The Washington PostDemocracy Dies in Darkness

Court filing offers new evidence of post-election breach in Coffee County, Ga.

Incumbent Georgia Secretary of State Brad Raffensperger (R) talks with journalists as he arrives for an election night party in Peachtree Corners, Ga., on May 24. (Ben Gray/AP)
Placeholder while article actions load

A cybersecurity executive who has aided efforts by election deniers to investigate the 2020 vote said in a recent court document that he had “forensically examined” the voting system used in Coffee County, Ga. The assertion by executive Benjamin Cotton that he examined the county’s voting system is the strongest indication yet that the security of election equipment there may have been compromised following Donald Trump’s loss.

Representatives of Georgia Secretary of State Brad Raffensperger (R) said in April that while his office had investigated several election-related issues in Coffee County, none appeared to amount to a breach of equipment. In May, The Washington Post reported that former county elections official Misty Hampton had opened her offices to a man who was active in the election-denier movement to help investigate after the 2020 vote. Recounting the incident to The Post, Hampton said she did not know what the man, bail bond business owner Scott Hall, and his team did in her office.

In the new document, a sworn declaration filed Wednesday in a civil case in federal court in Arizona, Cotton, founder of the digital forensics firm CyFIR, wrote that he had examined Dominion Voting Systems used in several jurisdictions. Among them were Coffee County, Mesa County, Colo., and Maricopa County, Ariz., where he worked as a contractor on a Republican-commissioned ballot review.

The episode in Coffee County is one in a steady drip of revelations since the 2020 election about attempts by Trump allies to examine or copy tightly guarded voting machines to search for evidence of fraud. Some of those attempts have been aided by like-minded election officials, raising concerns about insiders as a growing threat to election security. Tina Peters, the clerk of Mesa County, was indicted in March on charges stemming from her participation in a successful effort to allow outsiders to copy voting-machine hard drives. Peters has denied wrongdoing and is running to be the Republican nominee for secretary of state.

At a rally on Oct. 9 in Des Moines, former president Donald Trump continued to unleash a litany of false and unproven claims of voter fraud in 2020. (Video: Adriana Usero/The Washington Post)

The federal government considers voting systems to be “critical infrastructure” vital to national security, and preventing unauthorized physical access to machines is seen as essential to protecting them from manipulation. Since 2020, machines in several jurisdictions have been decertified because their chain of custody after the election was broken or uncertain.

Cotton, who said in his declaration that he has more than 26 years of experience in computer forensics and has testified as an expert witness, did not detail which components of the Coffee County voting system he claimed to have examined. Nor did he explain how he gained access to voting system data from Coffee or provide evidence of his examination beyond the descriptions of his findings. The findings generally describe what Cotton says he found in the counties’ systems collectively and are not specific to Coffee.

The Cotton declaration was first reported by a disinformation researcher who posts on Twitter under the name Trapezoid of Discovery. The document alleges a number of security vulnerabilities in the Dominion systems. It concludes that the election system machines and networks do not meet industry certification standards.

The declaration was filed by lawyers for two Republican candidates who are suing to block Arizona from using electronic voting machines in the November 2022 midterm election, citing in part the findings of Cotton and others who worked on the GOP-commissioned ballot review. The plaintiffs — election deniers who have sought to overturn Joe Biden’s 2020 victory — are Kari Lake, who is running for governor, and Mark Finchem, who is running for secretary of state.

The defendants, supervisors in Maricopa and Pima counties and Secretary of State Katie Hobbs (D), have moved to dismiss the case, arguing that it is based on a host of misleading and false claims. The specific claims about security vulnerabilities arising from the ballot review were, the counties said, “baseless ‘findings’” that “have been debunked.” Hobbs called them “vague, speculative allegations of potential security risks.”

Cotton did not respond to requests for comment. Lawyers for Lake and Finchem also did not respond to requests for comment.

Asked about Cotton’s declaration, a spokeswoman for Dominion referred The Post to materials the company previously published in response to allegations of election fraud in Antrim County, Mich., Maricopa and elsewhere. No court has found those claims to have merit, and many local, state and federal officials have said there is no evidence of vote manipulation in the 2020 election. In multiple jurisdictions, hand counts of paper ballots substantiated tallies by Dominion machines.

Cotton’s court declaration comes just two weeks after the federal Cybersecurity and Infrastructure Security Agency notified election officials in more than a dozen states that use Dominion Voting machines of several vulnerabilities and recommended measures to help detect or prevent attempts to exploit those vulnerabilities.

But the agency, an arm of the Department of Homeland Security, also said it found no evidence that flaws in the machines have ever been exploited, including in the 2020 election. Dominion said in a statement that the advisory reaffirms that its machines “are accurate and secure.” The issues identified by the agency “require unfettered physical access to election equipment, which is already prohibited by mandatory election protocols,” the company said.

Allegations of improper access in Coffee County arose earlier this year in a long-running federal lawsuit filed by the Coalition for Good Governance and others against defendants including the Georgia secretary of state’s office. The plaintiffs argue that the state’s election system is so insecure that it violates the rights of voters. In a recorded phone call filed as part of that case, Hall claimed to have arranged for a plane to take people to Coffee County — a rural county Trump won by 40 points — to scan ballots and copy data from voting equipment.

Hall did not respond to requests for comment.

Attorneys for Raffensperger told the court in April that the secretary of state’s office launched the investigation as soon as it became aware of the recorded phone call. They said state officials have not found evidence of a security breach.

Jordan Fuchs, deputy secretary of state and Raffensperger’s chief of staff, declined to comment on Cotton’s statement Friday other than to say, “We take investigations seriously and will continue to be thorough throughout this litigation process.”

Marilyn Marks, executive director of the Coalition for Good Governance, called the Cotton declaration “alarming” and said the plaintiffs in her case “are serving subpoenas to obtain more information on the details of the alleged breach and compromise of Georgia’s system in Coffee County.”

Hampton told The Post that she could not remember when Hall’s visit occurred or what he and the others — whom she did not name — did when they were there. She said she did not know whether they entered the room housing the election management system server, the central computer used to tally election results.

Hampton said Friday that she knew of Cotton, but did not know anything about his alleged access to voting system data from Coffee County.

The Daily Beast, citing text messages, reported in early June that the team of outsiders spent several hours at the office on Jan. 7, 2021, and included Paul Maggio of the Atlanta data security firm SullivanStrickler.

Neither the founders of SullivanStrickler nor Maggio responded to requests for comment from The Post.

Cotton’s declaration also raises questions about the possibility of an additional, previously unreported election security breach in Fulton County, Ga., home to Atlanta. Cotton wrote that his conclusions were based on his “analysis of the Analyzed Election Systems” in several jurisdictions including Fulton.

“Fulton County is not aware of any analysis performed by Mr. Cotton of our voting systems or our election processes,” said Jessica Corbitt-Dominguez, the county’s director of external affairs. “Fulton County uses the exact same voting system used by all other Georgia counties, as required by the Secretary of State.”

There have been no public allegations of unauthorized access to machines in Fulton County, Ga. The Pennsylvania secretary of state, however, did order the decertification of machines in Fulton County, Pa., after she said they were improperly accessed in December 2020 by individuals seeking to investigate the election. That order is being challenged in court.

Cotton submitted a sworn declaration last year, in a case in Antrim County, on behalf of a local real estate agent who claimed that the 2020 election results had been manipulated. The lawsuit has been dismissed, and allegations of vote-flipping in Antrim were roundly rejected by a Republican-controlled committee of the Michigan Senate.

In his declaration in that case, Cotton described examining not only Dominion voting equipment used in Antrim but also equipment made by Dominion’s competitor, Election Systems and Software, and used in the 2020 election. The declaration did not say how or in which jurisdiction the ES&S equipment was accessed.

In February, Michigan law enforcement officials launched an investigation into alleged unauthorized access of ES&S machines in the state’s Roscommon County. A county official and a township official in the county told investigators that they gave election equipment to unauthorized third parties after the 2020 election, Reuters reported last week, citing police records.

Loading...