Summary
Late last summer, an attorney tapped by the president to probe alleged foreign interference in U.S. elections confronted federal cybersecurity findings that contradicted a central vote-rigging theory. After machines seized in May in Puerto Rico were forensically examined, the contractor assigned to the work reported no sign that the voting equipment had been manipulated. Undeterred, the investigator escalated accusations against the contractor and sought to broaden the inquiry into other states that used the same vendor's machines.
Background and immediate fallout
Months of activity began after voting machines used in Puerto Rico's 2024 gubernatorial election were seized in May and subjected to a thorough technical analysis by a Virginia-based cybersecurity firm. That company, retained by the director of national intelligence, concluded it found no evidence the machines had been hacked. The investigator who had been assigned to pursue claims of foreign-code insertion - a former Navy SEAL and prominent proponent of disputed election fraud theories - reacted angrily to the findings and leveled public accusations against the contractor.
In a September message to the president, the investigator accused the cybersecurity firm of obstructing his work, belonging to a so-called "deep state," and of secretly receiving funds from billionaire donor George Soros, according to multiple people familiar with the matter. The firm, which later provided an explanatory statement to intelligence officials on September 8, called the allegation that it was funded by Soros "patently absurd and ridiculous."
How the probe used federal resources
Sources with direct knowledge of the investigation say the inquiry has drawn on staff and resources from multiple federal agencies. Personnel and support have come from the office of the director of national intelligence, the Justice Department and the FBI. The CIA also provided access to intelligence related to the 2020 election at the president's request, though the CIA would not elaborate on the substance of that material.
At the same time, the White House has moved to acquire state voter lists and to press for federal rules on voter registration and voting systems - authorities that the Constitution generally assigns to states. Some observers have voiced concern that these federal actions, combined with the ongoing inquiry, could be used to contest the legitimacy of future elections.
Expansion to other states
After the Puerto Rico forensic review failed to produce evidence supporting the investigator's central theory, the administration expanded its focus to other jurisdictions. The inquiry reached into Georgia, where agents in January executed a search resulting in the seizure of 2020 election ballots in Fulton County. That raid, attended by intelligence officials, traced back in court papers to a referral from the investigator's office, according to people familiar with the matter.
Investigative activity also extended to Arizona, where the FBI obtained election records by subpoena in March tied to a 2021 audit ordered by state Republicans that had reaffirmed the outcome of the 2020 presidential race in Maricopa County. The broadened effort reflects how the failure to confirm the investigator's theory in Puerto Rico led to parallel lines of inquiry in other battleground states that used the same voting machine vendor.
Conflict with the contractor
The firm contracted to examine the Puerto Rico machines detected software weaknesses in certain Dominion touchscreen systems but found no indication that those flaws had been exploited. The contractor recommended a set of mitigations, including further examinations of additional machines, formation of a task force to advise states on software updates, federal funding to support remediation efforts and potential penalties for states that declined to implement fixes.
That contractor also contends the investigator repeatedly criticized its work and, after accusations of partisan funding, the company made public its financials to show it had not received money from the donor named. The investigator pushed for the contractor's engagement to be terminated; the company ceased work in October, and officials said the contract concluded because the analysis had been completed. Intelligence officials indicated that the director of national intelligence would continue to pursue election-security work.
Technical findings and context
Cybersecurity staff reported finding issues in a Dominion touchscreen model known as ImageCast X - vulnerabilities previously described by academic researchers and by the U.S. Cybersecurity and Infrastructure Security Agency in 2021 and 2022. Those prior assessments likewise did not find evidence the systems had been hacked. Dominion developed software patches after CISA identified problems in 2022, and it is the responsibility of individual states to implement those patches. There has been no comprehensive public accounting of which states have applied the updates.
One computer-science professor who has publicly examined Dominion systems called the core allegation that code from one company was embedded into another's machines "technically incoherent," noting that the two firms' products were built on different platforms and programming languages. The contractor echoed that neither it nor prior analysts had found proof the systems had been manipulated.
High-level White House response
The White House has pushed back on reporting about the investigation, with an official spokesperson describing disclosures as "misinformation" originating from "a few disgruntled leakers" and asserting that they did not fully reflect the government's broader efforts to secure critical infrastructure across sectors. The same spokesperson declined to answer questions about the administration's plans for protecting upcoming elections, and other White House officials did not respond to inquiries about whether the administration would act on the contractor's findings from Puerto Rico.
Internal advocacy to escalate the inquiry
Senior advisers close to the president privately urged moving the probe into a more robust law enforcement posture. In one White House meeting on October 3, the contractor and intelligence officials briefed senior aides - including the president's homeland security adviser, the White House chief of staff and the White House press representative - on the forensic analysis performed in Puerto Rico. After that briefing, the homeland security adviser pushed for the FBI to take a more active role in the probe.
That involvement materialized in the form of the January search in Georgia and March subpoenas in Arizona, both tied in official paperwork to referrals and questions raised by the investigator's office.
Meetings and demonstrations
In June, the investigator met in Tampa with at least three former employees of a different voting-technology company who had been offered as potential corroborators of the theory that foreign code had been used to manipulate Dominion systems. Also present at that session, according to sources with knowledge of the meeting, were an FBI agent temporarily assigned to intelligence staff, a computer engineer from the investigator's team and a Department of Justice political appointee who has advanced his own allegations about the 2020 election.
The former employees did not present evidence that Dominion systems had been used to alter outcomes. Instead, they demonstrated a theoretical scenario using a once highly classified exploit developed by a U.S. intelligence service, suggesting how a foreign actor could, in principle, exploit certain equipment. The demonstration did not amount to proof that such exploitation had ever occurred in an actual election.
Contractor recommendations and implementation uncertainties
Having uncovered vulnerabilities similar to those described by academic and federal analyses, the contractor proposed a coordinated approach to address potential risks before national elections. That plan included additional forensic examinations of machines beyond those seized in Puerto Rico, the formation of an advisory task force to guide state officials on patching steps, and federal financial assistance to ensure states could deploy fixes in time for upcoming ballots.
One source familiar with the contractor's recommendations said that to complete patching ahead of the November midterm elections, states would need to begin implementing measures by May. Yet other sources said they were unaware of any administration-led effort to advance the specific fixes flagged in Puerto Rico.
Statements from involved parties
The cybersecurity firm's chief executive described repeated pressure from the investigator to produce evidence, saying the investigator often declared certain jurisdictions "a crime scene" without presenting demonstrable proof. The CEO said what began as detailed forensic work devolved into what he called a cacophony of rumor and opinion, ultimately prompting the company to end its engagement.
The firm also told intelligence officials its financial records did not show any links to the donor named in the investigator's accusations. The donor's foundation likewise issued a statement denying any relationship with the cybersecurity company and saying it had never contracted with or worked with that firm.
Legal fallout and industry settlements
Public litigation has followed similar disinformation campaigns. Media outlets that broadcast false claims about voting-technology companies have settled defamation suits brought by those firms, including a high-profile settlement of $787.5 million by a national cable network in 2023 and a $40 million settlement in 2024 by a conservative television outlet in a suit involving claims that a technology company manipulated the 2020 election.
Unresolved questions
Despite the investigator's sustained campaign and use of federal resources, there remains no publicly presented evidence that Dominion machines were manipulated in any election. Officials and experts who reviewed the Puerto Rico machines found only software flaws that had been previously documented and patched by the vendor, with states responsible for implementing those fixes. Multiple people involved in the inquiries said they were not aware of any concerted administration action to move the contractor's remedial recommendations forward.
For now, the record shows a federal forensic review that turned up vulnerabilities but not signs of compromise, an investigator who has pressed on with allegations and state and federal law-enforcement actions prompted in part by referrals from that office. How the expanded inquiries will affect public confidence in elections or state-level management of voting systems remains an open question tied to actions yet to be taken by federal and state officials.
Key takeaways
- Federal forensic analysis of voting machines seized in Puerto Rico uncovered software vulnerabilities but no evidence of hacking or foreign-code insertion.
- An investigator assigned to probe alleged foreign interference has used federal personnel and resources and pushed to expand the inquiry into Georgia and Arizona.
- The cybersecurity contractor recommended further analysis and a coordinated remediation plan, but sources say the administration has not advanced those measures.
Reporting for this piece relied on multiple people familiar with the investigation, statements made by the contractor and public court filings.