Authorities in Florida and Alaska on Tuesday were investigating threatening emails sent to Democratic voters that claimed to be from the Proud Boys, a far-right group supportive of President Donald Trump, but appeared instead to be a deceptive campaign making use of a vulnerability in the organization’s online network.
The emails, which appeared to target Democrats using data from digital databases known as “voter files,” told recipients the group was “in possession of all your information” and instructed voters to change their party registration and cast their ballots for Trump.
“You will vote for Trump on Election Day or we will come after you,” warned the emails, which by Tuesday night were said to have reached voters in four states, three of them hotly contested swing states in the coming presidential election.
The emails were reported in Pennsylvania, Arizona, Florida and Alaska. Only Alaska is not a major focus of the presidential campaign, but it does have a closely watched race for the U.S. Senate.
Enrique Tarrio, the chairman of the Proud Boys and the Florida state director of Latinos for Trump, denied involvement, saying the group operates two sites, and was increasingly migrating away from the domain used in the email campaign.
“Two weeks ago I believe we had Google Cloud services drop us from their platform, so then we initiated a url transfer, which is still in process,” he said in an interview. “We kind of just never used it.”
The technical data embedded in the emails do not make clear who was behind the barrage arriving in the inboxes of unsuspecting voters.
Democrats in Alachua County, in north-central Florida, reported receiving the messages, according to interviews with several recipients. So, too, did voters in Alaska, said Casey Steinau, chair of the Alaska Democratic Party. Her communications director, Jeanne Devon, said Tuesday night the FBI “is now involved in the investigation.” A spokeswoman for the bureau’s Anchorage field office did not respond to a request for comment.
Kristen Clarke, president and executive director of the national Lawyers' Committee for Civil Rights Under Law, said her organization had received at least one report of a similar email from a voter in Arizona. A spokeswoman for the Arizona secretary of state’s office did not immediately respond to a request for comment.
“This is absolutely something to be concerned about,” said John Scott-Railton, a senior researcher at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs and Public Policy. “This is what election interference looks like.”
He said he knew of a threatening email reaching a voter in Pennsylvania.
Federal authorities, elections officials and experts in disinformation have issued dire warnings not just about voter intimidation but also about deceptive online campaigns playing up fears of intimidation tactics.
Christopher Krebs, director of Homeland Security’s Cybersecurity and Infrastructure Security Agency, wrote in a tweet that his office was aware of the emails, noting, “Ballot secrecy is guaranteed by law in all states.”
“These emails are meant to intimidate and undermine American voters' confidence in our elections,” he added.
Some cybersecurity experts were already pointing to the possibility of foreign involvement.
“We’re still reviewing it, but it wouldn’t be unheard of for a foreign actor to impersonate political figures or organizations,” said John Hultquist, senior director of analysis for Mandiant Threat Intelligence. “It could be a form of voter intimidation or it could be meant to inject discord into an already fragile process.”
Tarrio, determined to beat back the perception of involvement by the Proud Boys, said he had already spoken to an FBI agent about the episode. Amanda Videll, a spokeswoman for the bureau in Jacksonville, Fla., declined to comment.
A spokesman for the Alachua County Sheriff’s Office said local authorities were coordinating with elections officials and had also sought the assistance of the FBI.
“We believe them to be fraudulent,” the spokesman, Art Forgey, said of the emails.
The domain, officialproudboys.com, was recently dropped by a hosting company that uses Google Cloud services, according to Google Cloud spokesman Ted Ladd. The hosting service canceled the registration after Google Cloud notified the customer that a nonprofit group had raised concerns about the Proud Boys, Ladd said.
Following the action from the hosting service, the domain appears to have been left unsecured, allowing anyone on the internet to take control of it and use it to send out the menacing messages, said Trevor Davis, CEO of Counteraction, a Washington-based digital intelligence firm.
The lapse, which began on Oct. 8, “likely made them vulnerable to this kind of hijacking,” Davis said. “Bad actors are constantly scanning the internet for opportunities. Given the public profile of the Proud Boys and the likelihood that whoever’s sending these emails has access to a voter file, this appears to be opportunism.”
The Proud Boys rose to national prominence last month during the first presidential debate between Trump and his Democratic rival, Joe Biden, when the president passed up an invitation by moderator Chris Wallace, of Fox News, to denounce white supremacists. When Biden suggested that Trump denounce the Proud Boys, he said, “stand back and stand by” - a comment that was widely celebrated on social media by the group as a call to action.
Memes circulated online with the words integrated into the Proud Boys logo. One doctored image showed Trump wearing one of the Proud Boys' signature polo shirts. Another online poster used the moment to advertise T-shirts and hoodies bearing the group’s logo and the words, “PROUD BOYS STANDING BY.”
The group’s leaders say they do not support white supremacy, but they had a contingent at 2017′s notorious Unite the Right rally in Charlottesville, Va. The Proud Boys also have been frequent participants in the reopen protests demonstrating against coronavirus lockdowns and, more recently, the protests in Portland, Ore. Facebook has banned the group as a hate group, and the Southern Poverty Law Center classifies them as a hate group and says its leaders “regularly spout white nationalist memes and maintain affiliations with known extremists.”
Online analysts traced the pathway of at least one of the emails through a server in Saudi Arabia. The Internet Protocol address associated with metadata in the email had previously been reported, pointing to its likely use in scam or phishing operations, said Cindy Otis, a former CIA analyst and vice president of analysis for Alethea Group, an organization combating online threats and misinformation. Vice, citing a similar email purportedly from the Proud Boys and threatening Florida voters, found another possible path through a server in Estonia.