In the run-up to this year’s legislative session, a few House members filed bills aimed at improving government cybersecurity by prohibiting state and local government devices from “accessing and using websites and applications that threaten cybersecurity and infrastructure from foreign and domestic threats, such as ‘TikTok,’ ‘WeChat,’ and other Chinese-owned applications.”
You can understand why lawmakers would want to try that: Cyberhacking is growing exponentially — and that’s even before artificial intelligence gets up to speed. So why not just tell everybody who works for government to stay away from risky sites?
Ah, if only it were so simple.
The obvious problem, of course, is that in order to comply with this legislation, you’d have to disconnect all government computers and other electronic devices from the internet, because every website or social media site you visit or email you receive is a “potential threat.”
Click on the wrong email or even open the wrong browser page, and depending on your level of access, you’ve potentially compromised your home computer, or your business, or your church or other nonprofit, or your government agency. And with it potentially money and personal information about hundreds or millions of people.
In Laurens County, officials paid $1.5 million in fake invoices last year after someone believed the wrong email.
There are a lot of really sophisticated cyberattacks out there, and their number and sophistication will only increase as AI proliferates and evolves. This attack wasn’t one of them.
This was one of the simplest and most mundane phishing scams. As The Post and Courier’s Eric Connor reports, someone sent a fake invoice to the county from what appeared to be Mashburn Construction Co., a well-established South Carolina company that has done a good amount of work for the county. The invoice included the company’s logo, its mailing address and all the other elements the recipient was used to seeing on those invoices, along with deposit information for a Wells Fargo bank account, which again would seem routine.
