I got a spammy email today from a Dr. Annette Bosworth for U.S. Senate. It was interesting, because the email arrived in a private email account that was created specifically for the purpose of tracking the use of that email address. The address was only used to create a user account on Adobe.com.
Since no one but Adobe.com (and the email forwarding/tracking service) had this email address, I haven’t been able to think of a way that Bosworth’s senate campaign could have gotten it except by somehow (indirectly) acquiring email addresses from the recent hacking of Adobe.com when the account information from over 150 million of their customers was stolen.
I checked whether that email address had been affected in the Adobe incident and the answer was yes, according to LastPass:
Here’s the email that I received — low-substance, political nonsense that seems kind of funny considering her enthusiasm for Che Guevara:
Honestly, who acts like this?
This is my first run for political office. I am a doctor, not a career politician, but I just couldn’t sit on the sidelines and watch what is happening to our great nation any longer.
I have always stood up for what I believe in. The first time I stood up to a bully I was 7 years old.
Today, the biggest bully I see is the federal government. I grew up on a working farm in Plankinton, South Dakota. I am a doctor who works with the elderly and the poor. The clinic I own is a small business. In every area of work and life, there is just too much government interference.
Being a doctor, I understand how unfair and harmful Obamacare really is — and I have vowed to repeal every single word of it. I also pledge to cut taxes, defend the second amendment, and to protect the unborn.
Washington, D.C. insiders don’t want to see people like you and me change their way of doing business.
Change is possible, but it takes effort from all of us.
I am fighting for that change against an establishment insider with millions of dollars, much of it PAC money from special interest groups.
My opponent has so much PAC money, he can afford to be wasteful – and he is. Just this week, he produced a slick advertisement for TV that didn’t even feature voters from the state of South Dakota. And when he was caught, he didn’t even apologize — he just threw the advertisement away.
That’s not how I do things.
I am a fiscal conservative. I promise that if you donate now, your hard earned donation will be used in a responsible way to fight big government and wasteful spending. I need your help to get there. Will you join me?
Absentee ballots in South Dakota are mailed out this month and that’s when voting begins – will you chip in $5 or more today?
The donation you make today will help us get our message to voters.
Dr. Annette Bosworth
To unsubscribe please click here
Dr. Annette Bosworth
2601 S. Minnesota Ave, Suite 105-129, Sioux Falls, SD, 57105
Paid for by Dr. Annette Bosworth for U.S. Senate
Contributions to Bosworth for US Senate are not tax deductible
Email not displaying correctly? View it in your browser
Powered by Hairyspire
I couldn’t find any software called Hairyspire and the links went to 2bits.co, which has the same logo as 2bits.com, a respectable Drupal development company in Canada. The campaign website doesn’t appear to be structured like a Drupal site, so I’m not sure what to make of that.
UPDATES: According to this comment, Hairyspire may be a pirated version of Interspire email software. According to someone at 2bits.com, 2bits.co is not related to 2bits.com even though it was using the 2bits.com logo yesterday. Here’s a screenshot from 2bits.co when it appeared to be actively impersonating 2bits.com:
So it appears that, not only did my email address probably come from the hacked Adobe.com list, but the email software might be pirated, and the sender appears to be trying to disguise itself as a different Internet company. (I have a lot of respect for the real 2bits.com company. They build great Drupal modules.)
I did find another blog post complaining about the spam with some other research about the origin of the emails:
The spam originates from two18.2bits.co (220.127.116.11) and spamvertises a site at marketer.2bits.co (18.104.22.168). Both these IPs are allocated to Limestone Networks in the US, but are suballocated to a customer called Joseph (Joey) Burzynski of ResistedNormalcy LLC and/or MarketKar.ma in Dallas. The email is digitally signed for the domain bosworthcampaign.com which has hidden WHOIS details.
ArgusLeader.com covered the Bosworth campaign’s attempts to raise money:
Of course, sending out as many letters as Bosworth has is expensive. From January through March, Bosworth spent $523,000 on direct mail and fundraising, while accumulating another $450,000 in fundraising and direct mail debt.
…”We’ve spent a little over $672,000 getting Annette Bosworth’s name out there and getting people to know who she is, and it’s working,” Patrick Davis said. “Her name ID is up, and her favorability is up.”
It appears that somewhere and somehow along the way, they might have acquired some email addresses from that leaked list of hacked Adobe.com accounts. Obviously, they aren’t the ones that hacked Adobe.com, but there is a possibility that in their quest to reach an audience, they weren’t careful enough about where they got their email lists.
If you received emails from the Annette Bosworth campaign, check to see if your email address came from the hacked Adobe.com list (or Gawker or another data breach incident), and then leave a comment below.
UPDATE: there is more information in the comments below.