SecureMac, Inc.

U.S. officials say Iran was behind voter intimidation emails

October 23, 2020

Voters in several U.S. states have received threatening emails telling them to vote for incumbent presidential candidate Donald Trump, and vowing to “come after” them if they do not comply. U.S. officials now say that Iran was behind the emails, and that their goal was to create chaos and to undermine the legitimacy of the upcoming elections. 

In this short piece, we’ll tell you what we know about this threat, and give you some tips on how to protect yourself and others.

What was in the emails?

The emails targeted voters in several …

U.S. officials say Iran was behind voter intimidation emails

Voters in several U.S. states have received threatening emails telling them to vote for incumbent presidential candidate Donald Trump, and vowing to “come after” them if they do not comply. U.S. officials now say that Iran was behind the emails, and that their goal was to create chaos and to undermine the legitimacy of the upcoming elections. 

In this short piece, we’ll tell you what we know about this threat, and give you some tips on how to protect yourself and others.

What was in the emails?

The emails targeted voters in several states, including Florida, Alaska, and Arizona, and purportedly came from the Proud Boys, a right-wing organization that has engaged in violent street clashes with groups on the political left in the United States and Canada.

The subject heading of the emails read “Vote for Trump or else!”. The message itself addressed the recipient by name, demanded that they vote for Donald Trump on Election Day (saying that the sender would “come after” them if they did not), and included the recipient’s home address. Some people also received disinformation videos supposedly showing how mail-in ballots could be used to commit election fraud. 

Where did the emails come from?

Analysis of the emails revealed that they had been “spoofed”: made to appear as if they were coming from the Proud Boys organization in order to conceal their true origin. The emails’ metadata indicated that they had been routed through servers in Estonia and possibly the Middle East.

FBI Director Christopher Wray and Director of National Intelligence John Ratcliffe gave a press conference to address the issue, during which they singled out Iran as the culprit behind the voter intimidation email campaign. They added that both Iran and Russia had obtained U.S. voter information, and that the two countries were working to influence the election. Iran and Russia have denied the allegations.

It’s unclear why the government is so certain that Iran was behind this particular email campaign, but there is substantial evidence that foreign adversaries are actively attempting to compromise U.S. government agencies and influence the U.S. elections

How did they get voter data?

When federal authorities announced their belief that Iran was behind these emails, many people wondered how it was even possible for a foreign country to gain access to U.S. citizens’ voter information and home addresses.

However, much of this information is openly available, and thus could easily be used in a campaign of targeted email harassment. As election security expert Matt Blaze noted in a recent Twitter post:

“Voter registration data — including at a minimum name and address, and in some cases additional information — is publicly available legally…it is a trivial matter to combine public voter registration data with commercial databases to get email addresses and phone numbers for many voters, even if that might not have been included in the original voter database”.

In addition, malicious actors also have the option of buying what they need: The cybersecurity firm Trustwave recently discovered the voter registration information of 186 million Americans, along with other personal information, for sale on the dark web.

Does this mean the election has been hacked?

The “good news” is that the intimidation campaign that Iran is accused of is, as far as we know, only that: intimidation. It doesn’t mean that voting machines or databases have been hacked, or that anyone’s actual vote is at risk. 

As Blaze points out, because voter registration data is public, the fact that “…foreign actors have such data does not imply in any of itself that any systems were necessarily breached”.

During the press conference, FBI Director Wray stressed that the incident should not cast doubt on the basic security of the election, or on the legitimacy of citizens’ votes: “We’ve been working for years as a community to build resilience in our election infrastructure, and today that infrastructure remains resilient. You should be confident that your vote counts”.

What should you do about this?

According to Ratcliffe, the ultimate goal of these voter intimidation emails was to “cause confusion, sow chaos, and undermine [citizens’] confidence in American democracy.” 

In the lead-up to the election, here are three steps you can take to make sure that such efforts don’t succeed, and to keep yourself and others safe.

  1. 1

    Keep your cool

    If you receive an intimidating email, be aware that it may well be part of a mass disinformation campaign. Remember that since voter registration data is publicly available, there is not necessarily anything remarkable about a bad actor having access to your party affiliation or even your address. Such information is only included in threatening emails in order to make it seem as if the sender has privileged access to voting systems or to information about you in particular — but it’s nothing more than an intimidation tactic. Finally, keep in mind that one of the foundations of American democracy is the secret ballot: how you vote in a particular election is never associated with your name, and thus is not stored with your voter registration data. If anyone tells you that they’ll know who you voted for, they’re lying.

  2. 2

    Raise awareness

    If you follow cybersecurity news, you’re probably more skeptical than most when you receive an email, and you’re aware of the kinds of tricks that bad guys use in fraudulent emails. But other people in your life may not be as security-savvy as you, and if they were to receive one of these voter intimidation emails, it could leave them deeply frightened — perhaps to the point of influencing their actions. If you know someone like this, take a moment today to reach out to them and let them know what’s going on. Tell them that they shouldn’t be afraid if they receive one of these emails, and let them know that it’s OK to reach out to you if they need help. Remind them of the basic facts of the situation: these threatening emails aren’t truly personal, they’re just making use of public information to create that impression, and to cause chaos; and anyway, there’s no way for anyone to know who you voted for in an election.

  3. 3

    Report voter intimidation

    If you receive an email that seems to attempt voter intimidation or disinformation, report it to the authorities. The FBI has a list of local field offices that can help you find the most appropriate point of contact. By bringing the email to the attention of federal law enforcement, you can help give them a larger sample size as they work to understand how these campaigns are happening, and who is behind them. You will also be helping the tech companies whose platforms are being used to distribute these emails, allowing them to track down and block the accounts that are sending them, preventing them from spreading further.

Get the latest security news and deals