamp behind the basic graphics of the envelope, suggesting tampering, or at the very least, poor quality scanning and archival of envelope images

  • The systems related to elections integrity had numbers that could not balance or agree with each other

  • The voter rolls and the registration management process itself having many data integrity issues. For instance, over 200 individuals were easily identifiable as likely being the same person but having two different Voter IDs and voting twice in the election.

  • Without access to the County’s detailed records including personally identifiable information and registration systems it is more likely there were many tens of thousands of improper votes in the election from double voters, deceased voters, voters for which there is no trace in the public records nor association to their voting address

  • Proper voter registration law and procedures were not followed

  • There were unexplained large purges of registered voters, right after the election, of people who had voted in the election

  • There was back-dating of registrations, adjustments made to historical voting and voter records, unexplained linking of voter registration affidavits to multiple voters and more

  • Files were missing from the Election Management System (EMS) Server and other voting machines, either intentionally or negligently removed

  • Ballot images on the EMS were corrupt or missing

  • Logs appeared to have been intentionally overwritten

  • All data in one database related to the 2020 General Election had been fully wiped. This occurred on the day prior to Maricopa’s own internal audit. 4

  • On the ballot side, batches were not always clearly delineated, duplicated ballots were missing the required serial numbers, some originals were duplicated more than once, and the auditors were never provided chain-of-custody documentation for the ballots for the time-period prior to the ballot’s movement into the auditors’ care. This all increased the complexity and difficulty in properly auditing the results.

  • There were significant anomalies identified in the ratio of hand-folded ballots, on-demand printed ballots, and a significant increase in provisional ballot rejections for a mail-in ballot already being cast, suggestive of mail-in ballots being cast for voters without their knowledge.

  • Maricopa County failed to follow basic cyber security best practices and guidelines from CISA 5

  • Remote Access and “Terminal Services” features of Windows were enabled allowing machines to be remotely controlled 5

  • Software and patch protocols were not followed 5

  • Credential management was flawed: unique usernames and passwords were not allocated. Many (if not all) accounts shared the same password, and multiple users appear to have shared the same account. 5

  • A dual-boot configuration was discovered on adjudication equipment which is not an approved configuration. The second hard drive contained non-Maricopa County data.

Here is a summary table from the Cyber Ninjas report (Volume III). This does not include the 17,322 duplicate ballots found by Dr. Shiva (EchoMail) and the 255,326 early votes that appear in the VM55 but are missing from EV33 file.

A lot of the mainstream media has picked up on a single results table from Doug Logan that showed that the audit team’s count of the ballots closely matched the certified results, using that as supposed proof that Biden still won the state. What is being overlooked is the highly questionable validity of those votes.

Also note that this is not the complete audit report. Analysis of the routers, Splunk logs, and paper ballots is still ongoing.

Thanks to @LibertyOverwatchChannel for sifting through the reports and providing summaries. A further summary, with slightly more detail is on Patrick Byrne’s website.

Below, you can watch the full 3-hour hearing:

Several workers from the forensic audit — Maricopa residents who voted in the election and passed background checks — were interviewed on what they witnessed during the audit. They reported seeing numerous anomalies including ballots that were filled in “too perfectly”, indicating possible duplication by machine; and abnormal repeating patterns such as 7 for Biden, 1 for Trump, 7 for Biden, 1 for Trump, 7 for Biden, 1 for Trump. Despite being reported, these issues may not have made it into the final report. See their testimony in the video below:

Editor’s note: Regarding the machine-printed ballots mentioned in the video above, Doug Logan, the lead auditor from Cyber Ninjas reported that there are some legitimate scenarios where ballots are marked by a machine, such as if they are damaged, or unable to be scanned 6, or from ballot marking devices (BMDs) used by voters who are unable or uncomfortable marking a ballot by hand. While BMDs may be needed for voters with disabilities, they have known issues when used in large populations.

Analysis of the routers, Splunk logs, and paper ballots is still ongoing. We’ll update this page as more findings are uncovered.

Continued Debate

Maricopa County officials took to Twitter and sympathetic media channels to deny the allegations and minimize the report’s findings. They claimed the results were mistaken and that they had provided everything in the Senate’s subpoena, despite several key items still being withheld.

Members of the Maricopa County Board of Supervisors, as well as Ken Bennett, Senate liason for the audit, presented testimony to Federal Congress’ Oversight Committee on the findings, during which the county admitted to removed election files from machines prior to the audit. 7

Dr. Shiva, who ran the audit of ballot envelopes, held a follow-up open discussion forum on the Maricopa Audit, open to Republicans, Democrats and state/county officials. See the full video and our summary here.

Cyber Ninjas later provided a great, detailed rebuttal to Maricopa County on their denials and deflections. It addresses specific claims, one-by-one, with screenshot evidence and links to further references.

So what happens now?

Senator Karen Fann has forwarded all reports onto Attorney General Mark Brnovich, who is in the process of identifying criminal activity and other breaches of law that need to be prosecuted.

The state congress will also likely explore further actions such as potentially decertifying the results. We expect to hear more about this in the coming days and weeks. 8

Footnotes & References

  1. Correction: We previously quoted the report as saying Cyber Ninjas writes, “based on these factual findings, the election should not be certified, and the reported results are not reliable.” Apparently this conclusion that “the election should not be certified” was included in an early, leaked draft report, but Doug Logan, author of the report states that this was added to the draft by a junior audit staff member and was removed from the final report. 6 9 Doug made every attempt to present the findings factually and neutrally. We have since removed that statement. 

  2. UncoverDC explains these files and what they were expected to contain. See “Cyber Ninjas Report: 255,326 Ballots Cast, No Record Of Receipt”, Sep 28, 2021. 

  3. According to Dr. Shiva, there was a massive surge of duplicate ballots AFTER the polls closed on election day. Between November 4th and November 9th, 25% of all double votes were received by election officials, eventually getting counted in the final total. Curious timing? Did they wait to see how many extra votes they needed? See the relevant snippet of the presentation via this Tweet.

    Dr. Shiva and his research team were able to track the timing of the duplicate ballots by looking at the timestamps of all Early Voting Ballots that were received by election officials.

    Dr. Shiva also held a follow-up open forum on the Maricopa Audit. See the full video and our summary here

  4. Maricopa County claims that they “archived” a lot of data prior to the audit, and are still in possession of this data, but since it was not listed in the subpoena, they were not required to provide it to auditors. It has not yet been confirmed whether this data actually exists as they claim. 

  5. Maricopa County claim that these security practices are unnecessary because the vote tabulation network is “airgapped” (meaning it’s on its own isolated network, unconnected to the internet), however they appear to be naively unaware (or criminally complicit) as to the numerous ways that attackers can infiltrate an airgapped network. Evidence in the report also demonstrates that there were periods of internet connectivity, contradicting their claims.  2 3 4

  6. Conservative Podcast: Interview with Doug Logan, Cyber Ninjas CEO, Oct 7, 2021. It’s a long video, and we’ve misplaced the timestamp, but it’s probably within the 10min - 1hr segment.  2

  7. C-Span User Clip: “Maricopa County Admits They Deleted Files That Were Archived, Not Given in Subpoena”, Oct 7, 2021. Or see the full 3hr 45min hearing video, on C-Span. 

  8. Whether the state legislature can actually “decertify” the previous election is hotly debated. Arizona Governor Doug Ducey has stated it’s not legally possible to do so, and he won’t pursue it (although he has been highly resistant to the entire audit process, and potentially complicit). Attorney Matt DePerno has written to Senator Wendy Rogers and also stated in interviews that the Constitution does give this power to the state. They just need the courage to exert the power given to them. 

  9. According to interview with Doug Logan at The Gateway Pundit: “Exclusive Interview with Doug Logan from Cyber Ninjas on the Arizona Senate Forensic Audit – Updated”, Sep 28, 2021 

Visitor Comments

Show Comments