Showing posts with label fraud. Show all posts
Showing posts with label fraud. Show all posts

01 December 2024

ConVocation


Adven map of fake headquarters
Presumed US location of Adven

Consequences

Lily has a knack for drawing scammers like some people attract mosquitoes with similar blood-sucking results. You’ve met Lily a couple of times including a phishing scam involving Chase Bank.

I’m dismayed how often Chase victimizes its customers, freely handing out money to con artists and then blaming customers. I’ve noted a number of Chase fraud stories since and spoke with a lady who lost tens of thousands to a scam that Chase refused to acknowledge. Because Lily received advice to withdraw her funds and not a penny more, she remains the only person I know who survived monetarily intact.

She and I spent hours making phone call warnings and visiting Chase and state police, trying to apprise them of a crime in progress. We explained how the fraud worked, despite snorts and sniggers and snarky wishes *they* had a friend (wink, wink, nudge, nudge) who’d deposit thousands in their account.

“There is no money,” I insisted.

“Sure there is, we can see it right… right… Wait! Where did it go?”

After the fact, the bank blamed Lily and demanded she reimburse them for their shortfall and shortcomings as a so-called trusted financial institution. Ha. That’s ever likely.

Adven picture of fake headquarters
Presumed US headquarters of Adven

Conversation

Lily sometimes struggles. She listed with LinkedIn seeking work at home. Unlike some, the girl self-motivates as long as the job doesn’t require copying the Encyclopædia Britannica in longhand.

Out of the blue, she receives a message from a European company expanding into North America. They require Lily to take a test and write an essay, but she’s hopped. She can take on as much work as she chooses and the pay is respectable, even a bit higher than her current salary, nicely filling in financial gaps.

instructions and interview via iMessage instructions and interview via iMessage instructions and interview via iMessage
instructions and interview via iMessage instructions and interview via iMessage instructions and interview via iMessage

Conjecture

Lily excitedly calls her boyfriend, she calls her mother, she calls me. I can’t pinpoint what, but something sets off my alarms. I ask for all the information she can provide, including text messages and anything else she can tell me. The list of accounting programs dismays me. Normally companies seek one or two, not half a dozen. I’m putting a damper on her happiness, but it turns out her boyfriend also senses something off.

I go to work.

Content

First thing, Adven exists. It’s a 600 employé company registered with a real web site and a presence in other European countries. But they mention nothing in the Americas. Okay, the contact explains they are setting up shop in the US.

I’ve been through that before, working for European concerns expanding into the States and vice versa. I consider calling to double check and notify Adven I suspect they are being used in a scam, but for the moment, I opt to let things play out.

FedEx pack containing fake check

Further research reveals Hanna Summa is a real person with a Linked-In page and a profile on her company’s web site. Acting so hands-on for a potential entry level employee raises an eyebrow, but again, I’ve seen this within major corporations when placing fresh folks overseas. Directors and vice presidents keep an eye on details to avoid screw-ups.  An executive engaging with new staff and line isn’t inconceivable.

Meanwhile, this ‘Hanna Summa’ assigns Lily an essay. I suggest she consider an AI piece to avoid heavy vestment at this early stage, but, honest as she is, she writes a paper as agreed. Hanna Summa promises to send a check.

And she did.

fake check complete with holographic seal

Concept

I recognize the scheme. I advise Lily not to deposit it, but ask her bank to vet the check. Most checks clear the same day, but occasionally a draft may take fifteen days or so to slog through the system. This is where this type of scam takes root. Senders instruct their victim to spend or send much of that money elsewhere, ultimately into scammers’ own pockets. By the time a check is returned as fraudulent, it’s too late– the victim has been financing the scheme with her own money.

Conversion

This method obviates another scheme, the business of money laundering. Con artists arrange with a person in another country to sell goods or collect and distribute funds and perhaps packages. The unknowing party isn’t so much a victim as a patsy, flushing money through the system. In one case, a foreign ‘artist’ arranged for ‘commissioned partners’ in North America to sell his paintings, retain 10% and return 90% to the cheerful dauber who just laundered illicit monies or and avoided taxes.

Contrariwise

Meanwhile back at the bank, instead of making a conditional deposit as usual, at Lily’s behest, clerks go to work investigating that critical slip of paper with its excellent engraving and holographic sticker between the memo and signature. When they reluctantly hand the check back to Lily, they shake their heads but with respect for her instincts.

Still playing along, Lily tearfully informs her Adven contact that her bank has refused the check, saying it was no good. Our fake Hanna expresses shock and dismay, shock I say, shock. She posited her company’s accounting partner inexplicably made a mistake, perhaps a matter of misinterpretation. She will investigate and get back to Lily posthaste.

Shock, I tell you.

Lily is still waiting for the results of the investigation.

Conclusion

Lily merely wanted earnest work to make an honest wage. Reaching back to the J.P. Morgan Chase episode, her first reaction was to visit the bank at least twice and explain something was wrong.

Opinionated pundits contend victims perpetuate swindles because of their greed. I disagree with such a blanket statement. ‘Found cash’ scams work because no owner can be found. ‘Bible bequests’ play upon emotions of grief, not greed, supplemented by deepset religious underpinnings. Avarice might motivate cynical experts, not necessarily others.

I sometimes toy with fraudsters, an activity called scam baiting. My approach is more psychological than technical. One future day I might talk about that, but know I have no sympathy for those who drain bank accounts and ruin lives.

02 August 2024

Does It Have to Be Murder?


Ocean's 11
Warner Bros.

I've been chatting with a podcaster about the upcoming season for her and her husband's show, where they read mysteries live. The husband, who handles the music, tries to solve the mystery by the end of the show. She can't because she reads every story before it's even accepted.

This year, they're doing something different. Anything but murder. Which got me thinking (and about more than my proposed story.) Does every crime fiction story need a body count?

This summer, I'm editing anthologies. A lot of anthologies. Plus, I read an ARC for the upcoming Bouchercon anthology. Virtually all the stories in that and two of the anthologies I've copy edited involve murder. My next anthology short story? Murder. The last three crime fiction novels I've read? Murder. Hell, one was the basis for Season 1 of Bosch.

While I've never agreed with Donald Maas's philosophy of increasing the body count with each book in a series – Let's call that what it is: a cheap ploy eventually leading to bad writing – I do concede murder is the highest of stakes. You're taking a life. If you ask most people how many of the Ten Commandments they've broken, the more honest will likely say, "I ain't killed anyone. Yet." Everyone lies at one point or another. Most people have taken something that wasn't theirs, broken with their parents, and that most underrated of the Big Ten, envied. I'm reading Cormac McCarthy right now, and boy, does he give a writer a case of envy. Leaving out the "God commandments," we continually break the Sabbath. Hell, I'm writing this on a Sunday morning. And while most people get through life without cheating on a lover or a spouse, more do than will admit it. But murder?

Murder is the big one. The taking of life. Most people quote that commandment as "Thou shalt not kill," but really, the original word translates as "murder," the deliberate taking of life. Killing in war or self-defense doesn't count because that other person is trying to kill you, or at least, inflict grievous harm. Accidents? You might get sued, but you won't go to prison unless you did something really stupid, like drive drunk or neglected some obvious bit of safety. But the deliberate taking of life? Either in a fit of rage or through (allegedly) careful planning?

I don't care what religious creed you follow, even if you're an atheist -- or maybe especially if you are one – that's the big kahuna. Taking life deliberately and without any mitigating reason is a huge crime against humanity.

But is it possible to write about crime and not murder? Does it really need a body count?

It takes a bit of skill, and quite often, it goes toward comedic. Oceans 11 is a prime example. It's the heist. It's George Clooney and Brad Pitt being smartasses. The source material is an excuse from Frank Sinatra, Dean Martin, and Sammy Davis, Jr. to play cops-and-robbers.

Catch Me if You Can, the Tom Hanks-Leonardo DiCaprio vehicle based on real life, focuses on Leo's cat-and-mouse game with Hanks's FBI agent and their later collaboration. Murder is not a primary plot device.

Cannonball Run movie poster
Cannonball Run

And if you want to get to the heart of it, the two Cannonball Run movies are really light-hearted (and admittedly light-headed) crime movies. The crime just happens to be an illegal road race that turns into a bunch of comedy sketches sewn together.

But notice the tongues firmly planted in cheeks for these movies. There are relatively few bodies in these films. And when there are, it's often an accident or natural causes, sometimes the inciting event.

Yet if you go all the way back to one of the first modern detective stories, Edgar Allen Poe's "The Purloined Letter," the plot does not center on a body but a missing letter. Our intrepid detective, Dupin, foreshadows Sherlock Holmes in his talent for looking beyond the obvious. The letter is soiled and wrinkled, looking like an old, well-worn paper and not a recently written missive that could bring down the French government. Doyle would revisit this time and again. The stories are not comedic, but neither do they depend on a body.

So, does it have to be murder? For the same reason we all rubberneck at a traffic pile-up or a train wreck, murder grabs our attention faster. Someone's life ended because someone else deliberately ended it. But there are plenty of ways to spin up other crimes: Theft, fraud, adultery (not a crime, but a dirty deed.) It's all in how you handle it. Instead of bleeding, someone simply needs to ask, "Are you in or out?"

Now, if you'll excuse me, I have to sketch out a story of the adventures of Florida Man!

03 September 2023

The Digital Detective ~ Robocall Killers


Minutes ago my phone rang. I glanced at the caller ID. Usually it shows ‘Spam Likely’ and I swipe it off the screen. This time it gave a name I didn’t recognize. An unknown caller could have something to do with business, insurance, medical… who knows? I answered. Here are tips I’ve discovered to deal with telemarketers.

old-fashioned telephone receiver

Tip 1

Like everyone else, I say hello immediately. I quickly say hello again and, hearing nothing, I’ll immediately hang up: a 1, a 2, click! Type A people do that– state your business or leave. Occasionally I catch half a syllable from ‘Mary’ or ‘Hector’ or ‘James’ from Indianapolis (INDIAnapolis) just as they might have caught my second Hello, but I’ve evaporated. I identified a spammer and dealt with the problem.

How does this benefit?

Robocaller machines initiate spam calls. I’m making educated assumptions, but it takes a couple of seconds to transverse the continents to India and then another moment or two for their operative to punch the connect button. They might hear my second hello, but by that time, I’m already gone.

But what if the call was important?

Naturally, they’ll phone back. In the course of fielding zillions of these interruptions, not one has called back. I suspect they’re geared to use auto-dialers but don’t permit manually dialing out.

Opinions to the contrary abound. Hanging up confirms a real person is at your end of the line, and, the belief goes, your number is marked for endless re-dialing. But, unless a robodialer hears the three tone SIT (special information tones) indicating “not a working number” or “number not in service”, it knows it has reached a valid telephone. It will try and try again no matter what.

Tip 2

Have you received a call from a cheery voice who asks, “Hello? Can you hear me?” Or a man who says, “How are you today?”

It takes training oneself, but don’t reflexively answer yes, okay, fine, good, lovely, peachy. You do not want professional spam callers to hear those words. Why?

Your voice is recorded on a separate track from theirs. That makes it easier to race through a recording where your mention of details can be readily found and identified. But it also makes it easy to manipulate the semblance of the conversation based on affirmative answers about the audibility of the call or the state of your day. With a push of an on-screen button, a trivial program can take your answers and turn one conversation into another:

“Hello? I’m calling on a recorded line. Can you hear me?”
“Yes, of course.”
“Good. How are you today?”
“Okay, fine.”

Misusing your answers can automatically result in repurposed recordings like:

“Hello? I’m calling on a recorded line. May I have your permission to continue?”
“Yes, of course.”
“Excellent. Can I sign you up for toxic chemical carpet cleaning, a new water hardener, a vacation to exciting DoofusLand, and a subscription to Mayonnaise Monthly?”
“Okay, fine.”

I stress reports of manipulated recordings are anecdotal chatter on discussion boards, but accusations recur and cherry-picking a victim’s responses is easier than you think. The result is that recipients claim they never intended to buy or even give telemarketers permission to call them. I’m not aware lawbreaking telemarketers have attempted to mislead the FTC, but simply initiating pre-recorded calls violates FTC’s own TSRs– the rules for telemarketers.

old-fashioned desk telephone

Do-Not-Call

The National Do-Not-Call Registry (888-382-1222 / https://www.donotcall.gov/) would be a good idea if spammers paid attention to it. Register all the same; it might dissuade one or two.

This article doesn’t delve into some technologies such as STIR/SHAKEN, which caused a brief 4½% dip in telemarketing attacks, only to climb more than ever before. One of the more common tricks is to spoof the victim’s area code and exchange (first six digits) to hint to the recipient of a neighborhood call. Others will throw false caller IDs on the screen such as Amazon, Apple, or Google.

Visit your App Store. Following is a list of apps you might find useful. Some rely upon collected databases of known spam numbers. You might hear this in action if your phone chirp or rings once and then stops. It had experienced a delay finding the number in a database. While useful, database apps don’t stop spammers from spoofing valid numbers.

Let us know your experience and useful tips.

ActiveArmor EyeconNumbusterShould I Answer
Call BlockerFind Caller Reverse CallerTruecaller
CallAppHiyaRoboShieldWhoscall
Calls BlacklistNomoroboRoboKillerYouMail

23 April 2023

The Digital Detective, Banco and Bunco, Part 2


Resuming from last week

Money Laundering

Checks (‘cheques’ in other English-speaking countries) are becoming less common in our digital society, but they still have their uses: Investors often receive dividend checks, some companies send refund checks, and many of us write checks to our lawn guy and housekeeper. Check handling still holds a place in our economy and so does a scheme called ‘check washing’.

Crime segments on programs like Dateline and 20/20 have warned us against the practice of bad guys plucking checks out of mailboxes and ‘washing’ them in a ‘household chemical’ bath. Then with a blank check in hand with the original signature, they fill in a new payee and amount. The scheme can work with bonds, wills, and other instruments, anything with a dye-based ink written with ordinary pens. Very old inks comprised of iron compounds remain unaffected.

Wait. Are you going to share with us?

What is the household chemical? Enquiring crime writers want to know.

The answer is ink-dependent and I’m aware of two compounds. Women baddies may have an advantage: The primary go-to chemical, acetone, is the principle ingredient in fingernail polish remover. Other dye-based inks may better respond when treated with ordinary bleach.

Here’s a how-to video by Dr Uniball… (Shh. I know, I know, the poor man. I’m afraid Dr Uniball suffered an unfortunate lab accident.) That aside, here is one of his experiments:

Note: Although not mentioned in the video, fraudsters can preserve the signature by covering it with transparent tape. Ink not so protected washes away.

So how can you shield yourself against lawnmower man bleaching your check or your nifty cleaning lady rewriting the palty cheap-ass amount after an acetone bath? You can purchase speciality India ink pens costing in the hundreds of dollars. Or, as I recently learned, you can buy a less than two dollar Uniball at your local Dollar Store. This pigment-based pen is made by Mitsubishi Pencil Company, yes, a sister company of the car manufacturer. Look for Uniball 207, pictured here:

UniBall 207 pen

But wait. If you’re a fraudster and your victim banks with Chase or certain other banks, you don't have to bother erasing and filling in checks. Crooks have discovered Chase’s sloppy remote banking by smartphone looks only at the numeric dollar amount and routing number. Bad guys can add in an extra digit to the dollar amount, changing it from hundreds to thousands. Chase doesn’t trouble themselves to validate the written amount or check the written payee matches the conman’s name on the account. They even allow the same check to be deposited more than once.

BoA Signs of Fraud
Signs of Fraud from Bank of America

A casual survey suggests Chase Banks may figure in more frauds than all other banking institutions combined.Worse yet, Chase battles customer victims who try to get their money back. Lily, our Chase target in a previous article did everything right, trying to get an oblivious and lackadaisical Chase to take action. And they die– they blamed her.

No place in the world is safe from fraud, but if YouTube is to believed, Arizona suffers an outsized number of attacks. And naturally, Chase customer service isn't there when needed.

From A to Z, ATM to Zelle

Zelle is German for jail, literally, a prison cell. I’m frankly surprised it doesn’t mean Sucker!

I can’t trust Zelle. If accounts of a money app can’t be viewed and studied on the web, the customer/victim is at a disadvantage when attempting to reconcile transactions. Unfortunately banks and society at large push us in that direction.

Former business partners owed me money and had been steadily paying me through Sun Bank. Abruptly payments stopped. I notified them. It turned out Sun wanted to cease sending direct, electronic payments to my bank (and others) and insisted its ‘partners’ use Zelle. The problem was that Sun submitted payments into the black hole of Zelle, but my bank didn’t see them.

“Not our problem,” said Sun. “Call Zelle.”
“Not our problem,” said my bank. “Call Zelle.”
“Not our problem,” said Zelle. “Call your bank.”

This occurred after repeated and futile attempts to get a phone number for Zelle, who declined to help because they were ‘too far removed from the situation’, claiming they were outside the transfer rather than being the conduit. It took four months of repeated complaints to resolve the issue.

☚☛

As you might imagine, Zelle is a convenient tool for fraud. In one particular scam, you receive an SMS text that your bank account has been put on hold, pending unusual activity. You phone the conveniently provided phone number, and a polite professional asks how she can help you.

She ‘checks’ your account, saying it appears nefarious forces are attempting to penetrate your security. The solution is to safely move your money into a bank-approved Zelle account. If you’ve not heard of Zelle, she provides you a web link showing your bank works with Zelle, and she’ll help you set up a new free account, which will make bill paying so much easier.

Ten minutes later, your new Zelle account is all set up and your money moved into it. “Thank you, thank you,” you say before hanging up, upon which the scammer sets to work. You receive another text message, this time from your real bank. Your accounts have been emptied.

“Not our problem,” says Zelle. “Call your bank.”
“Not our problem,” says your bank. “Call Zelle.”

16 April 2023

The Digital Detective, Banco and Bunco, Part 1


One upon a time I was scammed, or rather American Express was. In my consulting days, a pair of cancelled flights kept me hostage at Chicago Airport for ten hours, which covered a couple of mealtimes. For one of those, I plunked down in their sit-down restaurant and partook. And was partaken without my knowledge.

The end-of-month credit card statement showed a charge that could have fed a family of twelve instead of not-so-little ol’ me. AmEx explained this was called a ‘waiter’s charge,’ literally so in my case. A waiter hands you a bill in a black leather folder. The diner casually tucks a credit card in the folder and the waiter carries it away. At this juncture, the fraud happens.

If the restaurant keeps a computerized tally, the waiter adds on an additional lobster and a hell of a tip. Without an ongoing account, a waiter simply adds in a dollar figure. In olden days, waiters might run two or three blank slips through the imprinter for later use. These days thanks to skimming devices, a waiter can mint a new card before you leave the premises.

Once a card is out-of-sight, waiters can do anything they wish.

As did a waitress in Minneapolis’ beloved Pannekoeken Huis. Two things had come together to draw my attention to a minor racket. Unlike my girlfriend whose sharp eye for cash register fiddles caught one in the middle of a famous theme park, I don’t have specialized training in these things. However, a conversation with a vice president of finance at the company I consulted for raised my awareness. After meals, he carefully perused the bill and credit card slip, commenting he’d find mistakes nearly half the time and went on to prove it.

Bad Taste

And so I found myself in the very restaurant where he’d enlightened me. Frankly, the waitress did little to avert attention to herself. In a Midwestern city where everyone is friendly, she was unusually hostile. Perhaps it was the result of a bad morning, but she acted distinctly sour. Thus when the check came and bearing in mind the VP’s admonition, I looked over the register’s paper tape and there it was… or in this case wasn’t. The line items didn’t match the inflated total.

Her scam took but a moment to unravel. The register tape provided the clue– the restaurant’s logo was missing at the top of the tape. She’d rung in a false item, rolled the register’s tape forward several inches and tore it off, and then rang in the real breakfast tab.

I brought it to the attention of the front-of-house manager. That trusting soul cheerfully waved off the discrepancy as a register glitch. Fine, not my problem, but the practiced moves of the waitress announced she’d done this many times. I did not encourage her by leaving a tip.

That wasn’t why he glanced at your derrière

Does your credit card have a tap ’n’ go icon? If so, it has a built-in bit of electronics called passive NFC… near field communications, a cousin of RFID. Your cell phone may have something similar, but is active NFC because it’s battery powered. They work on the same principal as store exit scanners that sense security tags still attached to the jacket you just bought.

Besides the likelihood of your butt mashing your phone, NFC is a major reason you shouldn’t carry your phone in your hip pocket. A passerby brushes her phone past your pocket and *snap* — she’s captured your information.

Sleight-of-Hand

Scams can happen other ways. You check out of your doctor’s office, or you pay at the window of that overpriced restaurant, or you’re enqueued at Wendy’s drive-thru window and your fuel gauge is running low as is the patience of the guy behind you who taps his horn for the third time but it’s not your fault because your salad isn’t ready and finally the server comes to the window and hands you a bag with a freckled girl’s face on it and says, “That will be $36.80,” and you realize for that kind of money you could have dined at Pannekoeken Huis with money left over but you dig through your purse and there’s your MasterCard that you hand over and a second later he hands it back followed by a receipt that you stuff in your purse and before the guy behind you can blast his horn again you pull forward and out of his way, yet when you get home you receive a text message that your credit card has hit its limit. What? How can that be? You should have at least fifty dollars to spare.

And there it is: Instead of $36.80, you were charged $96.80. Maybe the guy’s finger slipped ringing it up. But wait, there’s another $23 charge from the same place at the same time. That shouldn’t be possible. What happened?

When you handed over your card, you lost sight of it for an instant only. But it was enough time for the window guy to pass the card over a pocket skimmer or even a second NFC machine, a modern analogue of imprinting an extra credit card slip.

Contactless Cards (NFC, RFID)
Universal Contactless Cards (NFC, RFID)

ATM : Access Thy Money

You may seen recent warnings about ATMs with inoperable card slots, glued shut according to articles. Nearby, a helpful guy who’s standing a respectable, unobtrusive distance behind you offers a suggestion. “You can tap your card.”

But of course you can. You thank the guy, boink the card over the symbol, stuff $200 in your purse, and nervously flee the scene to safety. Or so you think. The helpful guy, he moves in and empties your account.

When an ATM’s mechanical reader returns your card, it automatically logs you out of the system. Likewise in store transactions, once the clerk rings you out and you see the Thank You message on the screen, you’re once again disconnected from your account.

Surveys show at ATMs, tap ’n’ go customers often don’t manually log out of their accounts. Without a mechanism holding their card and releasing it as they sign out, clients fail to realize the connection to their account remains active and vulnerable. Please, log out.

Next Week: Money Laundering

24 October 2021

The Digital Detective, Wall Street part 4


When corporations upgrade large computer systems, they typically run the old and the new in parallel a few weeks or months until the bugs are shaken out. Occasionally events take a turn as discussed last week.

Mutual Admiration Society

Back in New York, our mutual funds firm (not so fondly referred to as MuFu) faced a different problem. They had completely rewritten the primary application, changing over from Cobol to C, and it hadn’t gone well. Four months after parallel commenced, they were experiencing glitches and crashes.

The sizeOf problem I’d caught wasn’t a contributing cause. An unidentified problem was triggering errors, an oversight so simple it would boggle the mind.

Robert, their very defensive senior C expert, hadn’t told me about a front-end program written by yet another programmer. I had to figure that out for myself. The bug wasn’t in the program they’d assigned me; it was introduced by what came before.

Front end and Back end Processing
Front end and Back end Processing

As previously mentioned, Cobol reads like English and C… well, C is sometimes great and often horrible. C had become the most recent fad and application programmers were feeling the bite of its double edge sword.

The staff was comprised of university C students and the last Cobol member on her way out. Machine language (and assembler) weren’t in their purview and when they dismissed John, ‘the old guy’, they'd rid themselves of their only person who could poke around in memory (RAM) to determine what went wrong.

And memory was a problem. The program used customer numbers to index into a table and reference records in storage… in theory. In practice, I soon learned the customer was occasionally wrong, wildly wrong, trying to access a memory location off in the wilds of Kansas.

Cobol could detect out-of-bounds matrix subscripts; C could not. Thus it took me a little while to figure out the bogus account code was coming from a front end program. That preprocessor queued submitted entries, performed minor verification with a check digit, converted the input to binary, and passed the record on to the back-end program I first investigated.

In short, sometimes the data entry folks included dashes in the account number (e.g, 7654321-1) and sometimes they didn't. The Cobol app extracted only the digits; the C program didn’t. Both programs tentatively vouched for the account number (7654321) using the check digit (1), indicating it resided in the realm of possible valid numbers. Unfortunately, the newly written C routine included the hyphen when attempting to convert the number to binary. Both versions then ‘piped’ (passed along) the massaged data to the back-end program where hell and fury would erupt when a bad number with the mashed-up hyphen was passed along.

For all the grief it caused, correcting the C front end was trivial. Worryingly, the front-end program, instead of creating the transaction serial number, left that task for the back-end program. Bad, bad, error-prone design. And, as I would discover, prone to manipulation.

I returned the program to service and turned my attention back to the mysterious ‘sizeOf’ conundrum.

Faith, Hope, and Charity

Many organizations buy into mutual funds for long term storage of their money. City, county, and state governments store tax revenues, fines and fees there. Churches and charities divide money between money market and mutual funds.

In the mutual funds program, a template field labeled IRS501C was data-typed binary in the old Cobol Record data division and as boolean in the matching C Struct.

When I returned to the section with the anomalous ‘sizeOf’ routine, I could see this field being referenced, but I didn’t know why. A library search for original source code for sizeOf and the parent routines turned up nothing.

Growing more suspicious, I asked operations to dig through their archives and find the code. “Don't hold your breath,” they said.

Next day, the IT director gave me the conference room to spread out my work. I mapped binary instruction after instruction, recreating an assembler code version of the program. C could fool the eye, but machine code, even in the absence of context, revealed details of what was going on– if I could figure it out.

I constructed charts of data structures, trying to figure out what was taking place. At last when I spotted buried instructions trimming fractions of a cent from daily interests earned, I knew I’d stumbled upon skulduggery.

Figuring out the sleight-of-hand was mind-bending, but I got a break. Like so many magic tricks, the chicanery was breathtakingly simple. Only the surface artifice was complex.

I had accumulated a suite of experimental data to test extremes of the system. It contained only a dozen records but I noticed the audit log reported thirteen. What? A record with a proper transaction serial number had materialized like a magic trick.

As mentioned previously, the front-end processor should have been creating the transaction serial number, not the back end, but apparently no one here knew better. That oversight facilitated the deception, allowing crooked code to create records undetected.

Computer hours were reduced that day. Being the first of the quarter, month-end and quarter-end reports took priority. Idling, I suddenly wondered if month-end had anything to do with the mysterious symptoms I was witnessing. Once again I nagged operations about searching archives for source code.

An hour later found me wrestling with that data cleverly hidden beyond the end-of-data marker. An impatient operator slapped a cartridge on my work table. "Try this," he said.

Former employee John had made a rare oversight. He’d deleted the source files, but… Each evening, operations backed up everything, and that included John’s source code. It filled in gaps.

No comments, of course, but lo, I beheld the twisted mind of a criminal genius. The routines were rife with indirection and misdirection. The ‘sizeOf’ trick merely hinted at the scam iceberg. While the obfuscated C code suggested one thing, the meticulous machine instructions I’d decoded step by step helped me understand what was really happening.

The scheme launched from a database record under MuFu’s own name and address, 100 Maiden Lane. The registered agent was listed as K. King, address 103rd floor, 350 Fifth Avenue, Manhattan, New York 10118. Midtown… I looked it up… Empire State Building. The street address was legitimate, but 103rd floor?

interest truncation example

Greed Kills

The charlatan routine skimmed thousandths of a cent or so following rounding errors– interest and binary-to-decimal trailing digits after rounding high. On average, the algorithm could have siphoned a quarter of a cent per transaction without setting off alarms, but our sneaky programmer apparently wanted to stay well below nets cast by auditors. Those fractions of a penny accumulated in the bogus MuFu self-owned bucket until the end of the month. Dollars– thousands of them– and been created out of thin air.

I fully expected John’s wife or a friend had opened another account to receive the transfers, but as I traced the code, it invoked a random number generator to index into an entry in the hidden part of the file, just one binary field,  which turned out to be an account number. At month end, the subversive routine transferred out between $1200 to $5000 a month from the bogus MuFu in-house account to the account selected by the random number generator. But why only certain accounts? What was special about them? How was John profiting?

As always, I sat outside on the ferry shielded by a bulkhead. As I started at the lights of Brooklyn, the answer hit me, knocking sleep out of the equation. I rode the ferry back.

With suppressed excitement, I extracted the account numbers and checked the first indicated record. Bingo. And the next one. And the next. And then the 20th and the 100th. Bingo, bingo. Every case showed the IRS501C non-profit tag.

Damnation. I’d unmasked a freaking Robin Hood. John– or should one say Little John– was stochastically selecting non-profit accounts to donate to. That generated the thirteenth record.

Fascinatingly, the audit trail reinforced the fraud’s legitimacy rather than exposed it. Only a paper trail might suggest a missing document, but who was going to dig through reams of flattened dead trees?

If United Way or Scouting USA or Bethune Cookman read their statements at the end of the month, they might have scratched their heads but concluded they surely made a deposit and misplaced their record of it.

I made copious notes and documented everything. When presented to the firm’s CIO, she looked disbelieving, then doubtful, and finally bewildered.

“I know your reputation,” Loretta said, “but this can’t be possible. Besides, IT claims John had aged beyond usefulness. He couldn’t keep up. He barely finished this, his last project, before we let him go.”

“If so, he put effort into making a final masterpiece.”

“Leigh, darling, can you fix it?”

Call me darling and I can fix anything. I yanked the too-clever code out by its roots and their senior programmer, Robert, fixed the hole and, upon my recommendation, moved the transaction serializer to the front-end.

“What will you do about the spurious deposits?” I asked.

“They go back months. We wouldn’t look good demanding hospitals and heart foundations return money deliberately deposited into their accounts. John gave away money we couldn’t detect was missing. We’ll leave it that way.”

“What about John?”

Loretta sighed. “Same reasoning. Arresting him will bring nothing but bad publicity. Can you imagine the Times or the Journal with headlines about a Wall Street Robin Hood? That’s bad enough, but a sympathetic soul would raise issues about ageism. No, we can’t win there. Thank God we discovered it.”

“Can you get me John’s contact info?”

“What? No, maybe, yes, why not. I’ll discreetly ask HR for it.”

Robbin’ Robin

I phoned ‘John’ and invited him to lunch.

“I don’t think so,” he said. “Who is this again?”

“Leigh Lundin.”

“Oh shit, you? What do you want?”

“Just a chat. Really.”

“You’re working for MuFu?”

“Yes, today I am; tomorrow, no. I’m wrapping up.”

“So you know…?”

“Lunch,” I said. “Let’s not do this on the phone.”

“Fraunces Tavern?”

“Whew! If you pay.”

He laughed. “Okay. If you accept that, you aren’t out to nail me.”

“I’m not. John, can you afford it?”

“I landed on my feet. Arthur Lipper knows me and his son hired me.”

I respected Lipper Inc. He chose well.

The Wolf Pup of Wall Street

We met in the pub where George Washington bade farewell to his troops. John looked like a mad Santa with puppy dog eyes and an Albert Einstein hairdo. I’d bet a dozen grandkids employed him as a stage for hundreds of adventures.

He said, “You’re not recording this?”

“No.” I kept my smile easy and relaxed my body language.

“I’m not admitting anything including this statement.”

“Hmm. Let’s talk hypothetically, this entire conversation, okay?”

“Sounds fair. What have you figured out?”

“Most of it, I imagine. Cancer research received a couple of grand on the first before I could stop it. That will be the last payment.”

“Good,” he said. “I mean, embezzling’s awful.”

I snorted. “SizeOf.”

He laughed. “I thought that was clever hiding in plain sight, but apparently not clever enough.”

“I overlooked it at first. John, what was going on? Why did our suppositional programmer take such a risk?”

He dropped the hypotheticals.

“They dismissed anyone approaching retirement, figuring to save paying pensions, I suppose. You heard about Walston?”

“I was there, John.”

“The MuFu bastards had a definite preference for young faces. I knew for months they were going to fire me, I could smell it in the air.”

“I know that feeling, John.”

“The staff treated me like crap, acting like I was in my dotage. They figured my brain had rotted along with Cobol, but they needed me to effect the conversion. I learned C until I knew it better than they did and then studied it more. Their superstars couldn’t read a dump or comprehend machine instructions during debugging. I turned the joke on their little experts.”

“Sheesh. I’m sorry you went through that, John.”

He shrugged. “What will happen to me now?”

“Far as I know, nothing. I think they’re too embarrassed. One or two, the CIO and the VP maybe, have shown a touch of grudging respect. They’re coming to grips with the senile grey-beard who fooled them.”

“Good, because I’m a coward. I’m not looking for fame and misfortune.”

“Don’t worry, John. Everyone but the sheriff loves a Robin Hood.”

Final Thoughts

And that is my favorite Wall Street crime case. I’m called when matters go mysteriously wrong, so Miss Marple-like, I occasionally stumble upon another puzzle and test of wits.

In this case, charities profited and the bad guy turned out a good guy. Some may object that a criminal avoided prosecution, but personally, I couldn’t imagine a better outcome.


Following are a few more tech notes.

17 October 2021

The Digital Detective, Wall Street part 3


I’m still astounded Fortune 500 companies and government facilities not merely allowed, but invited me, a 19-to-20-something freelance me to play with their very expensive computers. I mean work, not play, yeah, work is definitely the word. Reputation is everything. And okay, I have authority issues. So I’m told.

Striking off on my own meant no security blanket, no 401K, no pension, no profit-sharing. It meant scary months when I wondered if the phone would ring with a client and months when I wondered if the previous client was going to pay or not. That’s a concern– some companies withheld payment until they once again needed help. Sometimes managers wouldn’t like what I reported. My type of work– designing systems software– was specialized, so occasionally famine struck.

During one drought, camels were toppling over, birds fell from the sky, and my bank account appeared a distant mirage. Finally a call came in before the telephone company could cut me off. It was Wall Street again, a mutual funds house we’ll call MuFu. Loretta was their CIO, Chief Information Officer.

100 Maiden Lane, NYC © Emporis
100 Maiden Lane
NYC © Emporis

“Darling, are you available?”

“Personal or pleasure?”

“Are you saying personal isn’t pleasure?”

“You’re married.”

“Was, Darling, was.”

“Loretta, I’m sorry.”

“Don’t be, I’m not.”

She lied. I could almost hear the sounds of tears leaking from her eyes. She was a nice lady who’d come up through the ranks.

“Loretta, what’s happening?”

“If you’re available, I need help.”

“Please don’t let it be application programming.” Even if it was, I desperately needed the work.

“Well… Did you hear we’re undergoing a conversion from Cobol to C?”

“You and every other firm with fresh university graduates.”

My professors, Paul Abrahams and Malcolm Harrison, were language experts. Abrahams was chairman of ACM’s SIGPlan and would eventually be elected president of the US’s professional organization, the Association for Computing Machinery. They received early releases of Unix and with it the C language. For my part, C was co-respondent in a love-hate relationship. It constituted a step up from assembler language, but I wanted more.

She said, “I know you’ll be simply shocked, but we’re experiencing crashes. We can’t cut over until we nail the problem. Nobody around here can read machine code. I know it’s not your thing, but nobody knows Cobol either.”

In the following, I’ve tried to trim back technical detail to make it more accessible and I apologize where I failed to restrain it. The gist should suffice.


Next day I took the Staten Island Ferry to lower Manhattan, where I strolled up Pearl Street and turned onto Maiden Lane. The mutual funds house took up a few floors of an older building, although the interior was done in chrome movie set futurism.

The glass room remained there running their big iron computer. Off to one side was a new server chamber covered in curved, blue plexiglass. Very spaceshipish.

Loretta blended 10% boss and 90% Cub Scout Den Mother, which made her a popular manager among the guys. She called in her lead analyst and chief programmer, Richard and Robert. The latter radiated lethal hostility.

“Leigh’s here to shoot that bug that’s killing us.”

“We don’t need help,” Robert said. “He’ll just waste our time.”

Loretta said evenly, “You’ve had months and it’s still not identified. Please give Leigh all the help he needs. He’ll likely work after hours to have the computer to himself.”

After Loretta departed, Robert said, “I know who you are. You used to be hot shit.”

“I’ve never heard it put so charmingly. Listen, I’m not here to take your job. I’m not here to threaten you. I’d like to get the job done and move on. Show me what’s going on.”

As predicted, the program started and died with an out-of-address exception– the program was trying to access memory that wasn’t there.

I asked for listings and a ‘dump’, formerly called a core dump, a snapshot of memory when the system died. The address of the failing instruction allowed me to identify the location of the link map, an org chart of routines that made up the program. Sure enough, the instruction was trying to reference a location out of bounds of its memory.

I took the program source listing home with me and spent a couple of days studying it. It was ghastly, a compilation of everything wrong with bad programming and especially in C. It contained few meaningful variable names and relied on tricks found in the back of magazines. Once in a while I’d see variables like Principle or Interest, but for the most part, the program was labeled with terse IDs such as LB, X1 and X2. This was going to take a while.

The company had no documentation other than a few layouts from the analyst. When I called in to ask a question, Robert stiff-armed me. I arranged my first slot for Friday evening with time over the weekend.

I began with small cleanup and immediately hit snags. I’d noticed a widely separated pair of instructions that read something like:

hash_cnt = sizeOf(Clientable);
      :
cust_cnt = abs(hash_cnt);

Wait. What was the point of the absolute value? C’s sizeof() returned the number of items in an array. It should never be negative. You could have five apples on a shelf or none, but you couldn’t have minus five.

As part of the cleanup, I commented out (disabled) the superfluous absolute value function. Robert dropped down as I compiled and prepared to test. I typed RUN and the program blew up. What the hell? Robert appeared to sneer, looking all too pleased.

He said, “That section was written by that old guy, John. We fired him because didn’t know crap, so no surprise it’s hosed up.”

I knew who he was talking about, a short, pudgy bear in his late 40s with Einstein hair. I’d never been introduced, but I’d heard him on a conference panel. John was no dummy, no matter what Robert said.

Robert smugly departed. I stepped through the instructions, one by one, studying the gestalt, the large and small. My head-smack arrived on Sunday. Curious why sizeof() would return a negative value, I traced how hash_cnt was used. As I stepped through the instructions, I saw it descend into a function called MFburnish().

I couldn’t find source code for MFburnish(). No one could. Without source, it would be very difficult to determine what happened inside it.

I went back to the variable Clientable passed to sizeof(). The array was loaded from a file, Clientable. Both consisted of binary customer numbers. I spotted something odd.

C is peculiar in that it uses null (binary zero) to mark the end of arrays and ordinary file streams. This file had two nulls, one about the seven-eights mark and another at the absolute end.

At first, I thought the file had shrunk and the marker moved down while remaining in the same space. But when I looked at the file, it had the same defect… or feature.

As some point, I looked at the link map to check upon another routine and for the first time noticed what I should have spotted earlier. There amid C Library functions of isalpha(), isdigit(), islower(), isupper(); was sizeOf().

Double head-smack. First, C’s authors claim sizeof() is a unary operator like +n and -n. To me, sizeof() looks and acts like a function and nothing like a unary operator. But by their definition, it shouldn’t show up in a link map with real functions. On closer inspection, the program read not sizeof() but sizeOf(). Another annoyance of C is that it’s case sensitive, meaning sizeof and sizeOf and SizeOf and even SIZEOF are not the same thing. This kind of nonsense wouldn’t have been possible with their old Cobol system.

The deception seemed awfully abstruse, even by C standards.

interest truncation example

The Clientable contained account numbers of a sizeable fraction of clients. Why some customers and not others would take me a while to discover. Unlike sizeof(), the ginned-up sizeOf() showed the actual record position within the full file expressed as a negative number, hence the abs() function.

Someone had written deliberately misleading code. But why?

Money, of course. Moving backwards, I began to look at the code with a different eye. And there it was… not merely the expected interest calculation, but the conversion from binary to decimal, another Cobol to C difference. I suspected one of the company’s programmers had pulled off the oldest thefts in computerdom– siphoning off money by shaving points when rounding numbers.

This wasn't the problem Loretta had asked me to solve. Robert had directed me to the wrong program, which turned out to be a stroke of luck. Loretta had invited me to track down a program bug, but I suspected I had unearthed traces of virtual villainy.

Next week: The Confrontation

Following are Cobol versus C notes for the technical minded. Feel free to skip to next week.

03 October 2021

Certifiable – Arizona Elections Corrections 301


Previous   PREV Arizona ‘fraudit’ Conspiracy Theories         

For perhaps the final time, this is OAN’s Blanca Mujer reporting from Memorial Coliseum in Phoenix.

We arrive at this much anticipated juncture wrapped in unfathomable disappointment. We’d hoped to prove massive fraud took place on election day, but instead, to paraphrase Oath-keeper Senator Wendy Rogers, the Deep State has so cleverly hidden their huge deception, it’s become impossible to find. Thus Wendy Rogers and others urge the election be decertified and rerun until they get the results they want.

I apologize for the background noise. What you hear is a great gnashing of teeth on the floor of the Arizona legislature. Senate President Fann is acting all innocent and Karen like she never heard of this and opposed it all along. My, my, my.

How were we to know she’d hired the one election truther who, uh, believed in truth. Cyber Ninja didn’t get the difference between determination and predetermination. Listen, buddy, when we shell out $6-million, we’re not paying to get the same answer as the previous three recounts-slash-audits paid for by Arizona taxpayers.

At least we got free colorful T-shirts.

This has been Blanca Mujer… and seriously, why does everyone in Arizona call me ‘Moo-hair’? Speak English, for heaven’s sake, my name rhymes with huger. This is Blanca Mujer getting the hell out of town, OAN Pseudo-News, Phoenix.

Validation, Verification, Verdict

No one, liberal or conservative, left, right, or center, expected the answer that arrived last week, a finding of no fraud and a judgment that votes tallied, slightly widening the win-lose gap.

During the interminable wait for results, one clue surfaced, almost immediately dismissed, considering the pressure of power and money. That hint: An acquaintance of Doug Logan claimed anyone who knew him would say he’s an honest man.

And so he was… so he is. Doug Logan and apparently his friend Ben Cotton may have fringe notions, but amid death threats, they put the gritty in integrity.

Meanwhile in Idaho, My Pillow’s Mike Lindell instigated an audit by claiming between 4.2 and 30 percent of votes in every county were shifted by computer from one party to the other. Some of Idaho’s precincts are so small, they couldn’t justify electronic tabulators, so votes were counted by hand. Idaho’s partial recount showed the numbers matched almost exactly except for a nine-ballot overcount for Mr Trump.

Loose Ends

The thrust of this series has focused on the numerous election fraud conspiracies. Before abandoning this topic to the trashcan of hysterical, histrionics history, a few more crazy notions cropped up in recent weeks. Two of the wilder ones are worth mentioning.

4.2%

4.2%

Let’s introduce a pretty smart guy named Shiva Ayyadurai. For some reason, petulantly claiming he invented email in 1979 at the age of 14 has become increasingly important to him. Generation X doesn’t believe anything was invented before their own births, so he can’t believe he didn’t invent anything other than the name… maybe. As someone who was using email years earlier and invented encrypted email in the mid-1980s, I take his claim with a huge block of salt.

But he makes other fringe claims such as vitamins offset COVID and election fraud. He’s appeared on fraud felon Steve Bannon’s show to expound upon conspiracy theories. What sets Dr Ayyadurai apart from run-of-the-mill election truthers is a claim that would make Scientologists cringe.

According to Ayyadurai, every voting machine in every state in the US is designed to shift 4.2% of votes from the (R) column to the (D). 4.2%, every machine, every state.

If you’re thinking 4.2% comes from rigorous quantitative regression analysis of election-engineered differential equations… you’d be wrong.

The Hitchhiker’s Guide to the Galaxy (published the same year Ayyadurai ‘invented’ email), Douglas Adams’ humorous quasi-sci-fi novel, tells us the answer to life, the universe, and everything is 42. And therefore, according to Dr Ayyadurai, precisely .042 of votes were tampered with. Seriously.

𝄞♪♫ And 42’s exactly two dozen and the reverse of 24 and we call it a day and the age of Howard Hill, which rhymes with Bill married to Hillary which rhymes with biliary that takes a lot of damn gall and starts with B, the actress of Maude with rhymes with fraud, and there you have it, proof of election tampering. ♬♩𝄇
— apologies to The Music Man
hypodermic with Russian salad dressing

Salad Days

Help yourself to a palate cleanser and strap yourself in for a fresh election conspiracy from none other than admitted felon and foreign agent for Turkey, Ukraine, and other non-American venues, Michael Flynn.

According to Flynn, former Security Advisor, God help us, pro-vaxers are slipping coronavirus vaccines into salad dressing and plan to genetically alter lettuce to contain mRNA inoculation material.

Honest. I hope it’s iceberg lettuce. It might add flavor.

The Future, or Something Like It

Pennsylvania and Wisconsin are struggling toward full-blown recounts despite assurances from election authorities that all went smoothly and no fraud was detected. Precincts are giving pushback to the state especially against revealing voters’ personal information. As in the Arizona fraudit, a judge may have to rule whether to permit the recount.

Texas Governor Abbott snapped to attention, genuflected, and kissed the ring when the ex-president asked for a recount of four counties. The reason seems to be because they can. Strangely, the office of Supervisor of Elections is presently vacant, so no one is certain who’s calling the shots.

And finally back in Arizona, disbelieving fraudit supporters and ‘democracy skeptics’ now demand a new statewide election recount.

Democracy skeptics… They’re driving America.

22 August 2021

Certifiable – Arizona Elections Corrections 202


Previous   PREV Arizona ‘fraudit’ Conspiracy Theories         

Arizona election fraudit recount, Doug Ducey, Mark Brnovich, Karen Fann, Wendy Rogers, Kelli Ward, Katie Hobbs, Amy B. Chan, Stephen Richer, Jack Sellers, Clint Hickman, Allister Adel, Benny White, Ken Bennett, Randy Pullen, Doug Logan, Ben Cotton, Bryan Blehm, Larry Moore, Tim Halvorsen, Christina Bobb
convenient list of political players

Hello once again from Memorial Coliseum in Phoenix. This is Blanca Mujer, OAN reporter. It’s exciting end times amid threats to arrest RINOs of the Maricopa Election Board as we wait breathlessly for Cyber Nunchucks to release their report that the fraud conspiracy was so huge, people couldn’t see it because of its sheer size.

Liberal Republican judges have forced the audit to reveal its secret funding. So yes, I blushingly admit your One-America Network has pumped more than $600 000 into this beautiful experiment to overturn the election. You too can continue to donate as we near $6-million given to that darling one- or two-man company, Cyber Ninjas to ensure the answer we want.

A shout-out today to my mother. Mom, you said I’d never amount to anything as a journalist, so look where I am now! OAN! Bet you’re sorry now!

This has been Blanca Mujer, OAN News.

When Dem Cotton Balls Get Rotten

In May, the so-called auditors raised a very public stink that files had been deleted (an accusation repeatedly mentioned in fund-raising rallies). This was put forth by Ben Cotton, another fraud theorist, a subcontractor with precious little election experience, when the grown-ups went out to lunch.

The County Recorder famously said about the files, “I’m looking at them now.” Maricopa election officials gently suggested they look in the folder labelled something like Election 2020, where the ‘missing’ SQL files magically appeared. The recorder may also have suggested they hire an average 13-year-old to help with their computers.

As Gilda Radner’s Emily Litella might say, “Never mind.” Stung by the Maricopa Recorder’s suggestion of ineptitude, Ben Cotton insisted he had to ‘recover’ the data, letting implications of erased files remain in the public’s mind.

But wait, there’s more. From the US Department of Justice, Principal Deputy Assistant Attorney General Pamela Karlan sent a letter to the Arizona Senate expressing concerns about (a) the door-to-door interrogations and voter intimidation and (b) serious breaks in the chain of custody and security of ballots, which should always remain in the control of election managers. At the time, a defiant Senate President Karen Fann told Federal Election officials to ƒ off, Arizona would do things her way.

Cabin Fervor

Ignoring local and federal concerns, subcontractor Ben Cotton disappeared out of state while ‘trucking’ election material to a ‘secret lab’ 18 hours and 1300 miles (2100km) distant from Phoenix. The involvement of a truck suggests something seriously large and heavy was removed far from the jurisdiction of auditors, the Arizona legislature, and law enforcement.

Bizarrely, outside of Salon and an Anderson Cooper 360 clip, this has received little press. No one supposedly in charge in Arizona seems certain of what, where, when, and why. Audit Director Ken Bennett and Cyber Ninja Doug Logan vaguely ‘thought’ unspecified election items were taken to a CyTech ‘secure laboratory’ in Montana. If any of this is true, it strongly suggests Arizona has lost the last remnant of control of the situation.

Being the curious sort in a criminally curious blog, I dug into the secret lab location, coming up with a cabin– a very fancy cabin to be sure– in the middle of the woods in Montana. If by chance I’m right, this is what it looks like:

Definitely legit. Notice the high tech secret lab equipment, the scientific secret laboratory ion proteolyser barbecue grills, the secret laboratory grade vertabrazier lounge recliners on the secret lab veranda, and the NASA-approved secret laboratory Adirondack chairs. Yep, looks like a hi-tech lab should look.

Minutes Instead of Months

Meanwhile, back in Pima County, a gentleman named Benny White ran for Pima County Recorder on the Republican ticket and unfortunately lost. His loss became our gain.

Curious about the statistics of his race, he accessed the public records database (like the one the ‘auditors’ claimed was deleted) for analysis. Once he had the statistics in hand, he realized he could extrapolate the larger federal election.

Clear Ballot logo

He reached out to a pair of retired federally certified election auditors, Tim Halvorsen and Larry Moore. Their federally credentialed firm, Clear Ballot, had bid to handle the Arizona re-audit. Unlike Cyber Ninja’s juvenile web site, Clear Ballot laid out their experience, summarizing with the lede, ‘Clear Ballot Completes Successful, Transparent Elections Nationwide’. Um, transparent… successful… complete… Not what Arizona was looking for.

Halvorsen and Moore said their firm could do in minutes what Cyber Ninjas and CyFIR were taking months to complete. They offered a challenge: Give them any still sealed box of ballots, and within five minutes they could tell exactly what was in it.

White, Moore, and Halvorsen determined 60,000 Republicans in Maricopa County and 15,000 in Pima County did not vote for the presidential incumbent. These are the ballots Cyber Ninjas and CyTech have desperately perused with ultraviolet lamps, alternate angle lighting, DNA analysis, ink/toner inspection, and psychic readings, hoping to prove the votes fraudulent or at least too suspicious to use.

Mr White shared Moore and Halvorsen’s conclusions with Senate audit director and liaison, former Arizona Secretary of State, Ken Bennett. Bennett confirmed the Maricopa audit results were nearly identical to Clear Ballot’s, both significantly different from Cyber Ninjas.

Sharing professional opinions enraged Ninja’s Doug Logan who called it ‘sharing data’ (albeit public data), and demanded the Senate remove Bennett. Logan later said Fann made the decision to terminate him on her own. Thus we saw Bennett fired and then unfired, quit and then unquit, and after considerable gnashing of teeth, reinstated to oversee what little can be seen.

Maricopa isolated election schema
Maricopa isolated election schema

Stripping in Public

Among the plethora of ‘R’s in the list of involved political personnel, you’ll notice a single ‘D’, Katie Hobbs, Arizona’s Secretary of State. The Arizona legislature has moved to strip her of powers and limit her access to legal advice and finances, so that the audit may speak with one voice. You know, one party, one voice, like fascist and communist countries. Those powers of the Secretary of State will be turned over to Attorney General Mark Brnovich who has lobbied hard against Hobbs and has himself been accused of improprieties.

Brnovich, who’s a few vowels shy of a pronounceable name, should have questioned the legitimacy of a secretive, partisan, opaque Roman spectacle to set aside the careful and considered approval of the Maricopa election by members of his own party who’d already held three (or four) recounts and audits, coming up with nothing but a pristine election. Instead, he became part of the legal genius successfully persuading a judge to allow the magic show to proceed.

It’s worth wondering if Brnovich, the subject of ethics complaints as recently as a year ago, seized upon the ‘fraudit’, as locals on both sides say, as a legal distraction. Instead of backing the Secretary of State, he has opposed Katie Hobbs at every turn, maneuvering for control over the election process. As one observer noted, Brnovich is giddy with the prospect of subsuming the Secretary of State’s powers and budget.

It’s BOGO– Buy one office, get a second one free. From there, it’s a small step to the governor’s seat.

The Price is Ripe

Arizona Senate President Fann and Doug Logan have fought hard against revealing how Cyber Ninjas was funded for the immensely secretive process. The Senate’s donations agreement with Cyber Ninjas calls for no limits, no restrictions, no accountability. A judge rebuked Karen Fann for attempting to evade Arizona transparency regulations, and ordered funding information to be released. Among the larger contributions were:

group founded by J Patrick Byrne   $3 250 000
group founded by foreign agent Mike Flynn   $1 000 000
group founded by OAN’s Christina Bobb   $600 000
group founded by lawyer Sydney Powell   $550 000
group founded by lawyer Matthew DePerno   $280 000
group founded by lawyer L Lin Wood   $50 000
donations by My Pillow’s Mike Lindell   unknown
Arizona taxpayers, courtesy of Legislature   $150 000
other (approximately)   $250 000

Karat and Schtick

Big money is riding on one outcome. Here is a key question: If you were paid $6-million by backers expecting one answer, how would you respond?

This spurious, secretive, and frankly bizarre recount befuddles professionals. Experts point out a true and valid recount and audit could have been conducted in hours, not months. Further, ballots should not be dismissed if they’re folded the wrong way or smudged with Cheetos dust.

Senate Presient Karen Fann deliberately dodged federally certified audit firms and backed a conspiracy theorist. No fraud hypothesis was too wild not to be taken seriously.

Sellers letter to Senate

Meanwhile, Maricopa Board of Elections supervisors have received orange jumpsuits along with messages that they, individually, and their family members will be executed. One voice indeed.

Maricopa Board of Supervisors Chairman Jack Sellers sent a sharply worded letter to the Arizona Senate telling them to get this farce done and be prepared to defend it in court.

The Six-Million Dollar Man

True investigations, whether criminal or scientific, begin with an open mind. Never should an investigation lead with an unchallenged premise fraud had occurred, but here, Cyber Ninja’s job was to prove the premise.

From the beginning, this so-called ‘fraudit’ has never been about proving if the election was in doubt, but how doubt could be cast upon it. As Katie Hobbs pointed out, real audits are conducted under three unbreakable rules. The Senate and Cyber Ninjas have broken all of them.

Maricopa Republicans deserve admiration and credit for withstanding often brutal attacks upon their hard work, integrity, and physical safety, resisting the slide toward a one-party state. It’s a pity the rest of the state can’t learn from them.

Cyber Ninjas has promised to release their report tomorrow (Monday). Considering Doug Logan revealed the results before the ‘audit’ commenced and he’s been paid $6 000 000 to take his conspiracy theories mainstream, the outcome probably won’t be surprising.