Although this is no ordinary campaign, recent news shows how politicians have many of the same worries as typical businesses.  On Thursday, October 29, 2020, the Wisconsin Republican Party reported that it had been victimized by a Business Email Compromise (BEC). There are many ways in which a criminal may conduct a BEC scam but one of the most common occurs when hackers compromise a vendor’s email accounts to hijack vendor payments. With this access, the hacker prepares elaborately fake invoices (or other supporting documents) mirroring the appearance, content, amount, and timing of typical documents from the vendor. The hacker then submits a request to change the usual payment procedures.  The hackers’ new payment plan always involves a well-known U.S. bank. When the victim business makes the next vendor payment, it goes quickly out of the U.S.-based bank and out of the country.

That is exactly what appears to have happened here when hackers stole $2.3 million from the Wisconsin Republican Party that was intended for use in the president’s re-election campaign. The theft was accomplished by tampering with invoices submitted to the party from four vendors. The modified invoices directed the state GOP to send money to accounts controlled by the hackers after a successful phishing campaign. (Phishing should be the subject of a separate, longer discussion. For today’s purposes, it is enough to know that “phishing” involves using emails to trick the recipient to hand over network control, credentials, and/or install malware that gives the hackers remote access to those systems.)

BEC cybercrime is big business.

• While splashy malware attacks receive media attention, BEC fraud quietly cost businesses billions (with a “B”!) of dollars in recent reported losses every year.
• Email remains a top attack vector for BEC attackers because, compared to hacking a company’s network infrastructure, it provides an easier, demonstrably profitable path for criminals.
• These are often single-use email accounts and the hackers establish or hijack tens of thousands of these accounts every year.

Similarly, the election infrastructure is also grappling with ransomware attacks. Ransomware is a type of malware that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. These attacks can be very disruptive. Imagine that you are running a hospital – which is the subject of another recent hacking campaign – and your health data is inaccessible: people could actually die.  Ransomware costs are climbing rapidly.  This is complicated by the fact that a company can also face fines for paying that ransomware.