Skip to content

The Wisconsin GOP Lost $2.3 Million in an Email Scam

This week hackers mounted an unprecedented ransomware attack on hospitals in the United States. Dozens have already been hit, while the total targets may number well into the hundreds. Health care systems have always been a popular target for these kinds of intrusions, but the scale of the current wave is unthinkable—and bodes poorly for getting through Election Day without similar incidents.

Speaking of which! We took a closer look at Berserk Bear, the Russian hacking group that for years has broken into critical US infrastructure targets—and more recently, election-adjacent systems—without ever actually causing serious mayhem. It’s unclear what Berserk Bear’s ultimate intentions are; in a best-case scenario they’re just creating a series of diversions. As for the worst-case scenario, well, let’s just hope it never comes to that.

In another new low, hackers have been extorting patients of a mental health services provider in Finland called Vastaamo, threatening to put copies of their therapy session notes online if they don’t pay up. The data of a few hundred victims has already wound up online, with tens of thousands more potentially affected.

In the work-from-home era Slack has become more essential than ever; we took a look how you can control your privacy on it, and more importantly all the ways you can’t. In other cover-your-back news, we explained how to clean up your digital history online. And while link previews in messaging apps can be useful, new research shows that they can also be a privacy liability, savage your battery, and more.

For when you can set aside a little more time, we have two features this week that are worth your while. We looked at how a special ops vet and his brother have used AI to try to solve the military’s “fatal funnel” problem. And we profiled Maddie Stone, a reverse engineer at Google’s elite Project Zero who smashes bugs and hacker stereotypes with equal aplomb.

And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

The Wisconsin Republican party this week revealed that they had been swindled out of $2.3 million, money that had been earmarked for Donald Trump’s reelection campaign. Rather than a sophisticated hack of a bank account, the incident appears to be yet another case of business email compromise, a category of scam that has netted billions of dollars for attackers over the past few years alone. The attackers apparently sent invoices to GOP officials that looked like they were from official vendors, but with banking information that routed the money to the schemers instead. It’s the kind of mistake that could happen to anyone—but is especially inconvenient coming so close to the election.

In other “Republicans compromised by avoidable scam” news, hackers managed to alter Donald Trump’s campaign website, albeit for less than 30 minutes. The hackers made the dubious claim that they had accessed “internal and secret conversations” relating to Trump, along with links to send them Monero cryptocurrency. Defacing a website is a far cry from actually hacking a candidate, though, and it seems unlikely that this amounts to anything more than an act of digital vandalism.

Maze has been one of the most prolific ransomware groups of the last few years, as well as an innovator in the field. It was the first group to adopt the now-standard practice of stealing a company’s data before encrypting it, giving them the extra leverage of threatening to release it on the web if a victim didn’t pay up. Now, security news site Bleeping Computer reports that Maze is shutting things down, having not hit any new victims since September. This doesn’t mean, well, anything much in terms of the overall ransomware outlook; Maze affiliates have already moved on to an operation called Egregor, and other actors in the space continue to wreak havoc. (See above!)

Online stock trading has its share of security issues no matter what platform you’re on. But a recent dark web audit showed that popular trading app Robinhood has a disproportionate number of user account credentials circulating on hacker forums. That doesn’t mean that Robinhood itself was compromised; it seems more likely to be a result of credential stuffing. But either way, it’s a good reminder to put two-factor authentication on all of your accounts—especially the ones where you keep your money.

More Great WIRED Stories