Analysis of Mike Lindell’s Election Hacking Data

  • The per-county vote changes are impossible, in one case significantly exceeding the number of registered voters.
  • The attack targets appear to be county websites, which are in some cases hosted out of state by third-party web hosting and cloud computing companies.
  • Several of the connections appear to be originated by the Baidu web crawler (Baidu is the most popular search engine in China, like Google in the U.S.).
  • The raw data shown in the video is not pcap data as Lindell claims, but rather a database of voter information.

The Spreadsheet

In the video, Mike and an anonymous cybersecurity expert summarize 20 attacks in a spreadsheet, providing the following information about each:

  • The time it occurred
  • The IP address* of the source/attacker
  • The IP address* of the destination/target
  • The county whose votes were changed
  • The number of votes that were changed
  • “How they got in”: “CREDENTIALS”, “FIREWALL”, “BOTH”, or “*”
  • The estimated location (latitude/longitude) of each IP address
  • The registered owner of each IP address

The Vote Counts

The spreadsheet shows the number of votes allegedly switched from Trump to Biden in each of 15 counties, spread across 5 states. The numbers are pretty large. Let’s sanity-check them against the number of votes officially reported for Biden in each county (available here):

County                 Votes Switched  Biden Votes Reported
Pima County, AZ 47,372 304,981
Gwinnett County, GA 47,233 241,827
Antrim County, MI 13,637 5,960
Delta County, MI 3,215 7,606
Emmet County, MI 3,477 9,662
Houghton County, MI 1,143 7,750
Kalamazoo County, MI 55,315 83,686
Oakland County, MI 96,862 434,148
Wayne County, MI 29,008 597,170
Adams County, PA 33,111 18,207
Allegheny County, PA 67,033 429,065
Lancaster County, PA 65,901 115,847
Montgomery County, PA 22,033 319,511
Clark County, WI 23,909 4,524
Dane County, WI 46,615 260,185
County                2016    2020(A)  2020(B)  Diff(A)  Diff(B)
Pima County, AZ 40.21% 39.79% 48.86% -0.42% 8.65%
Gwinnett County, GA 45.14% 40.21% 51.62% -4.93% 6.48%
Antrim County, MI 62.35% 61.03% 146.41% -1.32% 84.06%
Delta County, MI 60.14% 62.39% 77.58% 2.25% 17.44%
Emmet County, MI 56.46% 54.64% 70.30% -1.82% 13.83%
Houghton County, MI 54.24% 56.00% 62.16% 1.75% 7.92%
Kalamazoo County, MI 40.41% 39.53% 78.01% -0.88% 37.60%
Oakland County, MI 43.51% 42.22% 54.77% -1.29% 11.26%
Wayne County, MI 29.44% 30.27% 33.59% 0.83% 4.15%
Adams County, PA 66.17% 66.37% 124.93% 0.20% 58.76%
Allegheny County, PA 39.91% 39.23% 48.54% -0.69% 8.63%
Lancaster County, PA 57.20% 57.17% 80.68% -0.03% 23.49%
Montgomery County, PA 37.44% 36.35% 40.67% -1.08% 3.24%
Clark County, WI 63.28% 67.14% 227.62% 3.86% 164.34%
Dane County, WI 23.04% 22.85% 36.37% -0.19% 13.33%

The IP Addresses

Transmitting data between two computers on the Internet requires them to be physically located by the Internet routing system, using their IP address. So IP addresses have a physical location. Some companies try to keep track of the approximate location of IP addresses and make that information publicly available (e.g. https://www.iplocation.net/).

Target IP        Hostname                County                 
198.108.253.104 www.deltacountymi.org Delta County, MI
66.129.42.43 www.emmetcounty.org Emmet County, MI
159.233.2.2 pima.gov Pima County, AZ
199.224.22.10 www.alleghenycounty.us Allegheny County, PA
68.185.163.98 www.co.clark.wi.us Clark County, WI
216.245.224.155 (unknown) Antrim County, MI
159.233.0.55 (inactive) Pima County, AZ
170.125.0.22 (inactive) Dane County, WI
74.174.32.3 (inactive) Gwinnett County, GA
50.239.65.95 waynecounty.com Wayne County, MI
66.216.167.151 www.adamscounty.us Adams County, PA
208.90.188.132 (unaffiliated) Montgomery County, PA
208.90.188.136 (unaffiliated) Lancaster County, PA
34.192.0.124 (unknown) Oakland County, MI
34.192.0.58 (inactive) Oakland County, MI
216.245.226.122 www.antrimcounty.org Antrim County, MI
67.192.61.135 houghtoncounty.net Houghton County, MI
34.192.0.65 (inactive) Oakland County, MI
199.250.192.30 (unaffiliated) Kalamazoo County, MI
199.250.192.96 (unknown) Kalamazoo County, MI
Target IP        IP Location       Network Owner                    
198.108.253.104 Escanaba, MI Merit Network Inc.
66.129.42.43 Gaylord, MI Gaslight Media
159.233.2.2 Tucson, AZ Pima County
199.224.22.10 Pittsburgh, PA COUNTY OF ALLEGHENY
68.185.163.98 Spencer, WI Charter Communications
216.245.224.155 Rapid City, MI Chain O' Lakes Internet
159.233.0.55 Tucson, AZ Pima County
170.125.0.22 Madison, WI Dane County
74.174.32.3 Atlanta, GA AT&T Corp.
50.239.65.95 Detroit, MI Comcast Cable Communications, LLC
66.216.167.151 Lancaster, PA Windstream Communications LLC
208.90.188.132 Kansas City, MO Icon Enterprises, Inc.
208.90.188.136 Kansas City, MO Icon Enterprises, Inc.
34.192.0.124 Ashburn, VA Amazon Technologies Inc.
34.192.0.58 Ashburn, VA Amazon Technologies Inc.
216.245.226.122 Rapid City, MI Chain O' Lakes Internet
67.192.61.135 Dallas, TX Rackspace Hosting
34.192.0.65 Ashburn, VA Amazon Technologies Inc.
199.250.192.30 Washington, D.C. InMotion Hosting, Inc.
199.250.192.96 Washington, D.C. InMotion Hosting, Inc.
Source IP       Hostname                                            
220.181.108.155 baiduspider-220-181-108-155.crawl.baidu.com
178.137.5.18 178-137-5-18.broadband.kyivstar.net
123.125.71.96 baiduspider-123-125-71-96.crawl.baidu.com
180.76.5.142 baiduspider-180-76-5-142.crawl.baidu.com
77.237.73.3 static.77-237-73-3.client.novinhost.org
182.68.255.4 abts-north-dynamic-004.255.68.182.airtelbroadband.in
177.1.64.170 177-1-64-170.dosce700.dsl.brasiltelecom.net.br
5.9.223.248 static.248.223.9.5.clients.your-server.de
82.9.64.214 cpc149746-midd20-2-0-cust213.11-1.cable.virginm.net

The PCAPs

Several times during the video, we are shown what Mike and the anonymous expert describe as the raw pcap data. Mike notes that probably nobody watching can read it. I figured I could, so I took a look. It turns out that it’s not a pcap file at all.

NOT EXISTS*/ `S?persetVoterData?ase` /*!40100 D?FAULT CHARACTER?SET latin1 */;?USE `SupersetVo?erDatabase`;-?-- Table struc?ure for table `?oterElectionHis?ory`--DROP T?BLE IF EXISTS `?oterElectionHis?ory`;/*!40101 ?
`J` varchar(?50) DEFAULT NUL?,`K` varchar?150) DEFAULT NU?L,`L` varcha?(150) DEFAULT N?LL,`M` varch?r(150) DEFAULT ?ULL,`N` varc?ar(150) DEFAULT?NULL,`O` var?har(150) DEFAUL? NULL,`P` va?char(150) DEFAU?...T NULL,`AD` ?archar(150) DEF?ULT NULL,`AE? varchar(150) D?FAULT NULL,`?F` varchar(150)?DEFAULT NULL,`AG` varchar(15?) DEFAULT NULL,`AH` varchar(?50) DEFAULT NUL?,`AI` varcha?(150) DEFAULT N?LL,`AJ` varc?...`AW` varchar(15?) DEFAULT NULL,`AX` varchar(?50) DEFAULT NUL?,`AY` varcha?(150) DEFAULT N?LL,`AZ` varc?ar(150) DEFAULT?NULL,`BA` va?char(150) DEFAU?T NULL,`BB` ?archar(150) DEF?ULT NULL,`BC? varchar(150) D?...ar(150) DEFAULT?NULL,`BQ` va?char(150) DEFAU?T NULL,`BR` ?archar(150) DEF?ULT NULL,`BS? varchar(150) D?FAULT NULL,`?T` varchar(150)?DEFAULT NULL,`BU` varchar(15?) DEFAULT NULL,`BV` varchar(?50) DEFAULT NUL?...ULT NULL,`CI` varchar(150) DEFAULT NULL,`CJ` varchar(150) DEFAULT NULL,`CK` varchar(150) DEFAULT NULL,`CL` varchar(150) DEFAULT NULL,`CM` varchar(150) DEFAULT NULL,`CN` varchar(150) DEFAULT NULL,`CO` varchar(150) DEFAULT NULL,`CP` v...`DB` varchar(150) DEFAULT NULL,`DC` varchar(150) DEFAULT NULL,`DD` varchar(150) DEFAULT NULL,`DE` varchar(150) DEFAULT NULL,`DF` varchar(150) DEFAULT NULL,`DG` varchar(150) DEFAULT NULL,`DH` varchar(150) DEFAULT NULL,`DI` varchar(150...istory` WRITE;/*!40000 ALTER TABLE `VoterElectionHistory` DISABLE KEYS */;INSERT INTO `VoterElectionHistory` VALUES ('st_Name','First_Name','Middle_Name','Suffix','Sex','Voter_Status','Political_Party','House__','HouseNoSuffix','StreetNameComplete','Apt_...,'PR_05_21_19','PR_05_21_19_VM','SP_03_12_19','SP_03_12_19_VM','GN_11_06_18','GN_11_06_18_VM','PR_05_15_18','PR_05_15_18_VM','GN_11_07_17','GN_11_07_17_VM','PR_05_16_17','PR_05_16_17_VM','SP_03_21_17','SP_03_21_17_VM','GN_11_08_16','GN_11_08_16_VM','PR_04_...05_17_11','PR_05_17_11_VM','SP_02_01_11','SP_02_01_11_VM','GN_11_02_10','GN_11_02_10_VM','PR_05_18_10','PR_05_18_10_VM','GN_11_03_09','GN_11_03_09_VM','PR_05_19_09','PR_05_19_09_VM','GN_11_04_08','GN_11_04_08_VM','PR_04_22_08','PR_04_22_08_VM','GN_11_06_07
'','','','','',?','','','','','?,'','','','',''?'','','','','',?','','','','','?,'','','','',''?,('<LAST_NAME>','<FIRST_NAME>','<MIDDLE_NAME>','?,'M','A','R','<HOUSE_NUMBER>','','<STREET>','','','PHIL?DELPHIA','PA','?9128','','','',?','','21/28 ROX?OROUGH HIGH SCH?OL','6400 RIDGE?AVE ','PHILADEL?HIA, PA  19128'?'6/2/2020','212?','WD21','','MN?1','','STH194',?STS03','USC03',?CTC04','CPR','C?D','RCD02','212?-1','','','R','?B','','','R','A?','R','AP','','?,'','','','',''?'','','','','',?','','','','','?,'','','','',''?'','','','','',?','','','','','?,'','','','',''?'','','','','',?','','','','','?,'','','','',''?'','','','','',?','','','','','?,'','','','',''?''),('<LAST_NAME>','M?

The Expert

Mike Lindell is relying on an expert that he hired to analyze the data in his possession. The expert appears anonymously in the video. According to Lindell, he has “many information and cybersecurity certifications” as well as 20 years of experience. However, several of the statements made by this expert call his expertise into question.

  • The “PROVINCE” and “CITY” are swapped in several cases: Haidian, Beijing; Shenzhen, Guangdong; Kolkata, West Bengal; and Middlesbrough, England. This error doesn’t appear to be present in the underlying data sources.
  • The longitudes of the target IP addresses should be negative. This also appears to be a data entry error.
  • The adjusted vote margins were incorrectly calculated: For every vote switched from one candidate to the other, the margin would change by two, not by one. So, for example, in the case of Pennsylvania, if 188,078 votes were switched, causing Trump to lose by 80,555 votes, then he actually would have won by 295,601 votes, not by 107,523.
  • The numbers of votes allegedly changed in many counties are clearly not feasible, as previously discussed.

Final Thoughts

There’s a great deal that wasn’t explained by Lindell and his cybersecurity expert:

  • What protocol was used to hack the election equipment?
  • How were the modified vote numbers extracted from the pcap?
  • How did packets sent to the IP addresses of county web servers reach the voting machines?
  • How were the voting machines connected to the network?
  • What type(s) and model(s) of voting equipment was targeted?
  • How and where was the pcap data captured?

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store