"The Kraken 305" Speaks Via A Very Well Put Together Evidenciary Affidavit

 Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.631 Filed 11/25/20 Page 1 of 17

Images are within here

https://www.yumpu.com/en/document/read/64960744/govuscourtsmied350905115/5


 Declaration of XXXXXXXXX.
 Pursuant to 28 U.S.C Section 1746, I, XXXXXXXX, make the following
 declaration.
 1. I am over the age of 21 years and I am under no legal disability, which would prevent me
    from giving this declaration.
 2. I was an electronic intelligence analyst under 305th Military Intelligence with experience
    gathering SAM missile system electronic intelligence. I have extensive experience as a white
    hat hacker used by some of the top election specialists in the world. The methodologies I
    have employed represent industry standard cyber operation toolkits for digital forensics and
    OSINT, which are commonly used to certify connections between servers, network nodes
    and other digital properties and probe to network system vulnerabilities.
 3. I am a US citizen and I reside at {redacted} location in the United States of America.
 4. Whereas the Dominion and Edison Research systems exist in the internet of things, and
    whereas this makes the network connections between the Dominion, Edison Research and
    related network nodes available for scanning,
 5. And whereas Edison Research’s primary job is to report the tabulation of the count of the
    ballot information as received from the tabulation software, to provide to Decision HQ for
    election results,
 6. And whereas Spiderfoot and Robtex are industry standard digital forensic tools for evaluation
    network security and infrastructure, these tools were used to conduct public security scans of
    the aforementioned Dominion and Edison Research systems,
 7. A public network scan of Dominionvoting.com on 2020-11-08 revealed the following inter-
    relationships and revealed 13 unencrypted passwords for dominion employees, and 75
    hashed passwords available in TOR nodes:




                                                                                                   1
Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.632 Filed 11/25/20 Page 2 of 17




                                                                            2
Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.633 Filed 11/25/20 Page 3 of 17




 8. The same public scan also showed a direct connection to the group in Belgrade as
    highlighted below:




 9. A cursory search on LinkedIn of “dominion voting” on 11/19/2020 confirms the numerous
    employees in Serbia:




                                                                                            3
Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.634 Filed 11/25/20 Page 4 of 17




 10. An additional search of Edison Research on 2020-11-08 showed that Edison Research has an
     Iranian server seen here:




 Inputting the Iranian IP into Robtex confirms the direct connection into the “edisonresearch”
 host from the perspective of the Iranian domain also. This means that it is not possible that the
 connection was a unidirectional reference.




 A deeper search of the ownership of Edison Research “edisonresearch.com” shows a connection
 to BMA Capital Management, where shareofear.com and bmacapital.com are both connected to
 edisonresearch.com via a VPS or Virtual Private Server, as denoted by the “vps” at the start of
 the internet name:




                                                                                                     4
Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.635 Filed 11/25/20 Page 5 of 17




 Dominionvoting is also dominionvotingsystems.com, of which there are also many more
 examples, including access of the network from China. The records of China accessing the server
 are reliable.




                                                                                              5
Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.636 Filed 11/25/20 Page 6 of 17




                                                                            6
Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.637 Filed 11/25/20 Page 7 of 17




 11. BMA Capital Management is known as a company that provides Iran access to capital
     markets with direct links publicly discoverable on LinkedIn (found via google on
     11/19/2020):

                                                                                         7
Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.638 Filed 11/25/20 Page 8 of 17




 The same Robtex search confirms the Iranian address is tied to the server in the Netherlands,
 which correlates to known OSINT of Iranian use of the Netherlands as a remote server (See
 Advanced Persistent Threats: APT33 and APT34):




 12. A search of the indivisible.org network showed a subdomain which evidences the existence
     of scorecard software in use as part of the Indivisible (formerly ACORN) political group for
     Obama:




 13. Each of the tabulation software companies have their own central reporting “affiliate”.
    Edison Research is the affiliate for Dominion.
 14. Beanfield.com out of Canada shows the connections via co-hosting related sites, including
    dvscorp.com:


                                                                                                    8
Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.639 Filed 11/25/20 Page 9 of 17




 This Dominion partner domain “dvscorp” also includes an auto discovery feature, where new in-
 network devices automatically connect to the system. The following diagram shows some of the
 related dvscopr.com mappings, which mimic the infrastructure for Dominion and are an obvious
 typo derivation of the name. Typo derivations are commonly purchased to catch redirect traffic
 and sometimes are used as honeypots. The diagram shows that infrastructure spans multiple
 different servers as a methodology.




                                                                                              9
Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.640 Filed 11/25/20 Page 10 of 17




    The above diagram shows how these domains also show the connection to Iran and other
    places, including the following Chinese domain, highlighted below:




 15. The auto discovery feature allows programmers to access any system while it is connected to
    the internet once it’s a part of the constellation of devices (see original Spiderfoot graph).
 16. Dominion Voting Systems Corporation in 2019 sold a number of their patents to China (via
    HSBC Bank in Canada):




                                                                                                     10
Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.641 Filed 11/25/20 Page 11 of 17




                                                                            11
Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.642 Filed 11/25/20 Page 12 of 17




                                                                            12
Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.643 Filed 11/25/20 Page 13 of 17




 Of particular interest is a section of the document showing aspects of the nature of the patents
 dealing with authentication:




 17. Smartmatic creates the backbone (like the cloud). SCYTL is responsible for the security
    within the election system.




                                                                                                    13
Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.644 Filed 11/25/20 Page 14 of 17




 18. In the GitHub account for Scytl, Scytl Jseats has some of the programming necessary to
    support a much broader set of election types, including a decorator process where the data is
    smoothed, see the following diagram provided in their source code:




                                                                                                14
Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.645 Filed 11/25/20 Page 15 of 17




 19. Unrelated, but also a point of interest is CTCL or Center for Tech and Civic Life funded by
    Mark Zuckerberg. Within their github page (https://github.com/ctcl), one of the programmers
    holds a government position. The Bipcoop repo shows tanderegg as one of the developers,
    and he works at the Consumer Financial Protection Bureau:




                                                                                                   15
Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.646 Filed 11/25/20 Page 16 of 17




 20. As seen in included document titled
    “AA20-304A-
    Iranian_Advanced_Persistent_Threat_Actor_Identified_Obtaining_Voter_Registration_Data
    ” that was authored by the Cybersecurity & Infrastructure Security Agency (CISA) with a
    Product ID of AA20-304A on a specified date of October 30, 2020, CISA and the FBI
    reports that Iranian APT teams were seen using ACUTENIX, a website scanning software, to
    find vulnerabilities within Election company websites, confirmed to be used by the Iranian
    APT teams buy seized cloud storage that I had personally captured and reported to higher
    authorities. These scanning behaviors showed that foreign agents of aggressor nations had
    access to US voter lists, and had done so recently.
 21. In my professional opinion, this affidavit presents unambiguous evidence that Dominion
    Voter Systems and Edison Research have been accessible and were certainly compromised
    by rogue actors, such as Iran and China. By using servers and employees connected with
    rogue actors and hostile foreign influences combined with numerous easily discoverable
    leaked credentials, these organizations neglectfully allowed foreign adversaries to access data

                                                                                                 16
Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.647 Filed 11/25/20 Page 17 of 17




    and intentionally provided access to their infrastructure in order to monitor and manipulate
    elections, including the most recent one in 2020. This represents a complete failure of their
    duty to provide basic cyber security. This is not a technological issue, but rather a
    governance and basic security issue: if it is not corrected, future elections in the United States
    and beyond will not be secure and citizens will not have confidence in the results.

 I declare under penalty of perjury that the forgoing is true and correct to the best of my
 knowledge. Executed this November 23th, 2020.




                                                                                                    17