The email landing in Capitol Hill inboxes was simple enough — a personalized note thanking congressional staffers for their service.
What wasn't clear was where it came from.
The March 12 blast was sent from a Yahoo email address containing the word "oriole," and was signed by Nick Ryan. It went to enough aides working for members of the House and Senate to generate buzz in the Capitol. But who really sent it? A source sent the message to CQ Roll Call. It reads:
Dear [Staffer's First Name],
I know that you get a ton of email and much of it probably complaints but I wanted to take a second and say thanks for what you do in [lawmaker's name] staff.
Staffers were wondering: Was the email some kind of phishing scam? Was it an honest note of gratitude from someone who happened to have access to a database of this many Hill email addresses? And who was Nick Ryan?
First, CQ Roll Call set out to determine whether this was an attempt to infiltrate the Capitol's cyber-infrastructure. According to the Senate Sergeant-at-Arms, an initial analysis of the email revealed no malicious content, but aides there were continuing to investigate. That made sense, considering the email didn't ask users to download anything or click on any links.
A search for the Yahoo email address yielded a single result: a Flickr account for "Firm Rein" with no postings and a blurry profile picture. Googling that name brought up law firms with no connection to Nick Ryan or the email address. A dead end.
Perhaps Nick Ryan had a connection to Capitol Hill? A Legistorm search turned up a former Hill staffer with that name. He once worked for former Rep. Jim Nussle, R-Iowa, and was a founder of the American Future Fund, a 501(c)4 organization. CQ Roll Call reached out to this Ryan, to ask if he was behind the emails.
Nope. And several House and Senate staffers he knew had asked him the same question when they received the mysterious email. Ryan said he wondered — while acknowledging he has a common name — if someone was trying to impersonate him. He found it strange enough to ask his IT consultant to look into it. It turns out the email came from a platform run by Vocus, a large public relations company that offers email marketing software. Ryan's lawyer also reached out to Vocus, voicing his client's concern about the email.
Now we were getting somewhere. CQ Roll Call asked Vocus about the mysterious message, but an employee who covers D.C. said the company had no record of the Yahoo email address in the customer database, and no record of anyone named Nick Ryan listed as an employee or customer. Another dead end.
In a last-ditch effort to find Nick Ryan's true identity, CQ Roll Call sent a note to the sender of the email, explaining the real Ryan was concerned the emails were sent in his name.
A reply came, with no signature attached.
"I sent the thank you emails as a thank you, just as you said!" the email read. "There's no correlation between myself and the former Hill staffer you mentioned. I definitely wasn't trying to impersonate anyone, so that was just a coincidence." It was signed, "Thanks!"
Something didn't add up. Had this person accessed the Vocus database? And what about that "oriole" email address linked to the Firm Rein Flickr account?
CQ Roll Call entered the name Firm Rein into Facebook. A man's page popped up, with a profile picture of someone in a Baltimore Orioles cap. Using social media and LinkedIn, CQ Roll Call identified Firmadge Rein as a senior account executive in government relations at Vocus.
A message left for Rein last week was returned by a Vocus spokesperson. Turns out the thank you note to Hill staffers was inadvertently sent as part of a training exercise, the spokesperson told CQ Roll Call.
“It was a training email that accidentally actually got sent out,” the spokesperson said. "The name Nick Ryan is not a real person. It’s an email account that [Rein] uses."
The real Nick Ryan also received a response from Vocus' general counsel, explaining he had nothing to worry about and that the email was sent to a "limited number of individuals."
"We investigated the matter, and we do not believe that any spoofing occurred," Vocus' attorney Kristie W. Scott wrote in the email, which Ryan shared with CQ Roll Call. "We determined that an email was sent to a limited number of individuals during a test of our system and just coincidentally was sent from a 'Nick Ryan.' ... This is not a standard testing procedure, and we have addressed that issue internally."
"But," Scott concluded, "we did not want you to waste time, effort and money, nor worry about a potential spoofing that might have malicious intent when that is not the case with this particular email."
The 114th: CQ Roll Call's Guide to the New Congress Get breaking news alerts and more from Roll Call in your inbox or on your iPhone.