1 Declaration of XXXXXXXXX. Pursuant to 28 U.S.C Section 1746, I, XXXXXXXX, make the following declaration. 1. I am over the age of 21 years and I am under no legal disability, which would prevent mefrom giving this declaration.2.I was an electronic intelligence analyst under 305th Military Intelligence with experiencegathering SAM missile system electronic intelligence. I have extensive experience as a whitehat hacker used by some of the top election specialists in the world. The methodologies Ihave employed represent industry standard cyber operation toolkits for digital forensics andOSINT, which are commonly used to certify connections between servers, network nodesand other digital properties and probe to network system vulnerabilities.3.I am a US citizen and I reside at {redacted} location in the United States of America.4. Whereas the Dominion and Edison Research systems exist in the internet of things, andwhereas this makes the network connections between the Dominion, Edison Research andrelated network nodes available for scanning,5. And whereas Edison Research’s primary job is to report the tabulation of the count of theballot information as received from the tabulation software, to provide to Decision HQ forelection results,6. And whereas Spiderfoot and Robtex are industry standard digital forensic tools for evaluationnetwork security and infrastructure, these tools were used to conduct public security scans ofthe aforementioned Dominion and Edison Research systems,7.A public network scan of Dominionvoting.com on 2020-11-08 revealed the following inter-relationships and revealed 13 unencrypted passwords for dominion employees, and 75hashed passwords available in TOR nodes:Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.631 Filed 11/25/20 Page 1 of 17

4 10. An additional search of Edison Research on 2020-11-08 showed that Edison Research has anIranian server seen here:Inputting the Iranian IP into Robtex confirms the direct connection into the “edisonresearch” host from the perspective of the Iranian domain also. This means that it is not possible that the connection was a unidirectional reference.A deeper search of the ownership of Edison Research “edisonresearch.com” shows a connection to BMA Capital Management, where shareofear.com and bmacapital.com are both connected to edisonresearch.com via a VPS or Virtual Private Server, as denoted by the “vps” at the start of the internet name:Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.634 Filed 11/25/20 Page 4 of 17

5 Dominionvoting is also dominionvotingsystems.com, of which there are also many more examples, including access of the network from China. The records of China accessing the server are reliable.Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.635 Filed 11/25/20 Page 5 of 17

6 Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.636 Filed 11/25/20 Page 6 of 17

7 11.BMA Capital Management is known as a c ompany that provides Iran access to capital markets with direct links publicly discoverable on LinkedIn (found via google on 11/19/2020):Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.637 Filed 11/25/20 Page 7 of 17

8 The same Robtex search confirms the Iranian address is tied to the server in the Netherlands, which correlates to known OSINT of Iranian use of the Netherlands as a remote server (See Advanced Persistent Threats: APT33 and APT34):12.A search of the indivisible.org network showed a subdomain which evidences the existence of scorecard software in use as part of the Indivisible (formerly ACORN) political group for Obama:13.Each of the tabulation software companies have their own central reporting “affiliate”. Edison Research is the affiliate for Dominion. 14.Beanfield.com out of Canada shows the connections via co-hosting related sites, including dvscorp.com:Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.638 Filed 11/25/20 Page 8 of 17

9 This Dominion partner domain “dvscorp” also includes an auto discovery feature, where new in-network devices automatically connect to the system. The following diagram shows some of the related dvscopr.com mappings, which mimic the infrastructure for Dominion and are an obvious typo derivation of the name. Typo derivations are commonly purchased to catch redirect traffic and sometimes are used as honeypots. The diagram shows that infrastructure spans multiple different servers as a methodology. Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.639 Filed 11/25/20 Page 9 of 17

10The above diagram shows how these domains also show the connection to Iran and other places, including the following Chinese domain, highlighted below:15.The auto discovery feature allows programmers to access any system while it is connected to the internet once it’s a part of the constellation of devices (see original Spiderfoot graph).16.Dominion Voting Systems Corporation in 2019 sold a number of their patents to China (via HSBC Bank in Canada):Case 2:20-cv-13134-LVP-RSW ECF No. 1-15, PageID.640 Filed 11/25/20 Page 10 of 17