If you are wondering if there will be anybody at Mike Lindell's cybersymposium who can confirm or refute his "packet captures", well, there's going to be me. I'm a well-known expert on packet captures, and somewhat knowledgeable about election systems.
2/I've done a bunch of other techie fact checking, such as confirming that Hunter Biden email was authentic, and debunking that conspiracy-theory of suspicious DNS logs showing secret communication between Russia's Alfa Bank and Trump Tower.
3/I don't know what Lindell's packet captures contain, but whatever it is, I'll write up a description within a few days after the event. I'll be extending this twitter thread over the next couple days just live tweeting the process.
4/ FYI: nobody is going to win the $5 million. It's impossible to disprove election fraud. It's only possible to demonstrate that claimed evidence fails to prove it.
5/ BTW, what kind of expert am I? Well, if you capture packets on the public Internet for more than a few minutes, you'll capture some that I created. Since you've been reading this thread, your home router has gotten hit by my packets.
6/ For those who know me, you might want to pile onto this thread, but only BEFORE I write up my conclusions later this week, before you know what the conclusions will be. Afterwards, it looks insecure, just agreeing with the conclusions you want.
7/ good morning cyber symposium! If you are around, I’m sitting up front to the left of the stage.
8/ Here’s a pic looking backwards. Btw, I’ll be the guy wearing a mask, because as you know I’m an internet troll and this is the sort of thing I do.
9/ Before this week, the things Mike Lindell posted were not recognizable as "packet-captures". This is what they normally look like. It's not required to look like this, but it's the level of detail I'll be getting into.
10/ ok, I was wrong about the contest rules. They are much better than I thought: simply proving its not election data. However, the data supplied before this week seems to have been already public registration data and not votes.
11/ For example, here is data that I got from the State of Georgia, a hexdump of early voting records. It's public, anybody can download it from the net.
So I don't care if it's "election data", I got that already. I'll be looking for hard evidence proving election fraud.
12/ Everyone is friendly and nice. Which is what I expected. We like to demonize our opponents, but really, they are almost always reasonable, kind hearted people -- even if in our own opinion they are wrong. On both sides.
13/ For a specific list of questions that I'll be trying to answer, I'll start with this, and then have additional questions depending upon the data.
Either way, I'll write things up and EXPLAIN in simple terms what the data shows.
14/ I go to a lot of cyber security conferences and have a ton of old badges hanging from the wall in my closet - I’ll just add this one to the pile.
15/ This is an excellent question. I'm starting on the skeptic side because, so far, he hasn't published any good data. I don't understand why he hasn't simply dumped the raw data for everyone to see.
16/ “I invited the Fakebook fact checkers” — Lindell
Also statements about inviting fake media like CNN. When he mentioned Fox News the crowd booed.
17/ they have scrolling hexdumps. For one thing they scroll too fast to read, and for another, they are too blurry to read, and lastly, even experts can’t generally read hexdumps without decoders.
18/ The reason why the question “what’s the source of data” is so important is because we know that media reports of vote tallies where highly inaccurate, the media made lots of accidental mistakes.
19/ We know the flaws of the NYTime live election night data feed, how it didn't accurately reflect the official counts, why it appeared to show flipped votes and jumps on one side or the other.
The question is whether such things exist in the raw data.
20/ "they work for LeadStories? fact checkers? shame on them!!! .... they are the enemies of the people"
That's me!!! That's me!!!!
I'm not feeling ashamed, though.
21/ "We are going to do a mock election... we'll show you how the routers work ... we'll show packet captures in real time".
I'm actually looking forward to this. Dominion machines can be networked, but DEF CON Voting Village didn't have networked machines to play with.
22/ "I saw Hari Hursti is here" (and some criticism of Hari).
He brings voting machines to the DEF CON hacking conference for hackers to play with, confirming they are easily hackable -- but they don't like him because he still rejects the idea that the 2020 election was hacked.
23/ The evidence that I'm here to validate is showing that it was hacked -- not that it could've been hacked. I know it could've been hacked, by either side. I'm hoping to see the raw details showing it was indeed hacked or manipulated or fraud happened.
24/ Yes, the schedule is for later today, to have breakout sessions, where (I think) I'll get to sit down and personally look at raw data -- and hopefully, get to post to the Internet for experts like Laura Chappell to see as well.
25/ Phil Waldron kicked off the breakout session. He wasn't involved in collecting the packet-captures, so didn't have clear answers. But he suggested:
1. the packet-captures come from a Chinese network
2. they are in a proprietary BLX/PLX format
But he didn't seem sure.
26/ ...but we haven't got the actual data yet, but soon. We are still dealing with lunch.
27/ They've given us access to a server on the local WiFi network that has the "data" that we are supposed to be analyzing.
We are struggling to figure out what this data contains. I've put the smaller files up on github:
28/ So what they gave us were these "HEX.txt" files, which when decoded (`xxd -r -p filename`) produces .rtf files. One of the RTF files contains a table of IP address, the others contain something in an unknown character set.
29/ Here's the current status: nothing.
They've given us a drop of data that makes no sense that they can't explain.
They promise: just wait until later tonight, that's the "real" data.
30/ I mean: they've given us a bunch of confusing stuff they can't explain, but have not given us the "real" stuff yet. They promise the "real" stuff is coming tonight or tomorrow for us to look at.
31/ The delay is explained by a bunch of things going wrong, such as the guy who was a source of data getting a stroke.
32/ So I had the list of questions I sought to answer this morning at the top of this thread. Current progress = 0%
33/ This is incredibly frustrating. Lindell invited "cyber experts" and "fact checkers" to come and confirm the "packet captures" -- and has yet to provide us any packet captures and it's 4pm already.
#ReleaseThePacketCaptures
34/ So I got some straight answers from Spider:
1. the data comes from Dennis Montgomery
2. it's the data shown in those Lindell videos
3. it's the hexdumps that have been scrolling in his videos and kiosk
4. we cyber experts will not be given opportunity to verify it
35/ Please don't interpret that as being disproven. This would be the WRONG conclusion. Instead, it means it's simply not confirmed. Montgomery is in the hospital and unable to come, and unable to help us, because it's in a proprietary format.
36/ The vague answers to this question is that it was retrieved with custom tools on the China side of things, as they targeted election systems via the Internet, not collected on the side of the election systems.
37/ For all that Mike Lindell attacks critics, do remember that he invited critics to come to the event, which is something I respect. On the other hand, failure to give the critics the data they were promised, well, I'm frustrated by that. I'm a pcap guy who loves pcaps.
38/ Later they will be showing pcaps from Mike Lindell's own people, that are here, that will stand behind them and explain them. I look forward to reading them.
39/ Wait, what? I'll come on stage and defend my findings. It's just that we techies are sitting in breakout rooms in the back and I wasn't aware of the live feed. I'm out front now. Let's go!
40/ Sigh. I'm here near the stage, ready to stand up and defend my claims in this thread. Just call me up on stage and let's talk.
#ReleaseThePacketCaptures
41/ Many are suggesting I bum rush the stage.
Can't. They have muscled security goons that would stop me.
And it would be rude. He's doing a bit, I don't want to interrupt, I'm sure he'll invite me after.
#ReleaseThePacketCaptures
41/ By the way, this is the data they are NOT giving us, they are not allowing pcap experts to analyze this data. Showing it as a video stream like this is unreadable.
41/ Ah, man, he ended the segment and didn't invite me on stage like he'd promise. He's setting up for the "big reveal" at 7pm, which I think is member of Bolsinaro's team, the current president of Brazil who's claiming that the upcoming election is going to be hacked.
43/ Come on, Mike, you challenged me to come on stage to debate why you haven't released the packet-captures you promised. Let's do this thing! I'm around all three days! I'm ready any time, just have one of your people DM me!
I'll go back to the breakout room now.
44/ BTW, the source of the "packet-captures" is important, because it appears to be this "Dennis Montgomery" guy, as LeadStories describes:
45/ the picture from this morning was empty of people because I arrived early. There are at a couple hundred people here.
46/ The guy speaking on stage mentioned the packet-captures they got Jan 7, and they mentioned that while it was hard over the weekend getting them ready, that they got them ready.
BUT THEY HAVEN'T RELEASED THE PACKET-CAPTURES TO US
#ReleaseThePacketCaptures
48/ I think this "Colorado" thing is related to this story:
49/ he called me a coward claiming I ran away — I’ve been sitting here in front the entire time waiting for him to call me onstage to discuss the packet captures
50/ I'm done for the day (Tuesday). I go back tomorrow.
One guy already got kicked for sharing too much, so I guess I won't be able to share much until Thursday -- general conference related things, yes, but data related things, not until after the conference.
51/ To be clear: he gave us experts NOTHING today, except random garbage that wastes our time (e.g. a CSV needlessly encoded as RTF needlessly encoded as hex).
52/ Also be clear: all the people I've been dealing with are good people, trying to do their best in a chaotic and difficult situation. The only thing lacking for me is the one thing I'm here for: the packet captures promised before the conference.
53/ back today, there won’t be very many tweets today though
54/ So I had a bunch of private conversations last night where people helped clarify things. One thing they mentioned was that there's confusion about "hex", that they think we techies like to see things in hex, so that's why it was given to us this way.
55/ the Matrix does much to foster the impression that nerds prefer to see things that way — that it’s cool.
We don’t — we hate hex, it’s just sometimes it’s the only alternative.
56/ F***! That last tweet came out wrong, so I deleted.
Last night talking privately to friends, they stressed to me how it important it was that I'm just an observer, and that participation in things like pledges/prayer would be counter to my mission.
• • •