The co-chairs of a Congressional bipartisan commission on cyber security called on Congress again to take steps to protect the nation from cyber attacks possibly like the one that allegedly stole $2.3 million from the Republican Party of Wisconsin, a theft that was announced Thursday.
In a joint statement Thursday, Rep. Mike Gallagher (R-WI08) and Sen. Angus King (I-ME), the co-chairs of the Cyberspace Solarium Commission (CSC), said the protection of democratic institutions from cyber attack is not a partisan issue:
“Earlier this year, the Cyberspace Solarium Commission warned in their official report that our country is at serious risk not only from a catastrophic cyberattack but from millions of daily intrusions disrupting everything from financial transactions to the inner workings of our electoral infrastructure. Unfortunately, just today, Americans learned that the Republican Party of Wisconsin was the victim of hackers, who stole over $2 million from the Party’s accounts. This is not a partisan issue: the same report revealed that the Democratic Party of Wisconsin has likewise been targeted by hackers more than 800 times. We must improve our cybersecurity to collectively defend our shared electoral infrastructure.”
“The warning signs are flashing red. Congress urgently needs to come together and pass the bipartisan recommendations provided by the Cyberspace Solarium Commission report that will strengthen our national critical infrastructure by improving public-private collaboration and the resilience of our electoral systems before it is too late.”
The release from Gallagher and King came the same day as the Republican Party of Wisconsin announced that the Federal Bureau of Investigation was investigating an alleged cyber theft of money intended to help President Donald Trump’s re-election campaign in Wisconsin.
According to Andrew Hitt, the state chairman for the Wisconsin GOP, the alleged cyber attack was suspicious because it targeted vendors and funds associated with Trump’s campaign.
“I can’t draw firm conclusions from that, but it is very intriguing that they would focus on those vendors. It makes you wonder,” Hitt said in an interview with WITI Fox 6 TV in Milwaukee.
Republican Party of Wisconsin officials said in a release Thursday the money was taken “through doctored invoices under the name of WisGOP vendors.”
In response to inquiries from RightWisconsin, the Republican Party of Wisconsin confirmed invoices are not automatically paid by the account that was allegedly hacked.
“No vendors are paid automatically by the system, and invoices are reviewed,” said Alec Zimmerman, a spokesman for the party. “Invoices were altered by hackers, however. We are unable to get deep into the specifics as this remains under investigation.”
A follow-up question asking if the altered invoices were reviewed before they were paid went unanswered.
Brian Westrate, the treasurer for the Republican Party of Wisconsin, also said it was not a question of invoices being paid without review. However, he directed requests from RightWisconsin for more information back to the party chairman and the executive director. “It had nothing to do with unreviewed invoices,” Westrate said in an email. “I would direct you to ask Chairman Hitt or Mark Jefferson for more specific detailed information.”
When it was pointed out that the state party claimed “doctored invoices” were responsible, Westrate didn’t offer an explanation. “I would avoid trying to guess what ‘doctored’ means, and instead call Hitt or Jefferson,” Westrate said.
In a statement on Facebook, Westrate said neither he nor the Republican Party of Wisconsin was responsible for what allegedly happened to the $2.3 million in question.
“To be VERY clear, there is no fault here other than the criminals,” Westrate wrote. “Cyber crime is a massive problem all over the world and even the most protected systems (think VISA) occasionally fall prey to sophisticated digital criminal efforts.”
Westrate also said the alleged thieves understood the fluidity of campaign financing in the final days before an election.
“Whoever these thieves are they understood that for the final months of a campaign money is flying all over the place, and vendors are not generally watching the clock to make sure an invoice is paid in 30 days,” Westrate wrote.
It was unclear why Westrate was referencing vendors watching invoices when the money was allegedly taken from an account with the Republican Party of Wisconsin.
Both the Republican Party of Wisconsin and Westrate indicated in their statements that no personal information was compromised in the alleged cyber attack.
