Leaks Show Targeting Journalists.
After two years of actively participating in militia, ‘the infiltrator’ is dropping 13 gigabytes of ‘internal, secretive communications,’ says “APIII and other paramilitary groups provided the muscle” for voter intimidation.
A new set of leaks from inside the Telegram chats of the American Patriots Three Percent militia group (AP3 or APIII) reveal a sprawling network buzzing with activity. We got in touch with someone who infiltrated this group for around two years; they gave us a full explanation of why they spent so long trying to get into the group’s leadership circles, which span many states. ‘The infiltrator’ wrote, “I spent two years infiltrating right-wing terrorist groups. I can say firsthand that voters are at risk on Election Day.”
An investigation ProPublica released in August is based in part on the same overall group of leaks. While no one in APIII has caught terrorism charges, the infiltrator has emerged with a lot of receipts which raises questions of whether APIII has violated laws around voter intimidation. “In addition to providing ProPublica with more than 100,000 internal messages I am publicly releasing a selection of these messages. The public release includes more than 13gb of internal, secretive communications covering their ballot box watching in 2022, and almost 200gb of related public Telegram channels,” the infiltrator wrote.
The infiltrator told Unicorn Riot,
“The right wing paramilitary world has not given up their goals of influencing national politics through vigilante action. Their efforts in 2024 will not look like those in 2022. They learn from their mistakes and are very adaptable. Their efforts are likely to be less overt this year. They never faced consequences for their actions in 2022, they have the same extremist beliefs, the same people are active in the same spaces, and those people are still part of groups which are very organized and motivated. We should not mistake their lack of overt action for lack of activity. If anything they are more emboldened and determined. They will continue to engage in paramilitary vigilantism until they are stopped.” – ‘The Infiltrator’ statement to Unicorn Riot
The infiltrator told us, “I spent more than two years infiltrating APIII and was granted access to their chats as they believed me to be one of them,” which included face-to-face meetings as a bona-fide member.
Unicorn Riot has covered the presence of Three Percenters at various flashpoints over the years. 2018 was a banner year for Three Percenters — which is a distinct networked subculture, not a formal organization. They co-organized a “We the People” rally in Philadelphia along with local Proud Boys including Zachary Rehl, who received a 15-year federal prison sentence last year for the January 6 attack. Also in 2018, we found that St. Paul police improperly released a group of Three Percenters who came armed to a protest after the killing of Philando Castile. In Louisville, Kentucky, people carrying Three Percenter insignia attacked a Democratic Socialists of America gathering in 2018. Three Percenters were linked to disinformation that inspired a police crackdown on protesters in Georgia in 2018. Three Percenters were among Proud Boys and others in Portland street fighting in 2018; this was part of a larger coordination network, logs later showed. In 2020 we found Three Percenters overlapped with a “Patriotwave” Boogaloo Boi spinoff subculture. In 2020 they co-organized “Liberate Minnesota” rallies against Gov. Tim Walz’s Covid policies. In 2021 we published III% Security Force Discord chat logs, showing a fractured militia thirsty for violence.
ProPublica reported members of APIII were intricately involved in the January 6 attack on the U.S. Capitol that aimed at overturning the 2020 election results by force, as an element of the larger III% subculture. In August a federal judge sentenced Daniel Edwin Wilson, part of the III% group ‘Grey Ghost Partisan Rangers’ and the Oathkeepers, to five years for J6 rioting; Kelly SoRelle, another III%-connected figure, pleaded guilty to charges related with tampering with J6 evidence; this is all part of patterns tracked by the website Militia Watch.
The APIII logs show a movement embittered by the events that followed. In the ‘America First Precinct Project’ chat, username ‘trooper’ posted “Every single individual on the J6 Kangaroo Commission, and every other individual connected with this political persecution and unlawful detainment of American Citizens – should be hanged at the gallows in front of the US Capitol,” albeit after a “speedy trial.”
Militia fixated on 2022 ballot monitoring amid larger network
Analysts have long wondered if anti-government militias could become “pro-state paramilitaries” by building operational links with ‘Constitutional Sheriffs,’ white nationalists, and hard-right politicians. As ProPublica reported this group “already sought to shape American life through vigilante operations: AP3 members have ’rounded up’ immigrants at the Texas border, assaulted Black Lives Matter protesters and attempted to crack down on people casting absentee ballots.” Paramilitary groups are a notorious source of counterinsurgency violence, and often aim to achieve specific goals through the use of force outside the structure of the state. ProPublica added that APIII leaders “have forged alliances with law enforcement around the country.”
A lot of the material references the Constitutional Sheriffs movement, which is built around the improbable idea that “sheriffs have more law enforcement power in their home counties than any other government body or individual.” A newly released book, “The Highest Law in the Land: How the Unchecked Power of Sheriffs Threatens Democracy” by Jessica Pishko examines these trends in detail. As Pishko notes, Richard Mack, founder of the Constitutional Sheriffs and Peace Officers Association, was one of the architects of this mythical ideology, while an Arizona sheriff Mark Lamb has marketed it relentlessly in the conservative movement. (Mack was inspired by Willard Cleon Skousen, an arch-anticommunist police chief affiliated with the John Birch Society and the conservative wing of the Mormon community.)
The fad around “ballot watching” materialized because of Dinesh D’Souza’s widely debunked film, “2,000 Mules”, which inspired fever dreams of secret dropoffs of hundreds of fake ballots. The film’s publisher, Salem Media Group, issued an apology and ceased distributing the film, which falsely claimed Georgia resident Mark Andrews was voting illegally.
The APIII group is not the only one angling to pressure voters; it’s just one element in a larger ecosystem of actors. Longtime Trumpworld figure Steve Bannon has long pushed a precinct-level strategy for hardline conservatives, which includes the more “insurgent” side of the GOP that believes democracy has been lost and must be restored to reclaim America; this includes dramatically changing the role of poll watchers and similar local-level activities.
A new documentary by investigative journalist Greg Palast – “Vigilantes Inc.” – covers how “40,000 self-proclaimed vigilante vote-fraud hunters have already challenged the rights of 851,000 voters of color.” The film details how conservative activists attempted to block voting rights for 4000 soldiers registered at Fort Benning, many of whom are Black. Last year Democratic Party-aligned election attorney Marc Elias highlighted how Georgia’s new law made it much easier for huge numbers of voters to be purged, through skirting “federal laws by outsourcing voter purges to third-party groups.”
This gives a little more context for why exactly a self-proclaimed militia would be so keenly focused on the odd subject of ballot watching. Back in 2022, ‘Clean Elections USA’ was a highly visible source of what critics called “intimidation and harassment” of Arizona voters.
Our source, ‘the infiltrator,’ alleges that the APIII militia closely coordinated with Clean Elections USA to create this air of menace. They wrote, “Clean Elections USA is the more public facing side. While Clean Elections USA handled the public side, and The People’s Movement focused on the bureaucratic side, APIII and other paramilitary groups provided the muscle.”
Late that October, a federal judge refused to bar Clean Elections USA from monitoring outdoor ballot boxes where “watchers have shown up armed and in ballistic vests.” Federal Justice Department attorneys stepped in, saying that threats, intimidation and coercion are illegal under the federal Voting Rights Act, and “ballot security forces” present a risk of voter intimidation. Then another ruling from the judge barred Clean Elections USA from “coming close to drop boxes, open-carrying guns near drop boxes and yelling at people putting ballots in those boxes.” He also banned them from filming or following people within 75 feet of ballot drop boxes.
In the current election cycle, Donald Trump’s presidential campaign claims it will “protect election integrity” by organizing “Trump Force 47 captains,” seeking 100,000 volunteers to observe poll workers and ballot counters around the country and 5000 in Arizona. (Matt Whitaker, a former Trump Administration acting attorney general who was harassed leftists with probes and grand juries during his earlier stint as a federal prosecutor in Iowa, has been making the rounds organizing these Trump Force 47 offices in both Arizona and Pennsylvania).
While partisan poll watchers are nothing new, the Trump campaign’s open strategy of fabricating false claims about election integrity inspired the January 6 attack after the last presidential election and could lead to similar events in the future. DOJ special counsel Jack Smith filed a 165-page document unsealed last week which outlined the details of how Trump and his supporters pushed knowingly false claims about the election to further their attempts to overturn it.
As ProPublica noted, the question hovers over American militias and APIII: “Will Jan. 6 prove the high water mark of the movement’s violence or merely a prelude to something more catastrophic?”
DDoSecrets journalists sought by militia leadership, chats show
We also received material from the transparency whistleblower group Distributed Denial of Secrets (DDoSecrets), which was established in 2018 as a journalist organization to publish leaked data sets handed to them by sources like hackers and infiltrators. (As we understand it, other major media organizations besides ProPublica are also investigating the APIII leaked data set.) Emma Best, the organization’s editor, said to Unicorn Riot,
“DDoSecrets is a journalist non-profit and the world’s largest library of formerly secret information. Our publications have resulted in us being banned in Russia, Indonesia and Israel, and targeted by the Department of Homeland Security and right-wing figures ranging from militia leaders to tech bros.”
– Emma Best, Editor, Distributed Denial of Secrets
DDoSecrets is the media publisher for these new APIII leaks, and dozens of screenshots show the APIII militia’s leadership was interested in targeting DDoSecrets journalists for around a year, because of their other work. (Best has also contributed reporting to Unicorn Riot about the Wikileaks grand jury and Espionage Act DOJ contemplations, and helped us report on rare Iran-Contra documents and the 29Leaks offshore shell company investigation.)
While DDoSecrets has occasionally been accused of being a nefarious illegal hacking organization, no one has put up any evidence to back this up. Similar to a game of telephone, lurid rumors get passed around, encouraged by high-profile Internet racists such as Gab social network proprietor Andrew Torba. Back in 2021, Torba accused “mentally ill tr***y demon hackers” of breaking into Gab’s data. (We covered how prolific Gab user Robert Bowers triggered an investigation of the site in Pennsylvania after he murdered 11 Jewish people at the Tree of Life synagogue in October 2018. Gab users also use Discord to coordinate harassment and disinformation.)
In the tumultuous summer of 2020, the Department of Homeland Security’s Office of Intelligence and Analysis circulated a bulletin falsely claiming DDoSecrets was a “criminal hacker group” after the release of “BlueLeaks,” 296 gigabytes of sensitive law enforcement data. Best said,
“Far-right figures like Gab CEO Andrew Torba often put DDoSecrets in danger with disinformation and doxing efforts. Within hours and in direct response to Torba posting pictures of DDoSecrets members and calling us mentally ill demon hackers in 2021, APIII’s state leaders renewed the discussion about finding me and ‘hacking’ me ‘with an axe.’ Years later,Torba’s disinformation continues to target DDoSecrets.” – Emma Best, Editor, Distributed Denial of Secrets
DDoSecrets discovered after they published the data dump from GiveSendGo, an extreme hardline “Christian fundraising platform” (best known for helping people like the Proud Boys raise money online), they got the attention of the “AP III State Leaders chat”. ‘John Nat. Cmd. SGT Major / WA State CO V’ said, falsely, “these are the guys that hacked us on the other site we had.” ‘RR Manchester’ posted, “I wonder if we could do the same in return to them…. And then make some house calls.”
John also suggested that they should work with Torba to target Best.
In a comment provided to Unicorn Riot by DDoSecrets, Ryan Shapiro, executive director of the national security-oriented transparency non-profit Property of the People said, “The material is disturbing but not surprising. It’s a hallmark of fascists to respond to transparency with violence.”
At least some element of APIII-related web hosting was on Epik, a company run by Rob Monster. After a number of other web hosts refused to deal with the far right, back in 2019 there was a lot of attention on how Epik became the registrar for the far-right social media site Parler, and was the host and content delivery network (CDN) for one of the most notorious neonazi websites, Daily Stormer. In 2021, the Epik customer database was breached and released online, which helped researchers identify the people behind a huge range of websites notoriously used for organized harassment, as well as white supremacists. The Epik data breach included “all that’s needed to trace actual ownership and management of the fascist side of the Internet that has eluded researchers, activists, and, well, just about everybody.” After the original hacker ring posted the dataset DDoSecrets repacked and republished this fileset, dubbed the #EpikFail leaks.
Conclusion: Trouble on the horizon
Included in this leak, among the many election-related images shared in APIII and related Telegram chats, was this image about “ballot harvesting hot spots.” It reveals a dangerous problem here: its purpose is to discredit the idea that residents of apartments, nursing homes, homeless shelters, universities and low-income areas are legitimate voters. This shows a pattern repeated with other groups like white supremacists: they don’t believe a huge share of the public are legitimate voters at all, and organizing these voters is a kind of fraudulent subversion. By first discounting the enfranchisement of these people, then the agenda becomes preventing their “fraud,” “raising questions” about whether they have the right to vote, and so on.
There’s no shortage of mean-spirited but relatively meaningless Internet chatter available today. However, as the leaks about targeting the DDoSecrets journalists underscored, and the chats for planning intimidation of voters at ballot boxes in Arizona showed, there is a directed plan to create a sense of menace in American life around elections.
Since 1982 a little-known federal consent decree blocked the Republican National Committee from organizing “what the party saw as ballot security measures and critics deemed voter suppression” in violation of the Voting Rights Act, including accusations of “sending armed police officers off duty to patrol polling places in minority areas.” This was lifted in 2018 with little apparent effect. But we can see that a pattern of sometimes-armed ballot watchers picked up in 2022, spurred by false narratives spread by ‘2,000 Mules,’ and particularly by Arizona politicians like Mark Lamb and Kari Lake. APIII clearly saw itself as a key piece of this machinery.
A detailed guide from the Brennan Center covers how federal law prohibits voter intimidation. As they note,
“Poll watchers help to ensure transparency and public trust in elections. But they can also disrupt the voting or counting process, intimidate voters, and misunderstand or mischaracterize what they observe, offering inaccurate and potentially inflammatory accounts. There is a long history of poll watchers harassing and intimidating voters, inappropriately surveilling voters, threatening voters, and otherwise interacting with voters in a manner that violates voter intimidation law. This trend continued in 2022.” – Brennan Center, “Guide to Laws Against Intimidation of Voters and Election Workers,” June 18, 2024
In our previous investigation, we found many components of the January 6 attack were overlooked and not well understood — and much of it came from networks like this one. The materials leaked from APIII show that there could be an organized effort again during this cycle to derail the election process through intimidation, force, and surveillance, grabbing the levers of power to determine political leadership away from American voters. This would put control of the country in the hands of shadowy paramilitary-laced networks that won’t hesitate to organize threats and January 6-like events when the majority of the public is not aligned with their ideology and goals.
Addendum: Message from “The Infiltrator”
Note: The following message from the individual that infiltrated the APIII / AP3 militia is included in full – edited for capitalization and styles. Unicorn Riot has not independently confirmed the claims in this message.
I spent two years infiltrating right-wing terrorist groups. I can say firsthand that voters are at risk on Election Day.
“The next election won’t be decided at a Ballot Box. It’ll be decided at the ammo box,” an APIII leader wrote several months ago in a private Telegram chat, as reported by ProPublica.
I am an independent activist, I spent two years as a member of the right-wing terrorist group known as APIII, and more than two years providing information to ProPublica to expose their operations. Over the course of the time I’ve been situated in these groups, I have observed alarming things which have led me to come forward. I know there are paramilitary groups who plan to influence the coming election through vigilante actions. I believe there is a risk of violence at ballot boxes, polling places, and other election sites in the coming weeks.
To explain what makes me so certain, let’s revisit the 2022 midterm elections and my experiences with APIII’s involvement in them.
Most of the so-called lone wolves who participated in the 2022 ballot box watching in Arizona were not “lone” at all–far from it. In fact, they were part of highly organized groups who intended to influence the elections through intimidation. These ballot watchers, sitting casually on lawn chairs, had guides that laid out the “Rules of Engagement”. They had shift schedules and sent daily reports to area “Captains” who coordinated the watching. Ballot box watchers had been encouraged to deny they were part of any group, and when interviewed by journalists lied to them and then bragged about it in internal chats. They were also frequently carrying concealed firearms.
Why this effort? Well, as one message said, written in a private Telegram group by a member of APIII “We can’t win at the ballot box if they count the votes for the other candidate.”
I saw messages like this because I infiltrated the leadership of APIII and was granted access to internal members-only leadership chats, and I had previously taken part in other paramilitary operations. In addition to providing ProPublica with more than 100,000 internal messages I am publicly releasing a selection of these messages. The public release includes more then 13gb of internal, secretive communications covering their ballot box watching in 2022, and almost 200gb of related public Telegram channels.
From these messages, I can tell you that the ballot box watching in fact is highly organized, with different groups taking responsibility for different aspects of the effort. Since the midterm elections, they’ve only become more organized and more determined. There are entire channels on Telegram devoted to coordinating the efforts. Behind these channels are a number of groups that work together behind the scenes to organize these ballot box watchers. They conduct the ballot box watching as a paramilitary operation and the obvious observers are only one part. They often have a QRF (quick reaction force) on standby at an offsite location which can stage an armed response to any threat to the watchers, and they deploy leaders in gray man, or undercover roles, to observe the operations from a distance without taking part directly.
The machine behind the ballot watching is made up of a number of paramilitary groups, as well as other groups such as The People’s Movement (a group that had earlier organized a truckers’ convoy), and Clean Elections USA, who look after logistics. As she states in the chats I am releasing, the leader of The People’s Movement, Carolyn Smith, is an honorary APIII member. The messages document that APIII founder and the leader at the time, Scot Seddon, approved APIII’s involvement at the very beginning, and that he ordered his State COs to conduct the operations. The AZ operations were conducted by TJ Sweetman, the AZ State Commanding Officer (CO) at the time, who was active in the Telegram chats as the leader of the AZ efforts. I participated in conversations where we were told that TJ was promoted to Rocky Mountain Region CO for his performance during the 2022 ballot box watching. The individuals who went viral were active members of APIII, and as reported by ProPublica and documented in the chats, they were assigned to the operation because of past performance on other paramilitary operations. As ProPublica reported, based in part on the internal communications I provided them, Elias Humiston was an APIII member from North Carolina who was assigned by NC State CO Burley Ross; Burley states that he tapped Elias because of Elias’ experience in paramilitary operations on the US-Mexico border in which they rounded up migrants and conducted reconnaissance. Assigned members in these channels were given orders that included instructions specific to the ballot box operations as well as standard operating procedures common to most APIII paramilitary operations. These orders included instructions on how to dress, communicate, and behave.
Clean Elections USA is the more public-facing side. While Clean Elections USA handled the public side, and The People’s Movement focused on the bureaucratic side, APIII and other paramilitary groups provided the muscle. The People’s Movement and Clean Elections USA had Facebook pages and websites, which I have included to document their roles.
Beyond revealing just how big an operation the ballot box watching is, and who is behind it, these Telegram channels also make it very clear that 2022 was only a warm-up. These groups have taken from the lessons learned in 2022 and I believe they are intending to conduct vigilante operations during this election as well. And while they refer to this as “Ballot Box Watching” they do not restrict themselves to observing, they intend to prevent what they see as fraud through intimidation. They brag in internal chats about scaring off people they think are committing fraud. They haven’t provided any evidence that the people they scared off were intending to commit fraud.
The members conducting the ballot box watching do much more than that. Some members surveilled election workers and at least in one case followed the vans transporting ballots. Many of them also have more official roles, such as GOP precinct captains, or they volunteer as observers inside ballot tabulation centers. One admin of a secret Telegram group is a GOP Precinct Captain. In at least one case an APIII member who volunteered as an observer carried a concealed pistol during observation.
Wherever there is ballot box watching taking place, there is also a member who is a “gray man” observing the operation without directly taking part directly. The gray man is dressed in civilian attire, observes from a distance, and maintains communication with the watchers, the QRF, and leadership. The gray man is a senior state-level leader, typically with law enforcement, security, or military experience, and usually is either the State XO or State Security Officer.
These groups and their leadership have learned from their mistakes in 2022 and although they might not conduct the same kinds of operations they did in 2022, they will continue to engage in voter intimidation. Eventually, there will be violence. From what I’ve seen, I believe there is a risk that violence will occur during the election process this year, and that is why I am coming forward to warn the public. From my time on the inside, I can say that the threat is real and credible.
The relevant authorities need to make use of the laws they have at their disposal. All states already have laws prohibiting private paramilitary organizing. Any incidence of armed ballot box watching in AZ should be assumed to be part of a criminal conspiracy to intimidate voters by an illegal paramilitary group and the participants should be arrested. The arrests SHOULD NOT occur at the sites of the ballot box watching because that will deter voters even further because they will fear being caught in a violent confrontation. Arrests at such locations have a high potential for violence. Law enforcement should identify the gray man and QRF before arresting them and should jam all cellular and WIFI signals to prevent them from communicating with other members. Law enforcement conducting arrests of ballot box watchers should do so with respect and the minimum amount of force. They should not conduct the arrests in a way that could become a siege such as at Waco or Bundy Ranch. Using military-type tactics to arrest them may provoke another such incident.
All staff and volunteers at voting sites, ballot counting centers, etc. should have their social media reviewed for ties to militia, paramilitary organizations, or election conspiracy groups. They should be thoroughly screened for weapons and not allowed to bring personal recording devices or phones. Senior election officials should be considered under surveillance and law enforcement should take steps to prevent such surveillance. Ballot transportation should be done with law enforcement escort and anyone attempting to follow or surveil them should be arrested.
I believe there is overwhelming evidence that APIII is nothing less than a terrorist group, and I believe that as leaders in APIII during the 2022 operations Scot Seddon, Carolyn Smith, and TJ Sweetman are terrorists who should be arrested for the part they played in the 2022 midterm election intimidation schemes and charged with the most serious crimes which can reasonably be brought. APIII should be investigated under RICO as a domestic terrorist organization.
Every American has a right to go to the ballot box without fear and the authorities need to urgently learn the lessons of 2022 – and the lessons contained in these documents – so they can prevent something even worse from happening in the coming weeks.
Written statement provided to Unicorn Riot by “The Infiltrator” — October 2024