Attempted breach of Ohio county election network draws FBI and state scrutiny

By Amy GardnerEmma Brown and Devlin Barrett November 19, 2021 at 3:55 p.m. EST

Federal and state investigators are examining an attempt to breach an Ohio county’s election network that bears striking similarities to an incident in Colorado earlier this year, when government officials helped an outsider gain access to the county voting system in an effort to find fraud.

Data obtained in both instances were distributed at an August “cyber symposium” on election fraud hosted by MyPillow executive Mike Lindell, an ally of former president Donald Trump who has spent millions of dollars promoting false claims that the 2020 election was rigged.

The attempted breach in Ohio occurred on May 4 inside the county office of John Hamercheck (R), chairman of the Lake County Board of Commissioners, according to two individuals with knowledge of the incident, who spoke on the condition of anonymity because of the ongoing investigations. State and county officials said no sensitive data were obtained, but they determined that a private laptop was plugged into the county network in Hamercheck’s office, and that the routine network traffic captured by the computer was circulated at the same Lindell conference as the data from the Colorado breach.

Together, the incidents in Ohio and Colorado point to an escalation in attacks on the nation’s voting systems by those who have embraced Trump’s false claims that the 2020 election was riddled with fraud. Now, some Trump loyalists pushing for legal challenges and partisan audits are also targeting local officials in a bid to gain access to election systems — moves that themselves could undermine election security.

An FBI spokeswoman confirmed Thursday that the bureau is investigating the incident in Lake County but declined to comment further. Investigators are trying to determine whether someone on the fifth floor of the Lake County government building improperly accessed the computer network and whether any laws were violated.

Investigators with the office of Ohio Secretary of State Frank LaRose (R) believe a government official appears to have facilitated the attempted breach of the election network in Lake County, a spokesman for LaRose said.

Asked in a telephone interview whether he knew of the attempted breach or participated in it, Hamercheck said he was advised not to discuss the investigation. “I’m aware of no criminal activity,” Hamercheck said, and added: “I have absolute confidence in our board of elections and our IT people.”

Ahead of the incidents in Ohio and Colorado, county officials in both places — including Hamercheck — discussed claims of election fraud with Douglas Frank, an Ohio-based scientist who has done work for Lindell, according to people familiar with Frank’s role, who spoke on the condition of anonymity to describe private discussions.

Frank, who has claimed to have discovered secret algorithms used to rig the 2020 election, has been traveling the country trying to convince election officials that the vote was riddled with fraud — and that they should join the effort to uncover it, he told The Washington Post in a series of interviews.

Frank has told The Post in recent months that he has visited “over 30 states” and has met with about 100 election administrators. He would not say how many local election administrators he has persuaded to join his cause. “I deliberately protect my clerks. I don’t want anybody to know who they are,” Frank said.

Douglas Frank greets Donald Trump supporters before the former president arrives to speak at a rally at the Lorain County Fairgrounds on June 26 in Wellington, Ohio. (Jabin Botsford/The Washington Post)

In an interview Friday with The Post, Lindell said that although he has hired Frank for some projects, he does not fund Frank’s speaking engagements across the country and knew nothing about what happened in the election offices in Mesa County or Lake County. “I have no idea what you’re talking about,” he said.

In April, Frank traveled to Grand Junction, Colo., where he made his pitch during a public talk and also privately to Tina Peters, the clerk in Mesa County, and several of her colleagues. He told The Post that his presentation persuDouglas Frank greets Donald Trump supporters before the former president arrives to speak at a rally at the Lorain County Fairgrounds on June 26 in Wellington, Ohio. (Jabin Botsford/The Washington Post)aded Peters of the need to examine whether fraud occurred, and that he subsequently connected her with someone in Lindell’s circle who he believed could help.

An elections supervisor embraced conspiracy theories. Officials say she has become an insider threat.

Colorado election officials have since accused Peters of sneaking an outsider into Mesa County election offices to copy the hard drives of machines manufactured by Dominion Voting Systems, a company cited in conspiracy theories by Trump and his supporters.

In October, a state judge prohibited Peters from supervising the upcoming local elections, citing her efforts to copy the hard drives. On Wednesday, FBI agents searched her home and that of several of her associates as part of an investigation into possible wire fraud and computer crimes.

Peters has previously claimed that she has been targeted by powerful forces trying to block her from finding the truth. In a statement to The Post this week, a spokesperson for Peters’s legal defense fund said the searches constituted “a level of weaponization of the Justice Department we haven’t seen since the McCarthy era.”

Frank also took part in a discussion earlier this year with Hamercheck, the Lake County, Ohio, commissioner, according to an individual familiar with the incident, who spoke on the condition of anonymity because of the ongoing inquiries.

In an interview with The Post on Thursday, Frank said he did not remember speaking to Hamercheck or have any record of the call. He said he has met so many people in the past six months that he cannot recall them all. But Frank said the version of events described in Lake County sounded “plausible” because it was “exactly the model that we did with Tina.”

“Do I remember that call? No,” he said of the Hamercheck conversation. “Does it sound like me? Yes.”

County records obtained by The Post through a public-records request show that Hamercheck, an engineer and retired police officer, used his security badge to swipe into the fifth floor offices multiple times during the roughly six-hour period when, according to the leaked data, the laptop was intermittently connected to the county network on May 4, the date of Ohio’s spring primaries.

Ohio election officials said they first learned of the attempted Lake County breach after Lindell’s August symposium, where he promised to unveil evidence of widespread fraud across the country.

Copies of the Mesa County hard drive were presented publicly there, and cyber experts in attendance said they also received copies of network data obtained from Lake, Mesa and Clark County, Nev. Lindell told The Post on Friday that the network data were distributed by a rogue attendee without his knowledge or permission.

Officials in all three states, as well as independent cyber experts interviewed by The Post, determined that the network data — known as packet captures, or PCAPs — contained no sensitive information from a protected network.

The data from Clark County — home of Las Vegas — was captured via the county’s guest wireless network, according to county officials. Rob Graham, a cybersecurity expert who attended the Lindell symposium and examined the data, said it was recorded on Dec. 1, 2020, with a laptop that was set up to capture only its own actions, not county network traffic.

Ohio state officials said the attempted breach in Lake County also yielded limited data, a possible sign that the person or people responsible may not have had technical expertise.

Ohio officials examined the data captured in Lake County and quickly determined that multiple layers of security prevented the compromise of election information or equipment. The network cable in Hamercheck’s office is connected to the county government network, but the county’s Board of Elections operates a separate network behind its own firewall that recognizes only authorized devices.

“We are thrilled that our infrastructure stayed strong,” said Ross McDonald, director of the Lake County Board of Elections, who added that the county is awaiting the results of the state and federal investigations.

After his office assessed the attempted breach, LaRose, who oversees election administration across Ohio’s 88 counties, referred the matter to federal, state and local investigators.

“It’s concerning that somebody would — especially somebody in a government office, somebody who is an elected official, or somebody who’s part of county government — would not realize all of those safeguards exist and would try to engage in some sort of a vigilante investigation,” LaRose said in an interview with The Post. “The good news is that our system of cyber security in Ohio is among the best in the nation.”

Officials with the Lake County prosecuting attorney and the Ohio Bureau of Criminal Investigation did not respond to requests for comment.

Much like in Lake County, the Mesa County network data were captured in multiple sessions over the course of about four hours in May, nearly three weeks after the attempted breach in Ohio and on the same day a Mesa County voting machine hard drive was copied.

Local, state and federal authorities began investigating the alleged breach in Mesa shortly after Lindell’s symposium in August, when copies of hard drives from county voting machines were presented.

That same month, officials obtained search warrants to examine Peters’s cellphone data, take DNA swabs from election machines, remove Dominion equipment from Mesa County’s offices and obtain records to determine who obtained access to the secure tabulation room following Frank’s visit in April, as The Post previously reported.

This week, the FBI searched the homes of Peters and several of her associates, including Sherronna Bishop, a conservative activist and former campaign manager for Rep. Lauren Boebert (R-Colo.) who introduced Frank at his public talk in Grand Junction.

Lindell described the searches during an interview Tuesday on “War Room,” the podcast of former White House strategist Stephen K. Bannon. In a statement to The Post, Bishop accused the FBI of using “brute force” in executing the search warrant at her home, including using a battering ram to open her door and handcuffing her in front of her children. She said she had been “available and transparent to any organization that wanted to speak with me” and accused the Justice Department of “terrorizing parents.”

In a statement, the Colorado attorney general’s office disputed those descriptions, saying that “this judicially authorized search was executed in a professional and lawful manner.” A spokeswoman for the FBI confirmed that the bureau “conducted authorized law enforcement actions . . . in support of an ongoing investigation” and declined to comment further.

The search warrants left at Bishop’s home indicate that the FBI is investigating potential crimes including intentional damage to a protected computer, wire fraud, conspiracy to cause intentional damage to a protected computer and conspiracy to commit wire fraud, according to details she shared in an interview with right-wing media personality Brannon Howse.

Trump supporters listen to a presentation by Frank about alleged election fraud at the June 26 rally in Wellington, Ohio. (Jabin Botsford/The Washington Post)

Frank argues that the 2020 election was tainted by an elaborate conspiracy involving inflated voter rolls, fraudulent ballots and a “sixth-order polynomial” — claims that have been repeatedly debunked.

Inside the ‘shadow reality world’ promoting the lie that the presidential election was stolen

One associate of Frank and Lindell is Conan James Hayes, a former pro surfer whom Frank described in an interview with The Post as a “white hat hacker” who has done projects for Lindell and has been responsible for obtaining and analyzing cyber evidence of fraud. Lindell told The Post that he has hired Hayes for several “piecework” jobs this year related to investigating election fraud, but none involved helping local officials obtain data from their networks or machines.

Asked whether he knew if Hayes was involved in gathering data from Lake and Mesa counties, Frank said: “I should probably not say. That’s just me being, I think, prudent.”

Hayes’s name also came up at the Lindell symposium, where Ron Watkins, the former administrator of the 8kun message board, where the QAnon conspiracy theory has been promoted, announced that Hayes may have stolen the hard drives from Mesa County.

A few moments later, Watkins said Hayes “did have permission to take the hard drive, but did not have permission to upload it.”

Watkins’s lawyer told the news outlet Vice that Hayes was Watkins’s source for the hard drives — but declined to discuss the matter in an interview with The Post.

Hayes could not be reached by phone and did not respond to emails seeking comment.

Metadata from the copied Mesa County hard drives show that the copies were made by someone using the identifier “cjh,” according to Graham and Harri Hursti, cybersecurity specialists who attended the Lindell symposium and reviewed the hard-drive copies. Those initials match those of Hayes.

Similarly, the Clark County data was captured by a computer called “cjh’s MacBook Pro (2),” according to Graham.

In both Lake and Mesa counties, the data were captured by the same type of gaming laptop, using the same software and same Windows operating system, metadata shows.

Hayes was one of seven people named in court documents who copied Dominion hard drives as part of a lawsuit filed by a local real estate agent who claimed election fraud in rural Antrim County, Mich., last fall. The hard drives, copied with permission of the court, allegedly showed that Dominion machines were rigged, according to a report submitted by the plaintiff in that case last December.

That central claim of the report was immediately debunked by experts, including by the Department of Homeland Security, but it was cited by Trump and his allies as they sought to overturn President Biden’s legitimate victory. A state judge dismissed the suit in May.