In the Documents: Cyber Ninjas’ Communications with Election Deniers

Records of communications between Cyber Ninjas employees and several conspiracy theorists provide yet more evidence of the influence that prominent election deniers exercised in the partisan “audit” of votes cast in Maricopa County, Ariz., in 2020. 

The newly released documents, which had previously been held by lead “audit” contractor Cyber Ninjas, were obtained in response to American Oversight’s lawsuit against the Arizona Senate and Cyber Ninjas seeking related records.

Connections to Election Deniers

Andre McCoy: In September 2021, the same month Republicans in the Pennsylvania Senate launched a “forensic investigation” of the state’s 2020 election results, Andre McCoy — one of the state’s fake electors who also worked on the Arizona “audit” — sent an email to undisclosed recipients containing a summary of “audit” findings. In the email forwarded by McCoy, the sender wrote that “PA will be one of the next domino’s [sic] to fall.” The message, which parrots the language of conspiracy theorists, is further evidence that partisan state election investigations were undertaken by people who sought to cast doubt on democratic processes.**

Mike Roman: The documents include multiple instances in which Mike Roman, the former director of Election Day operations for the Trump campaign and a leader of the America Project’s “Fund the Audit” effort, was included on or actively participating in conversations about “audit” operations. In one message, sent on May 5, 2021, Cyber Ninjas CEO Doug Logan emailed Roman and Todd Sanders, also of the America Project, about Logan’s draft response to a letter from Arizona Secretary of State Katie Hobbs to Senate “audit” liaison and former secretary of state Ken Bennett, regarding her office’s concerns about the partisan election review. On May 8, Roman sent a list of notes and clarifying questions about “audit” procedures and equipment to Logan and former Arizona state legislator Steve Montenegro.  

In Logan’s January 2022 deposition in American Oversight’s lawsuit, he described Roman simply as “a consultant” who “helped us with media,” but the emails suggest that Roman’s role was more expansive, as he demonstrated a detailed knowledge of internal procedures and day-to-day “audit” operations. Earlier this year, American Oversight also uncovered records in which Roman’s name appeared on a list of employees retained by subcontractor Wake TSI, the firm that led the hand count of ballots until mid-May 2021. The newly released records also include emails sent from Logan to Roman about Wake TSI documents and volunteer background checks. 

Todd Sanders: Sanders, along with Roman, was a leader of the America Project’s “Fund the Audit” effort. The records include emails that further highlight the operational role “audit” funders appeared to play, despite early assurances from the Senate and Cyber Ninjas to the contrary. The America Project was founded by election denier and Overstock CEO Patrick Byrne, and contributed more than $3 million to the “audit.” In the emails, Sanders received materials regarding expenses and the work of Wake TSI, as well as a list of volunteers. American Oversight has previously obtained emails in which Sanders helped review Logan’s grant applications to another organization. 

Phil Waldron: The records also contain communications with Phil Waldron, the retired Army colonel who was active in the former president’s efforts to overturn his election loss, including having texted former White House Chief of Staff Mark Meadows in late 2020 about plans to seize voting machines in Arizona. In March 2021, Logan forwarded Cyber Ninjas’ draft statement of work to Waldron, and Waldron was also included in a conversation about volunteer background checks. Waldron, whose actions are being examined by the Jan. 6 committee, is affiliated with Allied Security Operations Group, a firm that was almost hired by the Arizona Senate to conduct the “audit” before Cyber Ninjas was brought on. American Oversight has previously uncovered numerous documents showing Waldron’s communications with “audit” leaders, including Arizona Senate President Karen Fann. 

Shawn Smith: The records also indicate that Logan communicated with Shawn Smith, a Colorado-based activist who has been involved in sham audit efforts with the activist group U.S. Election Integrity Plan and in his capacity as head of Cause of America, an election-denying group founded by Trump ally and MyPillow CEO Mike Lindell. In June 2021, Smith thanked Logan for his time during a recent visit and said that he may be able to get Lindell’s help with future efforts in Colorado.

On Sept. 23, Smith wrote to Logan, “Doug, Russ Ramsland is trying to reach you.” Ramsland, a prominent election denier heading Allied Security Operations Group, had previously been in contact with “audit” leaders. Smith continued, “Mike McCollock (defense counsel for Mesa Cty, CO Clerk Peters) asked me to pass that on.” Smith was referring to Tina Peters, the county clerk who was charged with allegedly leading a plot to breach election equipment in Mesa County, Colo. It is unclear why Smith was in contact with Logan about Peters.

In another message sent in early April of this year, Smith asked Logan to review a “first draft” and to send along the “final formats” of Cyber Ninjas’ vote tally sheets, of which Logan provided a sample. 

Liz Harris: Liz Harris, a 2022 candidate for the Arizona state House of Representatives, was copied on various email conversations throughout 2021 about the election review’s operations, including a July 2021 email containing “New Subpoenas and Public Record Requests” about the Maricopa review. In 2021, Harris led unofficial canvassing operations where volunteers went door to door to ask voters what method they used to vote and to verify their registration, a tactic the Senate had originally planned for its “audit” but canceled after the Justice Department warned that it could lead to voter intimidation. Despite the Senate’s attempts to distance itself from Harris’ efforts, records previously obtained by American Oversight indicated that “audit” leaders were aware of the canvassing. The newly released documents reveal that Harris remained in contact with Logan through at least September 2021, when both of them are included on an email thread about alleged voting irregularities compiled in Harris’ Maricopa County canvassing report.

Christina Bobb: Bobb, a right-wing media host who helped fund the “audit” and now works on Trump’s legal team, communicated frequently with “audit” leaders, helped supply volunteers through her nonprofit, and appeared to play an operational role in the election review, working on behalf of Trump lawyer Rudy Giuliani. In an April 19, 2021, email to Smith, Logan wrote that he had “been trying to get Christina Bobb” to serve as an “audit” observer, but Ken Bennett “found an excuse to turn her down.” Logan added that “having a friendly reporter as an observer would be good.”

On April 5, 2022, Logan drafted a response to a press inquiry from the Los Angeles Times about the connection between Trump’s legal team and the Arizona “audit.” Logan wrote, “Trump had no involvement in the Arizona Audit. This includes there being no coordination with the Trump legal team.” In records previously uncovered by American Oversight, Fann referenced communicating with the Trump legal team multiple times in the months before the “audit” was announced, and stated that she had received a “personal call from President Trump thanking us for pushing to prove any fraud.” Logan also wrote, “The only former member of the Trump legal team I talked with in any capacity at all during the audit was Christina Bobb. My conversations with her centered around her organization, Voices and Votes.” Voices & Votes contributed more than $600,000 to the election review.

Pennsylvania Rep. Russ Diamond: On June 14, 2021, Haystack Investigations’ Heather Honey, who worked with Wake TSI and stayed on as an “audit” worker after the firm’s departure, emailed two Pennsylvania legislators with what appears to be draft language for a bill requiring cybersecurity testing of “all computer systems with access to or from the internet or are otherwise made available to the public.” The recipients were state Reps. Seth Grove and Russ Diamond. In December 2020, Diamond received an email from Trump-allied lawyer John Eastman regarding a plan to change the state’s vote totals. The email, with the subject line “Recommendations for Verbiage,” said that the recommended language was “based on Doug’s experience working in this space.” 

Other “Audit” Affiliates: A June 2021 spreadsheet titled “Security List” includes the names of individuals with and without access to the “audit” site along with their respective roles. Among the nearly 2,000 people listed are Jim Lamon, a former U.S. Senate candidate who signed his name to Arizona’s slate of fake electors and is known to have paid for “audit” security guards; and Garland Favorito, founder of a Georgia-based election denial group.

Other Potential Connections

Conan Hayes: The set of documents also includes messages forwarded by Cyber Ninjas employee Sara Metz to an individual named Conan. This may be Conan Hayes, an election conspiracy theorist who has allegedly been involved in the voting machine breach in Mesa County as well as one in Antrim County, Mich. In Antrim County, both Hayes and Logan helped lawyer and later Michigan attorney general candidate Matt DePerno promote allegations of voter fraud in the county’s 2020 election.

Journalists have previously speculated that Hayes may have been involved in the Arizona “audit.” What appears to be Hayes’ email address includes the same domain name as that of Todd Sanders, who was also part of the forensic team in DePerno’s lawsuit accusing Antrim County of election fraud. Both Sanders and Hayes were part of a team led by Patrick Byrne, head of the America Project, to find evidence of voter fraud following the 2020 election.

The emails that Metz forwarded to “Conan” in July and August 2021 were labeled as “possible threat” and contained harassing messages directed toward Cyber Ninjas from an online submission form. Other emails exchanged between Metz and “Conan” in April 2021 referenced a carnival that was taking place outside of the venue where ballots were being counted, which at the time conspiracy theorists said was an attempt to disrupt the “audit.”

Russ Ramsland: On Dec. 10, 2021, Logan emailed conspiracy theorist Shiva Ayyadurai, who subcontracted with the Senate and Cyber Ninjas to work on the election review, regarding the “Active Voters file from Pima [County].” In his message, Logan referenced a “version I got from Russ” — potentially referring to Russ Ramsland of Allied Security Operations Group. Logan added that he was “trying to track down the Voter History to go along with the 12/15 file that Russ provided.” It’s unclear how the voter data was accessed. In December 2021, Logan had presented on “election integrity” at a meeting in Pima County hosted by state Rep. Mark Finchem, a key figure in the partisan election review.

New Details About Cyber Ninjas’ Report

In Microsoft Teams messages exchanged by Logan and a Cyber Ninjas colleague in August 2021, just over a month before the company presented its audit report to the Senate, the pair appeared to express confusion about some of the data they had collected and reviewed. On Aug. 6, Logan wrote to Eric Richardson, “Do you have anything of note for Maricopa County? We’re going to have to report stuff soon.” Richardson reported that “most machines are saying the election database and behaviors files do not match expected values.” Logan replied, “That sounds pretty significant,” and asked if it was the “candidates” or “vote totals” that didn’t match. Richardson responded, “I don’t know,” and added, “because things seem right” and he did not know “why they think they should be different values.” It is unclear to whom Richardson was referring or precisely what values were at issue, but the timing of the exchange and the apparent uncertainty about Cyber Ninjas’ own data underscore the lack of rigor with which the review was conducted. 

Cyber Ninjas’ final report on the sham “audit,” which was released in late September 2021, ultimately did not dispute Biden’s victory while still attempting to cast doubt on Maricopa County’s management of the election process. Records previously uncovered by American Oversight have provided strong evidence of the predetermined hunt for election irregularities that animated the sham “audit”: Election-denying leaders intended to use the ballot review to uncover evidence of fraud and call into question the 2020 election results.

Other messages exchanged in 2021 provide further evidence of the election review’s deeply biased and partisan motivations. In an Oct. 22 email, Logan said that he liked the messaging app Telegram because he can “broadcast information” and doesn’t “have to fight with trolls.” 

In the days leading up to the release of Cyber Ninjas’ final report on Sept. 24, 2021, Heather Honey emailed Logan what appears to be sections of the draft report. “I have asked Stefanie to verify the violation of the law here as well,” she wrote on Sept. 15. This may be a possible reference to Stefanie Lambert, an attorney who was accused this summer by Michigan’s attorney general of being involved in a plot, led by DePerno, to access voting equipment. In another email sent the same day, Honey wrote that “this also needs legal confirmation—waiting for Stefanie to let me know if she is aware of a loophole that would exempt” first-time voters from a voting law requirement. 

New Details on Financial Troubles 

The records also include an email from Logan to “audit” spokesman Randy Pullen, in which Logan reported that Cyber Ninjas and subcontractors CyFIR and StratTech were having cash flow issues and needed more money. CyFIR needed $225,000 “very soon,” Logan wrote on Nov. 11, 2021, “or it will have a large financial impact on them.” 

A July 5 email exchange between Logan and Smith appears to suggest that Byrne’s America Project had stopped supplying Cyber Ninjas with enough money. A Telegram post that Smith forwarded to Logan claimed that “Pat Byrne promised Doug Logan MILLIONS more than he actually gave to Cyber Ninjas” and “Cyber Ninjas is struggling to stay afloat because of false undelivered promises from large donors.” Logan responded, “Yes, funding issues are real.” He told Smith that anyone interested in donating should be directed to Voices & Votes or Election Integrity Funds for the American Republic (EIFFTAR).  

On July 26, Logan responded to an email from an “audit” worker asking about fundraising, writing that EIFFTAR was “the preferred place right now.” He added, “Please note, this is NOTHING against Fund the Audit or the America Project. Its actually the opposite. They’ve been huge supporters of what we’re doing and we’d like the funds to be a little bit more evenly divided among the organizations supporting us.” 

Documents also include a $22,000 payment to Cyber Ninjas made in December 2021 by Defending the Republic, the “audit” funder run by Trump-allied lawyer Sidney Powell. Records previously obtained by American Oversight provide further information about Cyber Ninjas’ funders, subcontracts, and the financial costs of the nearly $9 million “audit.”

More information about American Oversight’s investigation into the Arizona election investigation can be found here, and all filings related to the lawsuit can be found here.