The U.S. government accused Iran of being behind the recent threatening emails sent to several voters in Florida, Arizona, and Alaska during a press conference on Wednesday.
The Director of National Intelligence John Ratcliffe said that the emails, which were designed to make it look like they came from the far-right group Proud Boys, were “desperate attempts by desperate adversaries.”
“Our elections systems are resilient and you can be confident your votes are secure,” Ratcliffe said during the press conference. “We will not tolerate foreign interference in our elections.”
After Radcliffe, FBI director Christopher Wray spoke briefly about election security, promising Americans that the Bureau is tracking any efforts to undermine the election.
Neither Ratcliffe nor Wray provided any evidence or information supporting the accusation that Iran was responsible for the email campaign.
Do you work on election security? Do you do vulnerability reserch on voting machines or ssystems? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wire/Wickr @lorenzofb, or email firstname.lastname@example.org. You can contact Joseph Cox on Signal on +44 20 8133 5190, Wickr on josephcox, or email email@example.com
On Tuesday, Motherboard reported that voters across the country had received the wave of threatening emails. They purported to come from the Proud Boys; in a tweet the group denied it was behind the emails. The emails told recipients “Vote for Trump or else!”
“We are in possession of all your information,” the email continued. “You are currently registered as a Democrat, and we know this because we have gained access into the entire voting infrastructure. You will vote for Trump on Election Day or we will come after you. Change your party affiliation to Republican to let us know you received our message and will comply. We will know which candidate you voted for. I would take this seriously if I were you. Good luck.”
Then on Wednesday, Motherboard revealed that some of the emails also included a video in which an alleged hacker claimed to show themselves using other peoples’ personal information to print out a voting ballot. The video was highly suspicious, with no evidence that the hacking tool used—sqlmap—was actually being used on a website or server. Multiple election security experts also stressed that the approach of registering for and printing ballots would likely not result in any votes being cast on behalf of others, and that voter data is often public information.
Election security experts and government election officials told Motherboard that the activity described in the emails didn’t pose an actual threat to the integrity of the mail-in vote, but that it seemed like a campaign designed to undermine faith in the electoral process.
“This is just bullshit fear mongering,” Matt Bernhard, a cybersecurity researcher who works for the elections security non-profit VotingWorks, told Motherboard in an online chat. “First of all, showing us a bunch of files in a file system doesn’t prove anything. second of all, the databases shown are quite possibly ones that are publicly available anyways, or that have been posted to dark web sites after leaks.”
The video started with showing President Trump during a press conference say, “I think that mail in voting is a terrible thing.” It then cut to a Proud Boys logo, before showing the data of a number of voters.
Two people included in the data contained in the video confirmed the information’s authenticity to Motherboard.
“That is pretty crazy. So, if I understand it correctly, they are sending emails to people telling them to vote for Trump and some of the emails contain a video proving that they have personal information?” Micheal Patterson, one of the people whose data is in the video, told Motherboard in an email. “If some fascists want to show up to my house, I feel bad for them. I am a combat veteran and a communist, it wouldn’t go well for them,” he added.
“I am very surprised to have learned about this! Wtf yes the info is correct,” Kenneth Wales, another person whose data was included in the video, told Motherboard.
(Disclosure: Gavin McInnes founded the Proud Boys in 2016. He was also a co-founder of VICE. He left the company in 2008 and has had no involvement since then.)
Would you like to read more stories about hacking, privacy, and surveillance? Subscribe to our pop-up ‘zine The Mail. The next issue is about hacking culture.