Less than a week before Election Day in a vital swing state, Wisconsin Republicans said on Thursday that hackers made off with $2.3 million devoted to reelecting President Donald Trump.
The Republican Party of Wisconsin said it first detected the attack on Oct. 22, then notified the FBI the following day about doctored invoices in the names of its vendors.
“Cybercriminals, using a sophisticated phishing attack, stole funds intended for the re-election of President Trump, altered invoices and committed wire fraud,” the party’s chairman, Andrew Hitt, said in a statement. “These criminals exhibited a level of familiarity with state party operations at the end of the campaign to commit this crime.”
It’s common for hacking victims to claim they were the victims of “sophisticated” attacks, whether the attacks were rudimentary or not. Hitt and a party spokesperson did not immediately respond to questions seeking further details, including any evidence the hack occurred. The FBI said it would neither confirm nor deny any investigation, as its is standard practice, and declined to comment.
The alleged hack comes as Trump is slightly behind in the Wisconsin polls against Democratic challenger Joe Biden, and as the president has laid the groundwork for undermining election results should he lose. Wisconsin, too, has been the setting for court battles over the 2020 election, including a case the Supreme Court decided this week.
News of the incident first emerged in an Associated Press interview with Hitt. Hitt offered additional information in that story, which also reported on Democrats’ fundraising edge in the state.
If the hack proves genuine, it would be the most significant hacking-related incident of this year’s campaign season.
Hitt’s description of what happened matches that of the definition of a business email compromise scam. The FBI’s Internet Crime Complaint Center estimates that between early 2014 and late 2019, BEC scams have cost U.S. businesses more than $2 billion.
BEC scams aren’t usually listed among the top threats to elections or political campaigns, but the Democratic Party of Wisconsin said it, too, has encountered financially motivated attacks.
“According to our IT team, we’ve been the target of over 800 phishing attempts this cycle, with at least half of them seeking financial gains, all of which have been stopped and recorded,” a spokesperson for the party, Philip Shulman, said via email.
The 2016 campaign was of course marked by Russia hacking Democrats’ emails, subsequently leaked in what the U.S. government said was an attempt to influence the election.
The Wisconsin case also isn’t the only time a late-race hacking allegation has surfaced. When Georgia’s then-Secretary of State Brian Kemp was running for the governor’s seat he would eventually win in 2018, he accused Democrats of trying to hack the state’s voter registration system. The Georgia attorney general found no proof of claim.
It’s likewise not uncommon for incidents originally identified as cyberattacks to prove to be something else, as happened in 2018 in Knox County, Tennessee. The Wisconsin GOP said it was still ready for the 2020 stretch run.
“While a large sum of money was stolen, our operation is running at full capacity with all the resources deployed to ensure President Donald J. Trump carries Wisconsin on November 3rd,” Hitt said.