Estonian server pulled into U.S. elections struggle

Voters in the U.S. states of Alaska and Florida received menacing emails on Tuesday that urged them to vote for Donald Trump in the November presidential election. Metadata of the email address from which the emails were sent betrayed the server of Estonian publishing house Koolibri the security weaknesses of which were exploited by cybercriminals.

“We are in possession of all your information (email, address, telephone… everything). You are currently registered as a Democrat and we know this because we have gained access into the entire voting infrastructure. You will vote for Trump on Election Day or we will come after you. Change your party affiliation to Republican to let us know you received our message and will comply. We will know which candidate you voted for. I would take this

seriously if I were you,” New York Times reported the letters as saying.

The threatening email ends with the recipient’s email address and wishes them luck. Recipients of the menacing letters were largely Democratic Party members.

The letters suggest they were sent by alleged far-right group The Proud Boys as the sender’s address was info@officialproudboys.com. However, the letters’ metadata reveals the host address to have been vhost43553f0@avalik.koolibri.ee and the server ElkData.ee.

Estonia prepared to help out

The FBI and local Florida law enforcement have launched an investigation.

Press representative for the Estonian Police and Border Guard Board (PPA) Leana Loide said that the police will aid in the investigation any way they can. “The Estonian police have not launched criminal proceedings at this stage,” she added.

Head of the CERT-EE cyberincidents department of the State Information System’s Authority (RIA) Tõnu Tammer confirmed the incident happened. “We are in touch with the owner of the site and the host and offer them our help. We will be asking for additional information in order to determine who organized the attack and where and how many emails were sent,” Tammer said.

The expert added that it is too early to say how the incident happened. “RIA reminds owners of websites to regularly update software and make sure sites are set up correctly. Past cyberincidents have shown that sites sporting outdated software and the wrong settings can easily fall prey to criminals,” Tammer emphasized.

Number of letters unclear

The letters were allegedly sent to hundreds of U.S. voters and possibly a lot more.

The email threats reached hundreds of voters in Gainesville, Florida and Anchorage, Alaska. Mayor of Gainesville Lauren Poe described them as a brutal attempt to influence voters but added that citizens are not allowing themselves to be swayed.

The Alachua County sheriff in Florida warned people of the letter sent in the name of The Proud Boys and stressed it was a hoax. Christopher C. Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, made a statement in which he said that such letters spread misinformation about the secrecy of elections in the USA. “The secrecy of voting is guaranteed in all states. These emails underestimate the trust of voters in the confidentiality of voting,” Krebs wrote.

University of Florida computer science professor Kevin R. B. Butler described the technical level of the emails as poor.

“Naturally, such emails are disturbing at heart as they seem aimed at the supporters of the Democrats, but voter registration lists are quite easily accessible in Florida. It is not very difficult to get a voter’s name, address and party affiliation,” Butler said.

Leave a Reply