Threatening Voter Emails Included Highly Suspicious ‘Hacking’ Video

The video, included in emails spoofed to be from the ‘Proud Boys,’ shows an alleged hacker obtaining voter data and using it to print a ballot, but the scheme is unlikely to be successful.
October 21, 2020, 6:40pm
Screenshot of the video
Screenshot of the video

On Tuesday, an unknown number of Demoratic voters in Florida, Arizona, and Alaska received a threatening email urging them to vote for "Vote for Trump or else!" 

"We are in possession of all your information," the email read. "You are currently registered as a Democrat, and we know this because we have gained access into the entire voting infrastructure. You will vote for Trump on Election Day or we will come after you. Change your party affiliation to Republican to let us know you received our message and will comply. We will know which candidate you voted for. I would take this seriously if I were you. Good luck."

The emails, as Motherboard reported Tuesday, were spoofed to appear that they came from the Proud Boys, a violent far-right group. Proud Boys claimed to have nothing to do with the emails.

One of the people who was the target of this email campaign received a second, identical email that also contained a link to a video, which was uploaded to the cloud file sharing website Orangedox. The video seems to be an attempt to scare voters into thinking that this goes beyond an email-related intimidation campaign and is an organized effort to disrupt the mail-in ballot portion of the election. The strategy shown in the video appears to be similar to a version of a scheme laid out by 4chan earlier this week that Motherboard has already debunked as a serious election threat. 

Election experts say that the strategy shown in this video is a fear mongering tactic that shows a method of manipulating votes that will not work, and is likely intended to undermine faith in the electoral process. Motherboard is not publishing the video because it contains some voters' personal information and it is also a propaganda video designed to intimidate voters.

"This is just bullshit fear mongering"

The two-minute video plays over an instrumental of Metallica's "Enter Sandman." The video opens with footage of President Trump during a previous press briefing, in which he says, "I think that mail in voting is a terrible thing." The video then immediately cuts to a logo with the Proud Boys name. The video shows a screen recording of an alleged hacker scrolling through what they present as voter data. They do this in part with a tool called sqlmap, an established tool for taking advantage of vulnerabilities in websites, often to extract data. The alleged hacker then uses some of the information contained in the databases to access the website of the Federal Voting Assistance Program, and then prints out a Federal Write-in Absentee Ballots (FWAB) as a PDF document.

FWAB ballots are described by the government as "emergency backup ballots" for military members and citizens who live overseas and did not receive mail-in or absentee ballots from their states. Election experts say this is designed to make voting easy, that FWAB ballots are only used as a matter of last resort, and that other types of ballots supersede FWAB ones. Also, only certain people qualify for FWAB ballots.

"FWABs are typically ballots of last resort, and if any other ballot has been submitted by the voter, they trump the FWAB," Matt Bernhard, a cybersecurity researcher who works for the elections security non profit VotingWorks, told Motherboard in an online chat. 

Do you work on election security? Do you do vulnerability reserch on voting machines or ssystems? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wire/Wickr @lorenzofb, or email lorenzofb@vice.com. You can contact Joseph Cox on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com

At the end of the video, the person controlling the computer shows that they have several folders labeled with the name of American states, and shows files that are supposedly mail-in ballots PDFs they downloaded. It's impossible from the video to know whether these files actually contain ballots, and whether the folders all contain files or not.

Ben Adida, the executive director of VotingWorks, said that it's possible to do what the video shows, "but this attack is detectable and comes with very harsh penalties [for voter fraud]."

"This is just bullshit fear mongering," Bernhard said. "First of all, showing us a bunch of files in a file system doesn't prove anything. second of all, the databases shown are quite possibly ones that are publicly available anyways, or that have been posted to dark web sites after leaks." 

Gregory Miller, a cybersecurity expert and one of the founders of the Trust the Vote Project, also found the video to be suspicious.

“There are lots of reasons to believe this is misinformation as much as anything. As we’re looking more closely, the maneuver they’re taking to ‘suggest’ they are hacking into voter information stores appears to be lots of smoke and mirrors, if you will. In other words, it appears on closer inspection to be a hoax of its own,” he said in an email.

screenshot-video.jpeg

A screenshot of the video contained the a threatening email seen by Motherboard.

The video also shows data that includes names, email addresses, physical addresses, phone numbers, and redacted Social Security Numbers—all types of data that may be publicly available.

Bernhard explained that the ballots shown in the video are federal absentee ballots that have to be signed, and then physically mailed for them to count as votes. 

"Unless they're going to figure out a way to forge thousands of signatures, that ain't gonna work," Bernhard said, adding that it would require a lot of effort to print all the ballots, forge hundreds or thousands of signatures, and then mail them out.

There is no convincing indication that the alleged hacker is using sqlmap to break into any website or server that may be hosting such data. It is possible to use sqlmap locally; that is, not point the tool to a remote website, and instead interact with files stored locally. 

Michael Patterson, who was named in some of the data, told Motherboard that the information included in the video was accurate.

“That is pretty crazy. So, if I understand it correctly, they are sending emails to people telling them to vote for Trump and some of the emails contain a video proving that they have personal information? If some fascists want to show up to my house, I feel bad for them. I am a combat veteran and a communist, it wouldn’t go well for them,” he told Motherboard in an email.

There are few clues about who made this video. Metadata for the video does not seem to show anything that could be used to help identify who made it.

A few hours after a source sent Motherboard the video, the file was removed from the sharing site Orangedox. It is not clear if the user deleted it, or if Orangedox itself did so. Motherboard archived a copy of the video before it was removed.

Chad Brown, CEO of Orangedox, said the company's privacy policy prevented him from sharing information unless contacted by a law enforcement agency. Orangedox would then provide the agency with all necessary information on the user account.

"We don't make any copies of the files that our users post," Brown added.

The video and the viral 4Chan post instructing people to attempt to disrupt the mail-in voting process is similar in that election security experts agree that both pose very little risk, but give the appearance that impropriety is possible in the mail-in vote despite the risk being very low.

The FBI did not immediately respond to a request for comment on the video itself. On Tuesday, local media reported that the FBI was investigating the threatening emails more generally.

(Disclosure: Gavin McInnes founded the Proud Boys in 2016. He was also a co-founder of VICE. He left the company in 2008 and has had no involvement since then.)

Would you like to read more stories about hacking, privacy, and surveillance? Subscribe to our pop-up 'zine The Mail. The next issue is about hacking culture.