The Trump administration’s top U.S. intelligence chief blamed Iran late Wednesday for sending threatening emails to Democratic voters in Florida this week that were made to appear to come from the violent, far-right group Proud Boys. The emails directed voters to cast ballots for President Donald Trump or “we will come after you.”
The Director of National Intelligence, John Ratcliffe, said during a hastily arranged Washington news conference that Russia and Iran were already attempting to interfere with the presidential election and had gained access to information about registered voters that is otherwise publicly available. He blamed Iran for the emails sent to Democrats across Florida just a day earlier.
“We have already seen Iran sending spoofed emails designed to intimidate voters, incite social unrest and damage President Trump,” Ratcliffe said. “You may have seen some of this in the past 24 hours, or you may even have been one of the recipients of those emails.”
The disclosure in Washington was stunning: U.S. spy agencies are famously reluctant to admit publicly what they have learned about the espionage activities of hostile nations to avoid tipping them off, and the Trump administration so quickly blamed Iran – without revealing any evidence – only about 36 hours after Democrats had received the emails.
Ratcliffe and FBI Director Chris Wray did not answer questions after the announcement in Washington. Authorities had said Tuesday the FBI was investigating.
Earlier Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency had warned that election-related emails can be forged to look like they came from someone else.
The chairman of the Proud Boys, Enrique Tarrio of Miami, had quickly said his group was not responsible for the email threats. “It’s just crazy that a regular group of dudes are part of pretty much an international cyber war at this moment,” Tarrio said in an interview Wednesday night.
It was not clear why Ratcliffe said the effort was intended to damage Trump, since the emails directed Democrats to vote for Trump, unless Iran was attempting to stoke a backlash against the Proud Boys, who have steadfastly supported the president, or generally trying to undermine U.S. confidence in America’s democracy under Trump.
Iran is well known among U.S. intelligence agencies for its sophisticated cyber operations.
Hundreds of registered Democrats had reported receiving the emails across Florida and in Alachua County – one of only nine counties in Florida where Trump lost in 2016 and home to the University of Florida campus.
Florida – where Trump and Vice President Joe Biden are running close in political polls – is crucially important in the upcoming presidential election. Every vote will be important.
In the email, the perpetrators ominously claimed to have “gained access into the entire voting infrastructure,” but that boast appeared exaggerated: Thousands of registered Democrats in Florida include their email addresses and phone numbers in the state’s voter registration records, which are publicly available to anyone who requests them.
The email also warned recipients by name that the group knew their address, email address, telephone number and “everything” – however, those details are included in the same voter registration records.
“We will know which candidate you voted for,” the email said, though ballot selections are secret under Florida law. The email directed Democrats to change their party affiliation to Republican “to let us know you received our message and will comply.”
Attempting to threaten or intimidate voters in federal elections is a federal crime punishable by fines and up to one year in prison.
The routing information inside the threatening emails traced back to a computer server in Saudi Arabia. The message was created on a management interface common on older web servers with known software vulnerabilities that render them accessible to hackers.
The emails were made to appear they were sent from a computer server associated with the officialproudboys.com internet address, but control over that account – which was originally created in March 2017 – was changed Monday night, according to internet records. That website was offline by Tuesday afternoon.
This story was produced by Fresh Take Florida, a news service of the University of Florida College of Journalism and Communications. The reporter can be reached at firstname.lastname@example.org