Who are the ‘Unindicted Co-conspirators’ in the Alleged Coffee County Breach?

Washington Post photo by Michael S. Williamson
Former National Security Agency employee Jim Penrose, shown in 2006.

The wide-ranging indictment of former president Donald Trump in Georgia accuses four of his supporters of conspiring to copy and distribute data from elections equipment in rural Coffee County, and it leaves unnamed seven “unindicted co-conspirators” who the grand jury said participated in that effort.

The four supporters – attorney Sidney Powell, former county elections supervisor Misty Hampton, bail bonds business owner Scott Hall and former county Republican Party chairwoman Cathy Latham – were each charged Monday with offenses that included conspiracy to commit computer theft and computer trespass. They either declined to comment or did not respond to inquiries from The Washington Post.

The unnamed unindicted co-conspirators in the indictment – it lists 30 in all – could be critical witnesses. In an attempt to learn the identities of the seven tied to the Coffee County intrusion, an effort to find evidence of purported fraud in the 2020 election, The Post compared the descriptions of events in the indictment with other records, many first obtained by the plaintiffs in a long-running lawsuit over the security of Georgia’s voting systems. Election-integrity activists filed that lawsuit against state officials in federal court in Atlanta.

The records indicate the unnamed co-conspirators – who either declined to comment or did not respond to requests for comment – appear to be the following people:

Alex Cruce

The indictment says that “Individual 24” and Hall flew from DeKalb-Peachtree Airport outside Atlanta to Douglas Municipal Airport in Coffee County on Jan. 7, 2021, “for the purpose of assisting with the unlawful breach of election equipment” at the county elections office.

In a deposition for the Georgia lawsuit, Alex Cruce said he and Hall flew to Coffee County that day, accompanied by only a flight crew. Surveillance video footage obtained by The Post last year shows Hall and Cruce arriving together at the elections office. They were joined by a team from SullivanStrickler, an Atlanta-based digital forensics company hired by Powell to copy data from equipment in Coffee County and in other battleground states.

Cruce, a 37-year-old engineer from Jacksonville, Fla., said in the deposition that he did not copy anything in the elections office and did not receive data copied by SullivanStrickler. He said his understanding was that the group had permission to be there.

SullivanStrickler has not been charged.

Doug Logan

“Individual 25” downloaded Coffee County elections data on four days in 2021 – Jan. 9, 10, 11 and 13 – from a server maintained by SullivanStrickler, according to the indictment.

The Post reported last year that data copied from elections systems in Coffee County and elsewhere was posted to a password-protected server by SullivanStrickler and downloaded by multiple Trump allies. As part of the Georgia lawsuit, SullivanStrickler turned over to the plaintiffs comprehensive logs listing every person who had access and each time that data was downloaded from the server. The Post obtained the logs.

An account in Doug Logan’s name and registered to his email address was the only one to have downloaded data on all four days on which the indictment says “Individual 25” did so, the access logs show.

“Individual 25” is also one of two co-conspirators described in the indictment as having accessed nonpublic areas of the Coffee County elections office on Jan. 18, 2021, with Hampton’s permission. Surveillance footage reviewed by The Post shows Logan was one of only two members of the public to visit the office that day, when it was closed for the Martin Luther King Jr. Day holiday. It was not clear from the footage what he did inside.

During this period, Logan, 43, of Sarasota, Fla., was the chief executive of the cybersecurity firm Cyber Ninjas, which was also hired by Republican state lawmakers in Arizona to hunt for fraud there.

Logan said in a deposition for the lawsuit that he helped to run tests on Coffee’s election systems when he visited. He said Powell’s team told him all the activity in Coffee County was approved by local officials.

Todd Sanders

According to the indictment, “Individual 26” downloaded Coffee County data from the SullivanStrickler server on five dates: Jan. 9, 10, 11, 18 and 19. The access logs show that an account registered with a work email address used by Todd Sanders was the only account to download data on all of those dates. The account used the name “Scott T,” which does not appear to correspond to anyone previously connected to the Coffee County incident or the broader attempt by Trump allies to access elections equipment in several states.

Sanders, 47, who lives in Port Charlotte, Fla., worked with the Powell team that was attempting to access voting equipment in multiple jurisdictions. In December 2020, according to visitor logs, he traveled to Antrim County, Mich., with SullivanStrickler employees to copy data there under a court order. An email turned over by SullivanStrickler for the lawsuit also describes an individual named “Todd,” with Sanders’s cellphone number, as the Powell team’s person on the ground in Nevada.

Conan Hayes

According to the indictment, “Individual 27” downloaded copies of Coffee County election data on Jan. 10, 12 and 13 and Feb. 25 and 26. The access logs show that an account in the name “Conan H,” which was registered to an email address used by Conan Hayes, was the only one to download data on all those days.

Hayes, a 48-year-old former pro surfer from Hawaii who now describes himself as a data expert, was involved in the broader effort by Trump allies to access elections equipment in multiple states, records show. Three officials in Mesa County, Colo., have been indicted after allegedly allowing Hayes into their offices to copy sensitive data in May 2021.

Jim Penrose

“Individual 28” is said in the indictment to have emailed SullivanStrickler on April 22, 2021, asking for data to be sent to “Individual 30,” an unnamed unindicted co-conspirator who is a lawyer. Emails that SullivanStrickler turned over for the lawsuit, in response to a subpoena covering all of its election work, show that Jim Penrose emailed the firm a request matching that description 0n that date.

The indictment also stated that “Individual 28” downloaded copies of the Coffee County data from the SullivanStrickler server on Jan. 13, 2021. Though others did as well, the access logs show that an account registered to Penrose did download Coffee County data that day – and that that was the only day the account did so.

Penrose, a cybersecurity consultant from Laurel, Md., approached SullivanStrickler to engage the firm in the elections data effort, The Post previously reported.

Penrose, who turns 45 on Thursday, spent much of his career at the National Security Agency, according to his résumé. After the 2020 election, he spent Thanksgiving with numerous Trump allies at the South Carolina estate of attorney L. Lin Wood Jr., Wood has told The Post.

Jeffrey Lenberg

“Individual 29” is the other person, along with “Individual 25,” said in the indictment to have accessed nonpublic areas of the Coffee County elections office on Jan. 18, 2021. Surveillance footage shows Jeffrey Lenberg and Logan – identified by The Post as “Individual 25” – visiting the office that day, on the King holiday. The pair returned the following day, and Lenberg went back on his own repeatedly in the following weeks, the footage showed.

Lenberg, 67, of Tijeras, N.M., is a former employee at a laboratory operated for the National Nuclear Security Administration. On a podcast called “Conservative Daily,” Lenberg said in September that he and Logan directed Hampton to carry out tasks on the elections equipment and “didn’t touch” it themselves.

Lenberg said he thought the county elections board had given permission for the outsiders to investigate. “I’m not a lawyer, but it seems to me that the county had every reason and authority to bring in a team to look at what happened,” he said.

Stefanie Lambert

The indictment states that on April 22, 2021, “Individual 28” emailed a SullivanStrickler executive and asked him to send the Coffee County data to “Individual 30,” an attorney described as being associated with Powell and the Trump campaign. An email SullivanStrickler turned over in the lawsuit shows that Penrose sent the firm an email that day asking for data to be sent to Stefanie Lambert, a pro-Trump lawyer from South Lyon, Mich., who worked with Powell. Lambert’s appearance in the emails was reported by The Post last year.

In an email to The Post last year, Lambert said, “There is no law preventing local clerks from seeking independent expert analysis of voting machines.”

Earlier this month, a special prosecutor in Michigan charged Lambert with four felonies, including willfully damaging a voting machine in relation to efforts by a team of Trump allies there. Lambert, 41, has denied any wrongdoing. Penrose, Logan and Lenberg were investigated by the special prosecutor but not charged.


An eighth unindicted co-conspirator is not directly implicated in the Coffee County intrusion but figures into the broader effort to access and share voting machine data.

Phil Waldron

According to the indictment, in an email on Dec. 21, 2020, Powell instructed a SullivanStrickler executive to give three people access to data the firm had copied from Antrim County. The grand jury listed all three people as “unindicted co-conspirators,” Individuals 6, 21 and 22.

Phil Waldron was one of the three who was to receive access, according to the email Powell sent that day, which was turned over in the lawsuit and obtained by The Post. The other two are referred to in the email only as “Todd and Conan.”

Waldron is very likely to be Individual 6. The indictment says that that person attended a White House meeting on Nov. 25, 2020, with Pennsylvania lawmakers. Waldron previously told The Post that he attended such a meeting. Sanders and Hayes are not known to have attended White House meetings.

On Jan. 1, 2021, a lawyer on Trump’s legal team emailed Waldron and two others a “Letter of invite from Coffee County GA,” according to a document filed to a civil court case involving Rudy Giuliani, then Trump’s personal attorney.

Waldron, a 59-year-old security consultant and retired U.S. Army colonel, joined Giuliani on a tour of battleground state capitols after the election, making allegations of fraud to state lawmakers. Based in Dripping Springs, Tex., he also circulated a PowerPoint presentation proposing that U.S. marshals and National Guard troops help “secure” and count paper ballots in key states. He has told The Post that he met repeatedly with White House chief of staff Mark Meadows.

Georgia Senate
Security consultant Phil Waldron, at a Georgia Senate subcommittee hearing on Dec. 3, 2020.