With 23 people in the race and PAC money, there are a lot of suspects!
There's a chance the calls themselves didn't come from any of the 23... (at least not directly)
As someone who works in a Sr. IT capacity for a company heavily involved in VOIP/SIP/PaaS services...I can say, definitively, that a lot of these spam calls/texts people are receiving these days (as well as many of the robo calls) are coming from 3rd party platforms that people use to attempt to obfuscate the identity of the source.
With 3rd party providers out there like Twilio, plivo, AWS, etc... and easy-to-find published lists of phone numbers... anyone with some bad intentions and mid-level .net and/or PHP programming skills could send out blast calls or texts to a large number of people (for not that much money) if they're just looking to cause trouble or stir the pot.
Point of reference...if you give me a flat file or csv file with a list of numbers, I could set up a simple .net console app that could blast calls or texts to the whole list in a matter of a few hours... The 3rd party API's make it quite simple.
If federal investigators are being called into look at it, then they should be able to get to the bottom of it.
3 months ago, me & my team had to assist (at the request of local-level law enforcement) in tracking down threatening VM's that were being sent.
Basically, the process was:
1) Getting the information from the SIP logs (that reveals the true source of the originating call/message, regardless of the number they were spoofing)
2) Using that information to identify the 3rd party platform it was coming from.
3) Working with our contact at that 3rd party company to determine the real phone number asset on their platform it was originating from.
4) They, in turn, were able to link that phone number asset to an account, and get the IP address of the person who had been logging into that account.
Luckily in that particular case, the person was dumb enough to log in from their home PC.
Had they been using some sort of VPN or Tor, or had opted to conduct their activities when logged into public WiFi at a coffee shop or connected to some random hotel's guest network in a parking lot, then things would've been a little trickier.
