When the Wisconsin Republican Party announced this week that hackers had stolen millions of dollars from its account – funds destined for President Trump's re-election – Oren Falkowitz was not surprised.
Falkowitz, a former NSA hacker who now runs cybersecurity firm Area1, says the record campaigns of the campaigns in this cycle – and the campaigns' habit of boasting about the money they raise – made them a prime target for cyber criminals to have. He particularly points out the popularity of the respective fundraising platforms of the Democratic and Republican parties, ActBlue and WinRed, as well as tweets like this:
WinRed: Zero to 1,000,000,000 USD in 15 months !!! https://t.co/5jxqJwhT49 pic.twitter.com/7Q0jVXygPJ
– WinRed (@WINRED) October 12, 2020
In the case of the Wisconsin GOP theft, it is not clear how the hackers stole the money. Party chairman Andrew Hitt told the Associated Press the incident began with a phishing attack that allowed the hackers to pose as salespeople. The party then paid $ 2.3 million in bills from the fake vendors and wiped out much of their coffers.
The Wisconsin GOP didn't respond to a request for more details about the attack, but Hitt's description suggests that the hackers likely took over legitimate vendors' email accounts and tricked party officials into paying the bills.
In his comments to the AP, Hitt also said he was unaware of any other state GOP groups that have been affected by similar attacks – a claim that Falkowitz believes is unlikely
"Everyone is a 'target'. To say that you are unaware of the people or organizations being targeted is to be completely unaware of the threat in cyberspace," he said.
According to Falkowitz, lax email security is what makes such phishing-based scams possible. And while anti-phishing software can help spot such scams, many in the political world don't use them. A recent report from Area1 found that few of the hundreds of election officials polled used anti-phishing tools, and many said they did business with their personal emails.
While hackers posing as salespeople pose a threat to political campaigns, Falkowitz warns that criminals can also take over email from party officials to solicit money from ActBlue or WinRed.
Both ActBlue and WinRed offer plug-and-play donation tools for candidates and related political issues that make it easy for them to add a "Donate" button to their websites. The platforms collect contributions from millions of small donors and then transfer money to the various candidates and groups. And while they work to protect their own operations from hackers, they see campaigning security as the role of national parties.
“It is standard for groups of our size and type to see phishing attacks attempted on a regular basis. We have a number of technical protective measures and regularly train employees on this topic. We are not aware of any successful attacks, ”said an ActBlue spokesman, who described campaign security as“ not in our area of responsibility ”.
WinRed, which handles donations for the Wisconsin GOP, didn't respond to a request for comment on this week's hacking incident.
More political reporting from capital::
- Voters are concerned about election violence and security
- Trump's last election campaign promotes his trade policy in China – but his signature contract does not keep what he promised
- The government voting actions that business should watch in the 2020 elections
- Democracy Is Trending: How Big Consumer Brands Boost Voter Turnout In 2020
- Who decides the choice? There may be seniors in Pennsylvania