SBN

“Proud Boys” Emails Are Bogus

email icon

Recent news reports tell of people receiving threatening emails about the election. The particular emails claim to be from the “Proud Boys” right wing people, threatening the recipients unless they re-register as Republicans and vote for Trump. The email contains the recipient’s name, street address, and email address.

This is not a real threat. This is the simplest and lowest form of spam. I’ll explain why by answering some questions I’ve heard:

  • Are individuals really being threatened?
  • Does this mean the Proud Boys are sending the emails?
  • Were the Proud Boys hacked?
  • Is this the overseas hack that the FBI and DNI gave a briefing about today?
  • Did the hackers collect voter registration rolls by hacking voter registration databases?
  • Can we tell who really sent these emails?

I would answer most of those “Probably not,” except the FBI-DNI briefing. Here’s the text of the email:

Bogus "Proud Boys" threatening email

Are individuals really being threatened?

Hundreds of emails have been reported, so thousands were probably sent. This was not a gun nut with a grudge who personally emailed people he heard about. This was an industrial operation. The email’s personalized contents were filled in automatically from a database containing thousands of names, addresses, and emails.

This is like an email from the bank that says your account is locked, and you must click this link to unlock it, or all your bill payments will be rejected. Sometimes it’s obvious, like when you don’t have an account at the named bank. In this case, it’s not obvious because lots of people are registered voters.

Were the Proud Boys sending the emails?

They claim they did not send the emails. It takes very little technical skill to send emails with a forged “From” address. I have written other articles about this.

Were the Proud Boys hacked?

You don’t need to control the Proud Boys email to use their email domain in a forged email. But the domain could have been used. Reporting in the Washington Post notes that the Proud Boys domain is not currently connected any Internet services. They quoted a member of the group saying that they were moving the domain between Internet vendors. The domain may have been vulnerable to abuse during the transfer process.

The FBI-DNI election hack briefing

The Director of National Intelligence gave a briefing on recent election-hacking activities blamed on Iran and Russia. While the briefing did not specifically refer to the Proud Boys email, reporting in the Washington Post ties the briefing’s contents to those emails.

Was voter data stolen from local registration databases?

Voter registration information (especially mailing addresses) has been the bread and butter of political campaigns for at least a century. Every city, county, and state will provide these lists to bona fide candidates for office, and possibly to others as well. Current lists probably include party affiliation and email addresses.

If “voter rolls” were indeed stolen, they were most likely stolen from candidates’ campaigns. Most campaigns are too busy and too cash-strapped to attend to cybersecurity.

It’s also possible that the address lists aren’t voter rolls at all. They might be mailing addresses with matching email addresses that target areas that didn’t vote for Trump in the last election.

Can we tell who sent this email?

People have reviewed the email headers for hints of where they originated. They trace back to several countries. According to CBS News, several emails were sent from an Internet cloud service in Saudi Arabia, while others came from Estonia and the United Arab Emirates. (Here is how you can trace the route of an email).

Unfortunately, this doesn’t really identify the emails’ origins. It is easy to establish an email account in another country and send emails through that country. Capable hackers could also break into email accounts in other countries and use them to forward their spam.

The Bottom Line

The point of this exercise was to sow confusion and distrust in our voting system. Such emails have nothing to do with our voting system. They use some of its information to intimidate people, but it’s like a chain letter that threatens bad luck if you “break the chain.” And I don’t believe in chain letters.


*** This is a Security Bloggers Network syndicated blog from Cryptosmith authored by cryptosmith. Read the original post at: https://cryptosmith.com/2020/10/21/proud-boys-emails/