Taryn Luna reports on a hack and phish that may leave you wondering whether this was a politically motivated attack or just a garden variety attack.
Luna reports the the victim is Sen. Richard Pan, D-Sacramento, whose re-election campaign account was robbed in a multi-step scheme that began with a hack of his email account in February.
The hackers appeared to study the campaign’s email pattern of approving payments, pretended to be him and sent a fake invoice to his treasurer requesting $46,000 to a vaccine-related nonprofit organization in mid-February, Pan said. He said the responsible parties were able to block communications with other people to hide their trail.
The vaccine connection is what raises the possibility of possible political motivation. Luna explains:
Pan is a doctor and has drawn the ire of a fervent community of activists who oppose his legislative work to toughen vaccination requirements for school children. Pan said there’s no evidence to suggest anyone associated with the anti-vaccination movement was actually involved in the theft, but he’s suspicious given violent threats he’s endured and prior interactions with his opponents. Among other related legislation, Pan successfully removed personal belief exemptions for vaccines in 2015.
The senator’s treasurer was appropriately cautious when she received the request to send the check, but she did not know she was going back and forth in email with the criminals and not with her boss.
As a result of this incident the campaign now uses two-factor authentication for any such requests.
Read more here on SacBee.