Has the Wisconsin Elections Commission investigated the allegations of computer hacking and election fraud made in the video titled “Absolute Proof”?

Yes, information security professionals at the Wisconsin Elections Commission (WEC) and state cybersecurity experts from multiple agencies have reviewed claims in the video and have found them to be false. 

• There is no evidence in this video, or anywhere else, that anyone hacked into any Wisconsin state or local election system or changed any votes from one candidate to another candidate.
• Every ballot in Wisconsin is either cast on paper (90%) or has a voter-verifiable paper record (10%), which is not tied to any computer network.  
• The systems used to count those ballots were publicly audited for accuracy before the results were certified, and no problems were detected in the counting of ballots in the presidential election. 
• Wisconsin requires each county to canvass election results at public meetings before certification, which involves checking all vote totals against paper records, verifying chain of custody records, and other procedures designed to catch and correct errors.  
• For these and other reasons, the claims presented in the video regarding computer network activity changing votes in Wisconsin have no credibility whatsoever. 

Beyond the false hacking claims, the video also presents debunked claims about how elections were administered:

• “United States Postal Service backdated ballots” – This claim has been found to be false following a criminal investigation conducted by the USPS Inspector General.  Furthermore, ballots in Wisconsin are accepted or rejected based on their actual arrival time to the clerk – not any printed date or postmark.  No ballot can be counted if it arrives after the polls close, regardless of the date and time in the postmark. 
• “Surge of indefinitely confined voters in 2020” – While there were more indefinitely confined voters in 2020, there is no evidence that any of them were ineligible to vote.
• “Mail-in ballots entering the tabulation process under the guise of absentee ballots in clear violation of state law.”  – This claim was reviewed by state and federal judges and was found to be meritless.

The centerpiece of the “Absolute Proof” video is claims about alleged computer hacking presented by a person identified as Mary Fanning, a “National Intelligence Researcher and Author.” The video includes screenshots of spreadsheets claiming to show records of foreign attacks or intrusions on counties throughout the United States.  The spreadsheet includes Internet Protocol (IP) addresses of county computers that Ms. Fanning claims were hacked, as well as “the number of votes they stole from Donald Trump.”  In some cases, the number of votes which the video claims were stolen from President Trump is greater than the number of registered voters in the entire county.

WEC and WI-DOJ cybersecurity professionals identified the following issues with the video’s claims about Wisconsin.

Objectively False Claims

• The votes changed column presents impossible numbers. 
• For example, the video claims that in Adams County, 17,044 votes were taken away from Trump.  This is impossible, as Adams County has only 13,595 registered voters.  There were 11,818 votes cast for president in the entire county, with 7,362 (62%) going to Trump and 4,329 going to Biden. 
• In Clark County, the video claims 23,909 were taken away from Trump, another impossibility because Clark County has only 17,201 registered voters.  Of those, 14,898 voted for president, with 10,002 (67%) going to Trump and 4,524 going to Biden.
• The spreadsheet on the video shows several counties using the same IP address – an error repeated several times.  Lafayette and Lincoln counties are alleged to use the same server, as are Fond Du Lac and Outagamie, Vernon and Vilas, Langlade and Marinette. Ashland, Barron, Rusk, Polk, Jackson, and Pepin all share one IP address.  This is false.
• The IP addresses shown in the video appear to be largely random sites from across the internet.  By pausing the video, we were able to identify 73 IP addresses attributed to the alleged attackers and victims.  These IP addresses are located in the United States, Germany, the U.K. and the British Virgin Islands.  Few correspond to any of the locations claimed in the video. Some of the alleged Wisconsin IPs are actually in other states.  There were also a variety of sites owned by Google, Amazon, and Microsoft.  None revealed significant threat scores indicating any history of malicious behavior. 
• Even if the claimed attacks were real – and there is no evidence provided that they are – it is impossible to manipulate results in Wisconsin as claimed in the video.  There’s simply no information in any jurisdiction’s network to change.  With a voter-verifiable paper record for each ballot there’s also no way to use the internet to manipulate the paper.  Finally, the election night reporting has nothing to do with the official certified results.

No Attribution

• There is no way to independently verify the claims because video provides no source for the massive volume of nationwide network traffic history that it claims to possess.  There is, however, considerable evidence that the claims are untrue.  
• The video scrolls through a spreadsheet on screen, and purports to have incredibly specific information that would have to be collected from hundreds of locations, but there is nothing explaining its origin. 
• There is virtually no information about who Mary Fanning is or what her credentials are. 

No Methodology

• The video provides no explanation at all for how the information was obtained.  Whoever collected it apparently possesses unprecedented capabilities that likely rival or exceed those of the most sophisticated intelligence agencies on Earth. 
• While it is possible for someone in a major internet trunk data center to observe a large volume of traffic with source and destination IPs, the traffic described in the video would be encrypted. 
• That means that Fanning and her team would either need to be capable of breaking modern encryption in real-time, which would be a world-changing capability, or they would have had to conduct man-in-the-middle attacks on all of these communications which itself would constitute hundreds of major crimes, or they would need to be present on either all of the attacker systems or all of the target systems or both. 
• Put simply, the film’s claimed knowledge represents an omniscience that severely strains belief. 

Incomplete Data 

• In the video, Ms. Fanning states that the spreadsheet shows intrusions in 2,995 counties. There are fewer than 3,150 counties (or county equivalents) in the United States, meaning more than 95% of counties in the nation would have been allegedly breached.  But the only states shown on the list are states that were challenged by President Trump.  Likewise, there is a map allegedly depicting successful “attacks” across the nation, including numerous attacks in some of the 30 states that President Trump won.
• The spreadsheet shown on screen as “absolute proof” does not appear to be available to the public. It is not on their website.  Thus, to analyze any portion of it we had to pause the video and copy screenshots. 
• The “success” column entries on the spreadsheet are inconsistent.  Some have no target IP, but indicate successful attacks, while some indicate successful attacks but no changes made.  Others indicate a method of successful compromise, but state the attack was unsuccessful. Again, without any source of information or explanation of methodology, these claims are meaningless.

Illogical Claims

• It is highly unlikely an attacker would use a different source IP address for each target IP address. It is even more unlikely a sophisticated attacker would use their own IP address. That's just not hacker tradecraft observed anywhere, and the claims are illogical as presented.  Attackers typically use either a small number of source IPs or they use IP addresses not associated with them to hide their origin. Moreover, virtually any information security professional would know this, so it’s unclear why Ms. Fanning would not at least attempt to explain it or present any evidence supporting the claim. 
• The video references “breaking through a firewall,” a concept that would not of itself enable an attacker to do anything.  There would still be significant effort required to manipulate a network, and the video provides not the slightest explanation of how that would have occurred.