Democratic voters in at least four battle states, including Florida and Pennsylvania, received threatening emails, purporting to be from the far-right group Proud Boys, warning “we will chase you” if the recipients did not vote for President Donald Trump.
(Click here for full coverage of the 2020 U.S. elections)
The voter intimidation operation apparently used email addresses obtained from state voter registration lists, which include party affiliation and home addresses and may include email addresses and phone numbers. Those addresses were then used in a seemingly widespread targeted spam operation. Senders said they would know which candidate the recipient was voting for in the Nov.3 election, for which early voting is ongoing.
(Read more: 2020 US elections: Donald Trump, Joe Biden tied in Texas, poll shows)
Federal officials have long warned about the possibility of this type of operation, as such registration lists are not difficult to obtain.
(Read more: Trump unable to take work seriously, ‘says Obama)
“These emails are intended to intimidate and undermine the confidence of American voters in our elections,” Christopher Krebs, the top election security official for the Department of Homeland Security, tweeted Tuesday night after the email reports.
He urged voters not to fall for “sensational and unverified claims,” reminding them that ballot secrecy is guaranteed by law in every state. “The last line of defense in electoral security is you: the American voter.”
A spokesman for FBI headquarters did not immediately return a phone call seeking comment.
When asked about the emails during an online forum Wednesday, Pennsylvania Secretary of State Kathy Boockvar said she lacked specific information. “I am aware that voters were sent in various undecided states and we are working closely with the attorney general on these kinds of things and more,” he said.
Bennett Ragan, campaign manager for Florida House candidate Kayser Enneking, said he received two of the emails and knew 10 other people in Gainesville who also received them. Bennett said the home address included in the personalized email he received was not up-to-date, so he estimates that the data about him was obtained from the 2018 primary election census of voters.
The emails were sent by a group, whose identity is unknown, which invested a lot of time and effort in identifying vulnerable internet servers in various countries, including Estonia, Saudi Arabia and the United Arab Emirates, which they hijacked to send the emails, he said security researcher John Scott. Railton, who examined dozens. Voters in Arizona and Alaska also welcomed them, he said.
The Associated Press obtained the personalized email addresses of two Florida voters in different parts of the state.
Scott-Railton of the University of Toronto’s Citizen Lab online civil rights project said the Proud Boys email address that spammers placed in the email sender field was “a flag of convenience.” The true source addresses, not easily visible but listed in the email headers, were the hijacked servers. The emails reviewed by AP appeared to come from a company in Estonia.
And while the operation was not terribly sophisticated, it may still have been backed by a nation-state. There are documented cases in which Russian agents have sent threatening mail, including to spouses of the US military. Ukraine has also been affected by email hoaxes that are suspected of being the work of the Kremlin. Intelligence services like to use these techniques because they do not carry the government seal, which provides deniability.
“We have definitely seen state actors impersonating political figures and factions in the past. It wouldn’t be strange for them to do that in this case, ”said John Hultquist, director of threat intelligence analysis at cybersecurity firm FireEye. None of the Russian military hackers accused by US prosecutors of interfering in the 2016 presidential election on behalf of Trump have been brought to justice.
“For me this is a Canarian case. And what it shows is that someone with obvious malicious intent can receive messages that exploit voter registration data in front of the eyes of a large number of Americans, ”Scott-Railton said. The emails clearly penetrated email providers’ spam filters, he said, although some have likely been blocked.
Microsoft and Google, the leading email providers with top-tier security tools and researchers, did not immediately comment on how many of the spoofed emails may have been sent and what intelligence they may have on the identity of the sender.
“The real question is how well this operation covered its runways,” said Scott-Railton, who is concerned that the operation may have been a rehearsal. “Is anyone testing a capability that you intend to use on a much larger scale in the future?”
He urged the United States government and its allies to be as transparent as possible about what they know about the operation as soon as possible to assure the public that it does not endanger electoral security.
In a post on the Telegram messaging service, an account claiming to represent the Seattle Proud Boys said the group was not involved with the emails, calling them a “false flag operation.” President Trump has come under fire for refusing to condemn the far-right group.
Daniel Tokaji, dean of the University of Wisconsin School of Law and an expert on voting rights, said he fears we may see more of the kind of voter suppression that intimidation emails attempt: trying to scare people into don’t vote at all.
Jessica Levinson, a professor at Loyola Law School, said using information from the voter list could make emails especially terrifying. “It places so much unfair stress and responsibility on voters and no one should have to fear for their safety when deciding who to vote for, but that’s exactly the point of voter suppression.”
—-
Associated Press writers Eric Tucker in Washington, DC, David Klepper in Providence, RI, and Christina Cassidy in Atlanta contributed to this report.
.
