Emails threatening Florida voters to “vote for Trump or else!” linked to overseas servers

Dozens of voters in a heavily Democratic county in Florida and across several states reported receiving emails on Thursday appearing to come from a right-wing group threatening to “come after” them unless they vote for President Trump.

But an examination of the messages, now under investigation by state and federal authorities, shows they were sent via servers located overseas, raising questions about their origin amid concerns about voter intimidation just two weeks before Election Day. Early voting began in Florida on Monday.

Democratic voters in Alachua County, Florida, began receiving the email on Tuesday morning, and voters in Alaska and Arizona also reported receiving the message. It appeared to come from the right-wing group The Proud Boys, and showed a “from” address of “info@officialproudboys.com.” The Proud Boys has been designated a hate group by the Southern Poverty Law Center, a civil rights advocacy group.

“Vote for Trump or else!” the email’s subject line proclaimed.

“We are in possession of all your information (email, address, telephone… everything),” the message stated. “You are currently registered as a Democrat and we know this because we have gained access into the entire voting infrastructure. You will vote for Trump on Election Day or we will come after you. Change your party affiliation to Republican to let us know you received our message and will comply. We will know which candidate you voted for. I would take this seriously if I were you.”

While at first glance the email seems to come from an account under the domain of a website affiliated with The Proud Boys, a review of the source code embedded in seven emails shows the message originated from IP addresses linked to servers located in Saudi Arabia, the United Arab Emirates and Estonia.

The IP addresses don’t establish that the senders are based in those countries, since the messages could have been routed through the servers from nearly anywhere, according to Dmitri Alperovitch, the co-founder and former chief technology officer of cybersecurity firm CrowdStrike. He noted that the messages were sent via a “cloud infrastructure provider in Saudi Arabia called ‘Saudi Executive Cloud.'”

“It could be that they are simply relaying through this infrastructure,” Alperovitch told CBS News in an email. “In fact, given how this email was sent, using their web interface, that’s most likely the case — that the people behind this found a vulnerable server in Saudi through which they can route lots of emails.”

Alperovitch, who reviewed the source code from one of the emails, said that while the emails are sent through overseas servers, “there is no indication to suggest that it is a nation-state or otherwise foreign campaign.”

“These types of email campaigns are unfortunately trivial to execute for anyone with an internet connection and a just modicum of technical ability,” he said.

The website officialproudboys.com, first registered in 2017, was offline as of Tuesday, but archival versions show it was a pro-Proud Boys news site that sold merchandise promoting the group. Domain records show the site’s owner initiated a domain transfer to a new web host on Monday. The domain’s previous registrar, a company known as Ionos, did not respond to questions on Tuesday about the transfer or who might be behind the site.

Alachua County is home to the city of Gainesville and the University of Florida, making it a Democratic stronghold in a deep-red part of the state. The county voted for Hillary Clinton over Mr. Trump in 2016 by a margin of 58% to 36%.

How the sender connected the email addresses and voter registration status of the recipients was not immediately clear. But under Florida law, much of the personal information on voter registration forms — including birth dates, party affiliation, email addresses — is considered public record.

Two of the emails shared with CBS News included home addresses of the recipients. One of those recipients said the sender appeared to be relying on outdated information, as he had not been registered at that address for months.

Steve Orlando, a spokesman with the University of Florida, told CBS News that 183 people — students, staff and alumni — on campus received the email, and the university believes the account was “spoofed” to change the sender’s name. Orlando said the FBI is investigating the matter.

The Lawyers Committee for Civil Rights Under Law received numerous calls about the email through its elections hotline, with most coming from Florida and at least one from Arizona, Kristen Clarke, the group’s president and executive director, told CBS News. At least one man in Alaska also received the message and shared it with CBS News.

“While I am not intimidated by this scam looking email, my elderly mother very much was/is,” said Debi Martinez, an Alachua County resident who was among the voters who received the message.

The Alachua County Sheriff’s Office said it and the Alachua County Supervisor of Elections are aware of the email and are working with local, state and federal law enforcement partners to investigate the source of the message, which the elections office characterized as “voter intimidation.”

“We’re taking it seriously, going through the channels and treating it like obviously the serious thing that it is,” TJ Pyche, spokesman for the Supervisor of Elections, told CBS News. A spokesperson for the FBI’s Jacksonville office did not immediately respond to a request for comment. The Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency did not immediately return requests for comment.

Clarke said voters should be “on alert” for efforts to intimidate or discourage them from casting their ballots and said attempts to do so could be unlawful.

“These disinformation campaigns, robocalls, efforts to discourage voters, tend to pop up from time to time,” she said. “Our job is to make sure that we track down the source of these efforts and ensure that voters feel free to cast their ballot.”

The messages, which appear to be an attempt to intimidate voters in at least one crucial battleground state to support Mr. Trump’s reelection bid, come just two weeks before the general election.

While there was not any immediate indication that the emails were part of a state-sponsored interference campaign, national security officials have warned for months that the 2020 presidential election is a ripe target for foreign actors spreading disinformation online, reminiscent of Russia’s campaign to interfere in the 2016 presidential race.

In August, National Counterintelligence and Security Center Director Bill Evanina said the intelligence community assessed that Russia is actively working to “denigrate” Democratic presidential nominee Joe Biden and boosts Mr. Trump’s campaign, while China prefers the president loses his reelection bid.

On Sunday, Admiral Mike Rogers, the former head of the National Security Agency and U.S. Cyber Command, said he believes Russia is attempting to spread disinformation on social media and other mediums to sow confusion and discord, including by using false identities.

“What you’re watching the Russians do is really double down on the idea of using disinformation via social media and other paths to continue to polarize our nation, to incite violence, to incite hatred and to attempt to pull us apart,” he said in an interview on “Face the Nation.”

Alachua County was the target of a cyberattack launched by Russia’s military intelligence service, the GRU, in 2016, though the effort to gain access to the county’s election office through a phishing email was unsuccessful.

Below, WINK News Safety & Security Specialist Rich Kolko talks to Lindsey Sablan about what to do if you are the target of one of these threatening emails.