In the aftermath of the 2020 U.S. Presidential Election, news outlets, social media platforms, and high-profile individuals have been discussing and debating former President Donald Trump’s claim of election fraud. In a nutshell, the central argument of this ‘Big Lie’ centers around the theory that foreign entities interfered with the 2020 election by hacking into voting machines to alter the totals in favor of then-candidate Joe Biden.
One of the most outspoken critics of the last election is My Pillow CEO, Mike Lindell, who has been claiming for months that the Chinese Communist Party hacked the election as stated to Newsweek:
“We have got piles and piles and piles of evidence. We are going to dump it on the public because they have suppressed it,” he insisted. The businessman described the evidence as relating to “all the cyber footprints with IP addresses, IDs of computers” as well as “private audits being done.”
Lindell promised to produce this evidence live at his Cyber Symposium, which was held from August 10 to 12 and offered a $5 million reward to anyone who was able to disprove his evidence. Being a cybersecurity professional myself, I was anxious to see this event. If Lindell was able to give technical evidence that an actual U.S. election was hacked by a foreign government then I wanted to use my expertise to honestly review his findings.
So, I sat through the entire event and this is my honest review of what I witnessed….
But before I dive into the core of my assessment, I wanted to lay down the ground rules for my analysis: I am treating my analysis as if I was called as an expert witness for a trial and had to prove or disprove evidence and why; I am not looking into claims by attendees and panelists; and lastly, and most importantly, I am not analyzing the politics of the event or the people.
So, with that, let’s begin with a rather basic premise that will be a theme throughout my analysis: How do we know evidence is legitimate?
At its core, the legal system understands that evidence can be fabricated against someone or some entity. It is important to understand that when evidence shows up in court to accuse or defend someone, it has to be confirmed as real and not fabricated or tampered with. This is of paramount importance.
For a forensic investigation that starts with the Chain-of-Custody. Basically, the Chain-of-Custody is the understanding of where the evidence came from, who has handled it, and how it has maintained its integrity; meaning verification that no one altered or tampered with it for any reason. In the case of performing a forensic analysis on a voting machine, a forensic image (meaning an exact and unalterable duplicate of the data) of the machine would have to be done by an independent third-party with witnesses on both political sides to fully confirm that the forensic image was tamper-free and could therefore be used in court.
Prior to that forensic image being taken, there would also need to be a Chain-of-Custody confirmation for the machine itself. As a cybersecurity expert, I need to see who actually owns the machine, where was it stored, and if the machine was secure enough to ensure that it can’t be tampered with. If there is not a clear understanding of those questions, then the evidence is suspect. It could have been fabricated, it could have been planted, it could have been altered, it could even be legitimate but without the Chain-of-Custody any one of those could be true.
To begin, I have personally spoken at and attended hundreds of cybersecurity and technology conferences in my lifetime. The Cyber Symposium was unlike any I have seen because the majority of the time was not about the technology behind the evidence of fraud or the evidence itself. Much of the entire event was about various topics of a political nature.
Sticking with the evidence, Mike Lindell and various other speakers spoke of Mr. Lindell having PCAP files taken from voting machines that prove those voting machines were communicating to the Chinese government. PCAP files are files that show the network traffic as one device or computer communicates to another device or computer or out to the internet and back. While a PCAP file isn’t going to show us exactly how a voting machine is programmed to cheat an election, it would show us if the voting machine was phoning home somewhere on the internet and if the internet was responding along with what protocols were in use to communicate.
Lindell and his panelists never actually displayed these alleged PCAP files to the audience. In fact, the audience both attending in person and also watching the live stream never saw them. What we got instead was a demonstration of the packet capture software Wireshark, a free utility, and what a packet capture looks like.
That’s well and good, but a demonstration is not evidence of malfeasance. I can show you how to rob a bank but that doesn’t mean the bank was actually robbed.
The packet capture demonstration was the only real cybersecurity demonstration that happened. The only other mentionable demonstration came from an algorithm expert who explained how a voter scam would work by reprogramming the algorithms in a voting machine, but again, a demonstration is not evidence of malfeasance.
From a forensics perspective as a professional in cybersecurity, I saw zero evidence that would hold up in court.
rst expert on the second morning was Patrick Colbeck, a former Michigan State Senator and a self-proclaimed certified Microsoft Small Business Specialist. That is a fine certification but I.T. is not cybersecurity or forensics, and to his credit, he said he wasn’t an expert in those fields. That then begged the question of why he was presenting at a Cyber Symposium.
Next was the main event of the day that was billed as “a live dissection” of actual evidence. After numerous technical difficulties Ron Watkins, the owner of 4Chan/8Kun and is believed to be “Q” of QAnon fame, said via video conference he had two forensic images “allegedly” taken from a Dominion server. These images are before and after a software update that “prove” the server was manipulated to change votes. Watkins repeated the word “allegedly” multiple times and then said he was “told” that the first forensic image was from 2019. They also stated these were found publicly and would be giving out the link to download them which never materialized.
Immediately this is a serious issue in terms of evidence handling. Chain-of-Custody for any evidence is beyond important as it helps verify the evidence as legitimate, including evidence of voter machine tampering.
Anyone could have mocked these images to look like anything. For all we know these images are part of an actual disinformation campaign from a foreign government. Maybe they’re legitimate, but without that understanding, it’s 100% suspect and cannot be trusted. Objectively, it cannot hold up in court.
Imagine fabricating evidence of a crime and then the legal system doesn’t verify it’s authentic but uses it anyway to convict someone. In fact, that’s essentially what happened during Watkins’ session. The session was also prematurely shut down when Watkins’ attorney advised him to stop for legal and investigation reasons.
And that was basically the end of the Cyber Symposium from a cybersecurity and forensics perspective. There were more discussions of a political nature – accusations by various state and local politicians against their respective jurisdictions – but nothing else of the cybersecurity or forensics nature. Cybersecurity expert Robert Graham was also there live-tweeting and confirmed that third-party experts like him did not receive any data that was close to valid.
While Lindell and his speakers educated the audience on Chain-of-Custody is and why many voting systems are vulnerable to exploitation, they ultimately did not provide anything substantive. Vulnerability doesn’t equal exploitation. There was nothing at all that could be considered evidence.