Hoo boy. I finally took a look at the affidavit from “Spyder”—supposedly a pseudonym for a white hat hacker with a military intelligence background—from Sidney Powell’s “Kraken” lawsuits, and it is absolutely crazier than a bag of cats. courtlistener.com/recap/gov.usco…
It reads like gibberish composed by an AI to scam people with no technical background into thinking something very technical has been said. It’s a bunch of screenshots of DNS lookups and SpiderFoot scans connected by pure non-sequitur dream logic.
TL;DR: “I am a top-secret 1337 haxx0r. I did a whois lookup of Domion Voting. LinkedIn says they have employees in Serbia. Banana Cream Lobster Monkey. Therefore: ILLUMINATI CONFIRMED.”
I seriously cannot get over the fact that someone tried to submit this insane free association exercise to a court. As an “expert witness” affidavit!
Lemme just give you a taste of how utterly batshit this is. With no explanation or connection to anything else in the affidavit, “Spyder” notes that the progressive group Indivisible—which has nothing to do with ANY of this—has a subdomain called “scorecard.”
“Spyder” thinks this “evidences the use of Scorecard software” by the progressive group. He doesn’t explain what any of this is supposed to mean, but “Scorecard” is part of another online conspiracy theory, and is supposed to be the codename of some evil vote rigging program.
Now, Indivisible DOES have a subdomain called “scorecard”. You can visit it. It’s... a political scorecard like you find on a million advocacy websites comparing Joe Biden and Donald Trump. scorecard.indivisible.org
Now, he doesn’t explain any of this. It’s just dropped in there without context as if the court is supposed to know what any of this means. But the idea seems to be (1) Crazy people on the Internet have a conspiracy theory about something called “scorecard”...
(2) A progressive website used the word “scorecard” to describe... a political scorecard. Therefore (3) Crazy people on the Internet’s conspiracy theory is proven. Or something. This is their “cybersecurity expert”.
I picked this example because you don’t need any technical background to see that it’s totally absurd. But it’s almost all the same level of fever dream nonsense; some of it just has IP addresses in it. The only thing it manages to prove is that the author is mentally unwell.
There’s one semi-coherent, semi-relevant claim I think I extracted from this rambling delerium: “Spyder” claims he found login credentials for some Dominon employees by scraping their site and “on TOR nodes” (I assume he means onion sites?)...
If that’s true—and given how amateurish and frankly deranged the rest of the document is, I would *absolutely not assume it is true*—it would be sort of embarassing for Dominion. It might mean an attacker could access some part of Dominion’s own network.
But would still have exactly nothing to do with any claim about voting machines or tabulation software being compromised. It’s like thinking somone who hacked NORAD’s public website must be able to launch nuclear missiles. That’s not how anything works.
Anyway. The thing is a farce. It does not read remotely like the work of anyone with any serious expertise in data forensics or cybersecurity. It reads like a 12 year old with ADHD watched too many episodes of Mr. Robot and learned how to do a WhoIs lookup.
I can’t help myself, another gem: A programmer who in 2012 wrote some code for a project sponsored by Facebook currently works at the Consumer Financial Protection Bureau. What does this have to do with election security? Or... anything? IT’S ALL CONNECTED! CYBER! WHEE!
I’m dwelling on this because *they submitted this to a court*. It’s not like this is a real analysis that’s flawed in some subtle way. It’s obviously, hilariously bonkers gobbledygook. It’s word salad. It’s a guy saying he’s fluent in Japanese & then shouting “Yamaha! Sushi!”
They’re not even TRYING to make it look serious. But somehow people whose eyes glaze over as soon as you say “DNS” look at this and think it’s some kind of real evidence of something. And then they give these charlatans money.
It’s somehow more offensive that the con is so lazy. It’s like those Nigerian scam e-mails deliberately written to be so obviously fake that only the hopelessly gullible respond, & the scammers don’t waste time on anyone who might catch on before handing over their bank info.
“Spyder” claims to have “extensive experience as a white hat hacker used by some of the top election specialists in the world.” I will eat my left shoe if that’s true. It is inconceivable that a real infosec professional could have written something this childishly inept.
The developer of the SpiderFoot OSINT tool “Spyder” used, @binarypool, wrote a good dissection of some of the other nonsense, though his tone is so gentle that I’m not sure it adequately conveys how thoroughly silly & amateurish the whole thing is. medium.com/@micallst/misu…
I guess I should say a little about the main “argument”—it’s obviously a joke to technical folks, but maybe not to less-technical folks. Basically this kid looks at some publicly available data concerning Dominion Voting’s *public facing website*...
...which it’s worth bearing in mind is not necessarly the same thing as their internal corporate network, and definitely not the same thing as voting machines or state-run election systems.
The core argument—and yes, this is really what it comes down to—is that various domains containing “dominon voting” or related phrases appear to be registered and hosted abroad, including places like Iran & China. This is meaningless.
It’s not particularly surprising that a company that does global business would have domains in other countries, but it’s also not even clear all the ones he cites are actually linked to Dominon Voting. Either way, it... just doesn’t prove anything about anything.
“Spyder” then breezily jumps to an assertion that Dominon was “certainly compromised by rogue actors,” which... makes no sense. It’s literally the logical equivalent of “I found a Chinese website with the word ‘apple’ in it, therefore China has hacked your iPhone.”
Finally we get a totally out-of-left-field assertion about foreign actors being able to “monitor and manipulate elections,” which is a million miles from anything the affidavit has even *attempted* to demonstrate.
None of this sub-Clouseau sleuthing comes within a country mile of showing that Iran or China or anyone has penetrated Dominion’s network. But let’s just be kind and stipulate that, arguendo. China tries to hack lots of companies, and often succeeds. So hey, maybe.
That still wouldn’t let them “monitor and manipulate elections.” North Korea hacked Sony; that doesn’t mean they can magically make Kim Jong Un the protagonist of every Playstation game.
Critical systems are not designed like Star Wars droids, where you take out the master ship & they all suddenly explode. Election systems are run by states and counties. Most of the equipment is not networked. Updates are vetted by state & federal authorities.
In short: Even if we pretend little Timmy’s hacker dress-up play had *actually demonstrated* that China or whoever hacked Dominion at some point, which it emphatically does not, that would still be a bazillion miles from showing they could (let alone did) affect election results.
There are a ton of reasons that would be massively harder than just penetrating the network, but let’s pick one that requires no tech jargon to explain: You can’t hack paper, and the states where these suits are filed all use voter-verifiable paper ballots.
So pretend someone hacks Dominion, though there’s no evidence for that. And THEN pretend that via dark sorcery they bypass every layer of review & security to inject malicious code into a distro actually installed by governments, for which there’s really, really no evidence.
Any shenanigans in the machine are still going to show up as soon as they check the tally against the paper. All these states do risk-limiting audits. Georgia just did MULTIPLE manual recounts.
The affidavit never really talks about ELECTION SYSTEMS at all. It talks about websites. It fails hilariously to prove what it tries to prove about websites. But it DOESN’T EVEN TRY to prove the thing we’d actually care about—that an election system was compromised.
And this is the best they can do. This is the caliber of the “irrefutable evidence” they keep promising. Absolute gibberish that doesn’t pass the laugh test. Gibberish so bad I doubt it’s even supposed to. It’s there to mystify tech ignorant supporters & keep donations flowing.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Julian Sanchez

Julian Sanchez Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @normative

8 Dec
This is embarrassing. It’s worth bearing in mind that Texas AG Ken Paxton, who filed the suit, is under criminal investigation by the FBI after his own entire senior staff turned him in for corruption. Maybe he thinks disgracing himself further will win a pardon.
Paxton fired or got resignations from the seven senior attorneys who accused him of assorted felonies. He plans to run for reelection in two years. kvue.com/article/news/l…
Just, you know, in case you were wondering: Deputy Attorneys General do not typically accuse their bosses of committing crimes frivolously.
Read 6 tweets
2 Dec
Written language lacks the resources to convey how insane this is on half a dozen different levels.
Imagine this being sung to the Queen of the Night aria to compensate for the deficiencies of prose...

(1) Everyone agrees 230 is central to how social media functions in the U.S.; the idea that you’re going to ram through an overhaul in weeks is bananas.
(2) “National security”? Just... stop. You have a policy goal. These are not magic words.

(3) You’re going to hold a defense authorization hostage over Twitter being mean to you? That’s like threatening divorce unless you get to pick the next show to binge.
Read 5 tweets
30 Nov
Can we stop saying “baseless” and just say “false” or “lying”? By the epistemic standards we apply to any normal fact, this garbage about millions of votes being stolen isn’t (merely) “unfounded”. It’s false. It’s a lie.
Like, sure, it’s logically possible that every Republican state election authority and all the cybersecurity agencies, have totally missed the electoral equivalent of a whale in the bathtub. It’s logically possible we’re all brains in vats & all reality is an illusion.
But we’re not in freshman philosophy & newspapers don’t normally apply the Cartesian method of doubt before deploying terms like “true” and “false.” By any normal standard, these claims are false.
Read 7 tweets
24 Nov
The truly perverse thing about the current electronic voting security freakout, motivated by a desire to deny the results of the presidential election, is that for DECADES this really was an absolute security horrorshow with minimal mainstream media attention.
Thanks to the tireless efforts of serious security researchers and activists, the situation has materially improved as more and more states adopted requirements for manually-auditable, voter-verifiable paper trails, though plenty of jurisdictions still need to up their game.
Some of the states at the center of the present freakout are those that have adopted the best security practices. Pennsylvania is one of only a handful of states that does automatic manual audits for all races. Meanwhile eight states still don’t require paper audit trails.
Read 12 tweets
23 Nov
A healthy development for basic security & good governance reasons, but I would really like to hear the tortured rationalization for thinking there’s grounds to “ascertain” today & not a week ago.
She alludes to some recent developments (Michigan certified; Trump’s lawsuits keep getting tossed) but they don’t really add up to any coherent or principled reason you’d say there was an “apparent winner” today but not last week.
Michigan’s RESULT was never seriously in doubt. Various longshot lawsuits remain. Most states still haven’t formally certified, which has never been a prerequisite for initiating a transition anyway.
Read 7 tweets
17 Nov
I’m not sure “media literacy” training, at least of the traditional sort, is helpful here. My recollection is that they typically encourage people to be skeptical & do their own research, which is great if the person is competent to do that, but otherwise makes things worse.
The people whose brains are the most utterly crammed with absolute nonsense are, in my experience, the folks most likely to proudly tell you they always “do their own research.”
The always insightful @zephoria has written a bunch about this: points.datasociety.net/did-media-lite…
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!