Under attack, emails show Rounds Senate campaign sought to out anonymous Twitter trolls

It was 8:15 a.m. when Mitch Krebs sent an email that went to fellow staffers on the Mike Rounds for Senate campaign.

Krebs, a former TV newsman for KSFY, was working as the campaign’s press secretary. The day was Wednesday, Nov. 6, 2013.

“Did we catch our rat?” he asked.

Though Rounds, a former two-term governor, was heavily favored in the upcoming Republican primary for U.S. Senate, his campaign was rattled. It was being battered by a continuous stream of abusive attacks on Twitter. The people behind the Twitter accounts were anonymous. The most prominent, @RinoMikeSD, sent out a daily stream of messages attacking Rounds for being a liberal, or a Republican in name only. The account had also gotten personal with attacks against Rounds staffers.

The Rounds team, which included current Sioux Falls mayoral candidate Paul TenHaken and Jason Glodt, the manager of Marty Jackley’s 2018 campaign for governor, wanted to know who was behind the Twitter accounts. They devised a scheme to bait the users into unwittingly divulging their identities. The scheme also included a team from Dakota State University, which has a top cybersecurity program that feeds graduates to national intelligence agencies.

Krebs, referring to the rat, wanted to know if the operation had been a success.

The Argus Leader obtained emails from staffers that offer a rare, behind-the-scenes look at a campaign grappling with unknown adversaries. Two years before legions of fake Twitter accounts thought to be linked to Russia spewed false news and divisive attacks in the 2016 presidential election, the Rounds team struggled to determine who was attacking its campaign.

It was a portent for what would come two years later in the presidential campaign and what is expected in this year’s election. Last month, Dan Coats, the director of national intelligence, warned the Senate Intelligence Committee that Russia would try to spread discord in the upcoming House and Senate elections.

As technology advances in leaps and bounds, campaigns can struggle to keep up. The last time Rounds had run in a statewide campaign, in 2006, Twitter was only a few months old. By 2014, Twitter had become a popular social media destination for activists, political insiders, members of the media – those whose opinions could be influenced by a sustained Twitter campaign.

Glodt declined to discuss the events of the 2014 campaign, citing his work as the campaign’s lawyer. But he said social media is being used in the current campaign for South Dakota governor to sway public opinion. He cited two online polls conducted on Facebook this month by the Black Hills State University Republicans and the South Dakota State University Republicans in which users were asked to vote for their favorite candidate: Jackley or Rep. Kristi Noem.

Jackley, Glodt said, led both polls, which started March 1. But late on the last day of voting, March 7, Noem suddenly surged to a lead. In the Black Hills poll, more than 150 fake Facebook accounts, many with Eastern European names, registered votes for Noem. An hour later, about 250 fake Facebook accounts – this time with Western names – voted for Noem.

Glodt said that vendors sell fake Facebook profiles that can be used in such votes.

“We can’t prove that it was the [Noem] campaign versus a supporter, but somebody is doing it,” he said.

“People look at these polls, and they don’t realize they are rigged,” he added.

Justin Brasell, Noem’s campaign manager, said it was the first he’d heard about the polls being rigged.

“We don’t do Facebook polls or online polls and don’t believe in them for that type of situation,” he said.

Plan emerges to identify

In the 2014 campaign, the anonymous Twitter accounts had a dual purpose: Drag down Rounds in the eyes of conservative voters while driving those conservatives to support other candidates. Besides @RinoMikeSD, there was @StandWithStace, @RinoWarCollege and others of unknown provenance that popped up during the campaign.

Prior to the primary election, the chief beneficiary of the Twitter attacks on Rounds was Stace Nelson, a state lawmaker from Fulton who ran to the right of Rounds with support from Tea Party activists. In an interview this month, Nelson said he didn’t know the identities of the people behind the accounts who were hyping his candidacy.

“I was getting a lot of encouragement,” he said.

On the morning that Krebs inquired about catching the rat, the operation to demask the author or authors behind @RinoMikeSD was well underway. TenHaken’s company, Click Rain, had been hired by the campaign to run digital operations.

The emails obtained by the Argus Leader show that TenHaken was working with Pat Powers, a conservative blogger prominent in political circles. On Nov. 3, TenHaken sent an email to members of the Rounds campaign, including Glodt, Krebs and Rob Skjonsberg, the campaign manager.

More: Mayoral hopefuls promise to deliver a more open, transparent Sioux Falls City Hall

“FYI . . . Pat and I are working on a plan to bait RinoMike into giving up is [sic] IP address,” TenHaken wrote. “Details are below, and we hope to carry it out this week. Will keep you in the loop.”

The plan called for baiting the Twitter users into clicking on a link that would route them to a server that the Rounds campaign had access to. It would have provided them access to the IP address, a unique identifier that could pinpoint where the user was and, with a bit of extra research, identify the users.

TenHaken declined to comment for this story.

“In 2014, Click Rain was contracted by the Rounds for Senate campaign to dig into some libel/slander against various parties,” he said in an email. “I would be breaking my former client's trust by commenting on your story.”

Krebs also declined to comment. Powers did not respond to interview requests.

Skjonsberg, who is currently Rounds’ chief of staff, said the campaign found itself in uncharted territory.

“We had all kinds of crazy things going on,” he said. “2014 could be a case study.”

The campaign considered legal action. Ultimately, Skjonsberg said they made a decision to try to discover the identities of those behind the attacks. It would have been imprudent, he added, for the campaign not to make that attempt.

“The problem is, you don’t know if the person on the other side is next door or across the Pacific,” he said.

“There’s a reason this stuff is going on,” he added. “It’s to change opinions through anonymous attacks.”

Ethics of 'doxing'

But the campaign, in attempting to capture personal information and potentially broadcasting it to the world – an action known as doxing – was also running up against a blurry ethical line.

Since 2014, doxing has become controversial, as Internet sleuths have used public records to identify people on social media, exposing them to potential abuse.

Steve Holmes, an English professor at George Mason University who specializes in writing and rhetoric and digital media, said the ethics behind doxing are complex. There is no hard and fast rule about whether it is ethical or unethical.

“You almost have to take it on a case-by-case basis,” Holmes said.

Doxing has been used to identify white supremacists. It was used in the #MeToo movement, in which women accused men of sexual harassment and institutions of harboring sexual harassers. It was used to identify women software engineers who complained about the video game industry.

More: 'Pay to play' questions emerge in South Dakota governor's race

In all of those cases, the doxed subjects were abused on social media. Some lost jobs. And in some cases, innocent victims were wrongly doxed. But in some quarters, doxing is a form of internet justice. In others, it’s internet vigilantism.

For a political campaign, said Holmes, it’s one thing to want to identify whether a single user is behind several accounts and ban that IP address, and another thing to broadcast personal information that could expose an individual to abuse.

“It’s really hard to say all doxing is good and all doxing is bad,” Holmes said.

The operation

On Nov. 5, 2013, TenHaken emailed an update.

“Ok . . . . we have all the pieces in place now. Today, we are going to bait @rinomikesd, @standwithstace, and @rinowarcollege into giving up their IPs,” he wrote. “The key will be getting them to click our links from their desktop computers and not from their mobile (which we cannot track). So, we are going to send out the link bait at times when we see them active today. I will let you know what we come up with.”

The next morning, Krebs asked if they had caught the rat.

TenHaken responded that they had a list of seven or eight IPs. But he wasn’t hopeful. The IPs appeared to be coming from a proxy server, which would mask their identities. Still, there was a chance.

“Our next step is to turn over all the intel we have to the DSU team and turn them loose,” TenHaken wrote. “I have a call with them next week to discuss.”

It’s unclear who comprised the DSU team. Skjonsberg said TenHaken handled that end of the operation. He added that, to his knowledge, no campaign funds were used to pay the team.

Jane Utecht, a DSU spokeswoman, said the current dean of the Beacom College of Computer and Cyber Sciences, Richard Hanson, was not at the school in 2014. In an email from Hanson that Utecht forwarded, Hanson said: "Our office has heard nothing of such an effort and no one has mentioned such an event to me."

Regardless, it was clear that @RinoMikeSD was getting under the skin of Rounds’ aides.

Glodt responded later that morning to TenHaken’s email.

“If Paul can’t get it done, I will personally sue RinoMike for slander which should allow me to subpoena twitter [sic] records,” he wrote. “He crossed the line with his post this morning. I will also sue on behalf of Pat Powers.”

Ultimately, the DSU team failed.

But six months later, Argus Leader reporter David Montgomery fingered a likely culprit when he noticed that a Democratic operative who had once worked for Sen. Tim Johnson had sent out a Tweet on his personal account that had all the markings of a @RinoMikeSD Tweet. Montgomery captured a screenshot of the Tweet seconds before it was deleted.

“It’s a common mistake for people who run more than one Twitter account to accidentally post a message from the wrong one,” Montgomery wrote. “I’ve done it myself, and caught others doing it.”

What happened in 2014, Skjonsberg said, has blown up in scope, and social media has added a new level of viciousness to the process. It’s not something he appreciates, with the potential for a Rounds reelection campaign in 2020.

“The social media age is turning people into Jekyll and Hyde,” he said. “The things people say electronically, they would never say face to face.”

“I’m not ashamed of what we did,” he added. “I’d do it again, under the right circumstances.”