The firm has conducted more than 200 such audits over 13 years in business. “Our level of comparison data is unmatched,” Keir Holeman, a Clear Ballot Group vice president, wrote to the Republican-controlled Senate. He never heard back, he says.
Now the untested, little-known cybersecurity firm is running a partly taxpayer-funded process that election experts describe as so deeply flawed it veers into the surreal. Its chief aim, critics say, appears to be testing far-fetched theories, rather than simply recounting votes — an approach that directly undermines the country's democratic traditions.
“If I give you 20 M&Ms, and you want 30, you can keep counting it, but you did not get 30 M&Ms,” said David Becker of the Center for Election Innovation and Research, a former Department of Justice voting rights attorney and elections expert. “This is not an effort to find the truth."
Experienced vote counters have watched the process in shock. Arizona Secretary of State Katie Hobbs, a Democrat, said this week Maricopa County will need to replace all of its election machines because their security has been permanently compromised by the auditors. Experts note the review isn’t following standard recounting procedures and, unlike with other election audits in Arizona, members of each major political party are not at each table observing the counting.
The auditors are checking for bamboo fibers to test a theory that tens of thousands of fake ballots were shipped from Asia. A onetime treasure hunter who claims to have invented a new method to automatically spot ballot fraud says his technology is being used in the review.
It's become too much for some Republicans. The Maricopa County Board of Supervisors, all but one of whom are Republicans, this week accused Republicans in the Senate of having “rented out the once-good name of the Arizona Senate” to “grifters.”
“Your ‘auditors’ are in way over their heads,” the board wrote in a letter.
Cyber Ninjas' defenders say they're creating a template for a re-examination of the election in every battleground state Biden won. Trump allies have already called for similar operations in Georgia. And criticisms about the firm's lack of election experience are hollow, its advocates argue, because the Arizona audit is unprecedented.
“This is an audit like none that has ever been performed,” said Patrick Byrne, the former chief executive officer of Overstock.com who has been raising money for the audit. “This audit is an audit check for all forms of mischief.”
The man running the operation, Cyber Ninjas chief executive officer Doug Logan, declined through his spokesman to be interviewed. He has only answered questions from reporters in public once, during a contentious press conference last month.
“There's a lot of Americans here, myself included, that are really bothered at the way our country's being ripped apart right now,” Logan said. “If we go through here and we don't find any fraud, I will be ecstatic.”
Maricopa County has already conducted two audits, which found no problems with the count in the state's most populous county. At the urging of Trump supporters, the Senate insisted on a third and subpoenaed more than 2 million ballots from the county.
When the Senate leader went looking for an elections firm to do the work, she did not put together a formal request for proposal, as is typical for government contracts. Fann said she and her staff reached out to several firms and got two bids back — the one from Clear Ballot Group for $450,000 and the other from a cybersecurity group called Intersec Worldwide. Fann said she preferred the Intersec proposal, but balked at an $8 million price tag.
In an interview, she said she could not recall who had referred her to Cyber Ninjas. “To be honest with you I can’t even tell you exactly what path led me there,” Fann said.
But Fann had tapped into a loose network of computer security experts who had become active in pro-Trump election conspiracy theories. In a self-published book written this year, Byrne dubbed the group “cyber ninjas” — a term used by so-called “white hat” hackers who defend against online intrusions. Byrne told AP that, in December, he and Logan “crossed paths in a few places.” But Byrne said he wasn't involved in the audit bid and does not know Logan well.
Logan, 42, in December had tweeted and retweeted references to the conspiracy theory that voting machines were hacked to switch votes from Trump. “The parallels between the statistical analysis of Venezuela and this year’s election are astonishing,” Logan tweeted, with a #StoptheSteal hashtag that referenced the pro-Trump movement seeking to overturn the election.
Logan also served as an expert witness in a pro-Trump lawsuit raising conspiracy theories about the election in Antrim County, Michigan. Another cybersecurity professional who filed an expert witness affidavit in that case, Ben Cotton, was a partner on the Intersec proposal. Cotton's own firm, CyFIR, which did not respond to a request for comment, is now a subcontractor on the Arizona audit.
The Senate agreed to pay Cyber Ninjas $150,000 in state money, but it is not clear how much more the audit will cost and who is paying for it. The pro-Trump One America News Network raised $150,000 in a single day in April and has continued to ask for donations. Byrne has also started a fundraising drive with a group that says it has raised $1.7 million with a goal of $2.8 million. Neither will have to disclose donors or account for how the money is spent, and Logan has declined to detail financial information.
Byrne's organization is also involved in recruiting volunteers. The audit's liaison with the Senate sent an email to local Republicans last week asking for more volunteers and referring them to the website of Byrne's organization's to apply. Byrne said his group simply refers volunteers to Cyber Ninjas for “vetting.” The email was first reported by The Arizona Republic.
Logan started Cyber Ninjas in 2013 in Indiana after working for two years for a cybersecurity firm called Cigital, according to his LinkedIn profile and Cyber Ninja press releases. He moved his firm from Indiana to Sarasota in 2014, according to the Cyber Ninjas website, which quotes Logan describing the firm as a “Christian company.” Last year, when Cyber Ninjas received $98,000 in federal COVID relief money, it claimed five employees.
At a public presentation last week, Logan cited as part of his qualifications that his firm “worked with some of the largest names in the financial services space.” Two of the companies he lists as former clients in his expert witness statement, Citibank and JP Morgan Chase, said through spokespeople that they have no record of hiring Cyber Ninjas.
Logan's scant public record before the audit was a history of volunteering for the U.S. Cyber Challenge, a training event for internet security amateurs and professionals. In 2015, Logan received an award from the security firm SANS for his volunteerism with the event,
John Pescatore, the SANS employee who oversees the award program, said Logan was cited mainly for designing an online “capture the flag” game where players try to hack into an opponent's base. “It takes a lot of work,” said Pescatore of Logan's volunteering. He added he doesn't know Logan but Cyber Ninjas has a good reputation for testing companies' systems for vulnerabilities, its market niche.
A spokesman for the U.S. Cyber Challenge did not respond to repeated requests for comment.
Logan is not the only person associated with the effort to overturn the 2020 election who is working on the audit. Jovan Pulitzer, an inventor who unsuccessfully pushed for a post-election audit in Georgia, has said his technology is being used to detect altered ballots.
Pulitzer is also a former treasure hunter and author of a series of books on lost treasures, including one titled “How to Cut Off Your Arm and Eat Your Dog.” In 2000, he developed a barcode scanner called Cuecat that purported to link print magazine ads to the internet. It was later named one of the 50 worst inventions of all time by Time magazine.
Bob Christie in Phoenix contributed to this report.