Washington — Dozens of voters in a heavily Democratic county in Florida and across several states reported receiving emails on Tuesday purporting to come from a right-wing group threatening to "come after" them unless they vote for President Trump.
But an examination of the messages, which are now under investigation by state and federal authorities, shows they were sent via servers located overseas, raising questions about their origin amid concerns about voter intimidation just two weeks before Election Day.
Democratic voters in Alachua County, Florida, began receiving the email on Tuesday morning, and voters in Alaska and Arizona also reported receiving the message. Early voting began in Florida on Monday. The emails appeared to come from the right-wing group The Proud Boys, and showed a "from" address of email@example.com. The Proud Boys has been designated a hate group by the Southern Poverty Law Center, a civil rights advocacy group.
"Vote for Trump or else!" the email's subject line proclaimed.
"We are in possession of all your information (email, address, telephone… everything)," the message stated. "You are currently registered as a Democrat and we know this because we have gained access into the entire voting infrastructure. You will vote for Trump on Election Day or we will come after you. Change your party affiliation to Republican to let us know you received our message and will comply. We will know which candidate you voted for. I would take this seriously if I were you."
While at first glance the email seems to come from an account under the domain of a website affiliated with The Proud Boys, a review of the source code embedded in seven emails reviewed by CBS News shows the message originated from IP addresses linked to servers located in Saudi Arabia, the United Arab Emirates and Estonia.
The IP addresses don't establish that the senders are based in those countries, since the messages could have been routed through the servers from nearly anywhere, according to Dmitri Alperovitch, the co-founder and former chief technology officer of cybersecurity firm CrowdStrike. He noted that the messages were sent via a "cloud infrastructure provider in Saudi Arabia called 'Saudi Executive Cloud.'"
"It could be that they are simply relaying through this infrastructure," Alperovitch told CBS News in an email. "In fact, given how this email was sent, using their web interface, that's most likely the case — that the people behind this found a vulnerable server in Saudi through which they can route lots of emails."
Alperovitch, who reviewed the source code from one of the emails, said that while the emails were sent through overseas servers, "there is no indication to suggest that it is a nation-state or otherwise foreign campaign."
"These types of email campaigns are unfortunately trivial to execute for anyone with an internet connection and a just modicum of technical ability," he said.
The website officialproudboys.com, first registered in 2017, was offline as of Tuesday, but archival versions show it was a pro-Proud Boys news site that sold merchandise promoting the group. Domain records show the site's owner initiated a domain transfer to a new web host on Monday. The domain's previous registrar, a company known as Ionos, did not respond to questions on Tuesday about the transfer or who might be behind the site.
Enrique Tarrio, a Proud Boy leader, said Tuesday that the group wasn't involved, and that he didn't know who sent the emails. He said he's been in contact with the Alachua County Supervisor of Elections, as well as the FBI. Tarrio said he believes the emails were sent by "somebody that's not very fond of us."
"If somebody's trying to intimidate voters, they're probably successful, the damage is done to some people that aren't very media savvy, you know, like a 70-year-old that gets an email like this and is not going to go out to vote," said Tarrio.
In a statement on Wednesday, an FBI spokesperson declined to say whether the bureau is investigating the emails, but urged voters to report suspicious activity to the FBI's tip line.
"Though the FBI's standard practice is to neither confirm nor deny any investigation, we take all election-related threats seriously whether it is vote fraud, voter suppression, or threats from cyber or foreign influence actors," the spokesperson said. "The FBI Jacksonville Division is committed to supporting our election security partners throughout the state of Florida, and protecting our communities as Americans exercise their right to vote."
The Justice Department said through a spokesperson that it is "aware of reports that threatening correspondence referencing the current election have been delivered to residences in several states," while likewise declining to confirm or deny an investigation.
"Voter intimidation is entirely unacceptable," the department's spokesperson said. "If appropriate, the Department will prosecute any civil or criminal violation to the fullest extent of the law."
Alachua County is home to the city of Gainesville and the University of Florida, making it a Democratic stronghold in a deep-red part of the state. The county voted for Hillary Clinton over Mr. Trump in 2016 by a margin of 58% to 36%.
How the sender connected the email addresses and voter registration status of the recipients was not immediately clear. But under Florida law, much of the personal information on voter registration forms — including birth dates, party affiliation, email addresses — is considered public record.
Two of the emails shared with CBS News included home addresses of the recipients. One of those recipients said the sender appeared to be relying on outdated information, as he had not been registered at that address for months.
Steve Orlando, a spokesman with the University of Florida, told CBS News that 183 people on campus — students, staff and alumni — received the email, and the university believes the account was "spoofed" to change the sender's name. Orlando said the FBI is investigating the matter.
The Lawyers' Committee for Civil Rights Under Law, a group of attorneys dedicated to combating discrimination, received numerous calls about the email through its elections hotline, with most coming from Florida and at least one from Arizona, Kristen Clarke, the group's president and executive director, told CBS News. At least one man in Alaska also received the message and shared it with CBS News.
"While I am not intimidated by this scam looking email, my elderly mother very much was/is," said Debi Martinez, an Alachua County resident who was among the voters who received the message.
The Alachua County Sheriff's Office said it and the Alachua County Supervisor of Elections are aware of the email and are working with local, state and federal law enforcement partners to investigate the source of the message, which the elections office characterized as "voter intimidation."
"We're taking it seriously, going through the channels and treating it like obviously the serious thing that it is," TJ Pyche, spokesman for the Supervisor of Elections, told CBS News.
A spokesperson for the Cybersecurity and Infrastructure Agency said it is aware of the reports of the "threatening emails" sent to voters.
"While we are looking into the emails, we can tell you this: your vote is secret," the spokesperson said, directing voters to a "Rumor Control" page on the agency's website.. "These emails are meant to intimidate and undermine American voters' confidence in our elections. Don't fall for sensational and unverified claims."
Clarke said voters should be "on alert" for efforts to intimidate or discourage them from casting their ballots and said attempts to do so could be unlawful.
"These disinformation campaigns, robocalls, efforts to discourage voters, tend to pop up from time to time," she said. "Our job is to make sure that we track down the source of these efforts and ensure that voters feel free to cast their ballot."
The messages, which appear to be an attempt to intimidate voters in at least one crucial battleground state to support Mr. Trump's reelection bid, come just two weeks before the general election.
While there was not any immediate indication that the emails were part of a state-sponsored interference campaign, national security officials have warned for months that the 2020 presidential election is a ripe target for foreign actors spreading disinformation online, reminiscent of Russia's campaign to interfere in the 2016 presidential race.
In August, National Counterintelligence and Security Center Director Bill Evanina said the intelligence community assessed that Russia is actively working to "denigrate" Democratic presidential nominee Joe Biden and boosts Mr. Trump's campaign, while China prefers the president loses his reelection bid.
On Sunday, Admiral Mike Rogers, the former head of the National Security Agency and U.S. Cyber Command, said he believes Russia is attempting to spread disinformation on social media and other mediums to sow confusion and discord, including by using false identities.
"What you're watching the Russians do is really double down on the idea of using disinformation via social media and other paths to continue to polarize our nation, to incite violence, to incite hatred and to attempt to pull us apart," he said in an interview on "Face the Nation."
Alachua County was the target of a cyberattack launched by Russia's military intelligence service, the GRU, in 2016, though the effort to gain access to the county's election office through a phishing email was unsuccessful.
Andres Triay and Clare Hymes contributed reporting.