Theft of $2.3M from GOP shows how campaigns are juicy targets for hackers
When the Wisconsin Republican Party disclosed this week that hackers had stolen millions of dollars from its account—funds designated for President Trump’s re-election—Oren Falkowitz was not surprised.
A former NSA hacker who now runs cybersecurity company Area1, Falkowitz says political campaigns’ record levels of fundraising this cycle—and campaigns’ habit of boasting about the money they raise—has made them a prime target for cyber criminals. He points in particular to the popularity of Democratic and Republican parties’ respective fundraising platforms, ActBlue and WinRed, and tweets like this one:
In the case of the theft of the Wisconsin GOP, it’s unclear precisely how the hackers stole the money. Party chairman Andrew Hitt told the Associated Press the incident began with a phishing attack that allowed the hackers to pose as vendors. The party then paid $2.3 million worth of invoices from the fake vendors, wiping out much of its coffers.
The Wisconsin GOP did not respond to a request for further details about the attack, but Hitt’s description suggests it’s likely the hackers took over the email accounts of legitimate vendors and tricked party officials into paying the invoices.
In his comments to the AP, Hitt also said he was unaware of any other state GOP groups being targeted by similar attacks—a claim Falkowitz says is improbable
“Everyone is a ‘target.’ To say that one is unaware of people, or organizations being targeted is to be totally unaware of what the threat in cyberspace is,” he said.
Falkowitz says lax email security is what makes such phishing-based scams possible. And while anti-phishing software can help detect such scams, many in the political world are not using it. A recent report by Area1 revealed that few of the hundreds of election officials surveyed were deploying anti-phishing tools and many said they were conducting business using their personal emails.
While hackers posing as vendors is one threat to political campaigns, Falkowitz warns there’s also a risk of criminals taking over the emails of party officials to request money from ActBlue or WinRed.
Both ActBlue or WinRed provide plug-and-play donation tools for candidates and allied political causes, letting them easily add a “Donate” button to their websites. The platforms collect contributions from millions of small donors and then wire money to the various candidates and groups. And while they work to secure their own operations from hackers, they view securing campaigns as the role of the national parties.
“It is standard for groups of our size and nature to see attempted phishing attacks on a regular basis. We have a range of technical protections in place and conduct regular employee education on the topic. We are not aware of any successful attacks,” said a spokesperson for ActBlue who described campaign security as “not in our purview.’
WinRed, which handles donations for the Wisconsin GOP, did not respond to a request for comment about this week’s hacking incident.