UPDATED 23:28 EDT / OCTOBER 29 2020

wisconsin SECURITY

$2.3M stolen from Wisconsin Republicans in phishing attack

Hackers have stolen $2.3 million form the Republican Party of Wisconsin following a phishing attack.

The phishing attack was detected Oct. 22 and involved those behind the hack obtaining the funds through doctored invoices under the name of Wisconsin GOP vendors. The hackers altered invoices so that when they were paid, the money did not go to the vendors but to the hackers instead.

The U.S. Federal Bureau of Investigation was contacted Friday, Oct. 23, and has launched an investigation into the theft of the funds.

The Associated Press reported Wednesday that the funds stolen were meant to be used to reelect President Donald Trump. The President won the state by fewer than 23,000 votes in 2016, with polls showing a tight race in the state for the forthcoming election.

Whether the theft of funds was politically motivated or simply opportunistic is unknown at this stage.

“It may be partisan in that the cybercriminals behind this attack may prefer one party over the other (though it’s not clear which party is advantaged here) and we can be sure it will get twisted to partisan ends,” Tom Pendergast, chief learning officer at cybersecurity education firm MediaPro Holdings LLC, told SiliconANGLE. “However, the way we respond to it should not be partisan. Making voting and email and digital transactions and the internet safe for everyone should be an issue we can all get behind. No one gains from cybercrime and no one gains from election fraud if what we ultimately care about is a stable democracy.”

Hank Schless, senior manager, security solutions at mobile security solutions company Lookout Inc., noted that with Election Day drawing closer, campaign staffers are relying heavily on their smartphones and tablets.

“SMS, social media and third-party messaging platforms are three of the most popular platforms threat actors use to socially engineer targets into falling for phishing attempts,” he said. “It’s gone so far as the DNC warning campaign workers against social engineering through dating apps in a statement issued earlier this year.”

Ken Liao, vice president of cybersecurity strategy at email security platform provider Abnormal Security Corp. said political candidates, their staffs and the organizations they work with will always be targets for malicious actors.

“Email-based attacks – and more specifically attacks perpetrating invoice fraud – are one of the more common methods used by hackers to gain access to sensitive information,” Liao said. “As we get closer to the election, attackers will count on the fact that staffers will be busier and stretched thin, making it easier to induce a security lapse. All it takes is one errant click from a single member of a campaign’s staff.”

Photo: Jeff Brunton/Wikimedia Commons

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.