Those are numbers assigned to his tropo account (at $3/month per number for a Tropo production account); Tropo doesn't allow for sender spoofing on SMS.
I'm not sure why his company would run an internal SMS voting campaign, and not limit to phone numbers from the employee address book, but I'm guessing they'll start that pretty soon.
Yeah great point, I'm sure that's what they will start doing. Luckily the company is small enough that it's feasible to check against all employee phone numbers.