Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Steal Credit Card Data From Visitors of US Senate GOP Committee Website (krebsonsecurity.com)

Posted by BeauHD on from the malicious-malware dept.

pdclarry writes: While all of the recent news has been about hacking the Democratic National Committee, apparently the Republicans have also been hacked over many months (since March 2016). This was not about politics, however; it was to steal credit card numbers. Brian Krebs reports: "a report this past week out of The Netherlands suggests Russian hackers have for the past six months been siphoning credit card data from visitors to the web storefront of the National Republican Senatorial Committee (NRSC). [...] If you purchased a 'Never Hillary' poster or donated funds to the NRSC through its website between March 2016 and the first week of this month [October 2016], there's an excellent chance that your payment card data was siphoned by malware and is now for sale in the cybercrime underground." Krebs says his information comes from Dutch researcher Willem De Groot, co-founder and head of security at Dutch e-commerce site byte.nl. The Republicans were not alone; theirs was just one of 5,900 e-commerce sites hacked by the same Russian actors. You can view De Groot's analysis of the malware planted on the NRSC's site and other services here. Krebs adds: "The NRSC did not respond to multiple requests for comment, but a cached copy of the site's source code from October 5, 2016 indicates the malicious code was on the site at the time (load this link, click 'view source' and then Ctrl-F for 'jquery-cloud.net')."

29 comments

  1. Dear supporter by bestweasel · · Score: 1

    Thank you very much for your donation to Hillary Clinton's election fund. With your help, we'll win.

    1. Re:Dear supporter by ArmoredDragon · · Score: 2

      I think this summary is the most creative dupe on slashdot I've ever seen.

      Here's the original one from three days ago:

      https://news.slashdot.org/stor...

      Why creative? Well, this one made it all about the RNC website, and mentioned the other sites with less emphasis. Meanwhile, the original post mentioned the other sites, while mentioning the republican site with less emphasis. And it seems that few people noticed, which is somewhat unusual because dupes are usually quickly spotted by commenters.

  2. And the full list by Anonymous Coward · · Score: 1

    The list of compromised eCommerce site had a bit of controversy surrounding it too. Github censored the list, as did Gitlab. However, Gitlab later restored the list:

    https://gwillem.gitlab.io/2016/10/14/github-censored-research-data/

  3. Inside Job by Anonymous Coward · · Score: 0, Informative

    Take a close look at the people who run the GOP website. For decades they've been collecting email addresses and spamming the hell out of anyone that registers on the site. People behind the scenes running DNC and GOP have very low morals, they use email addresses like a commodity. I started receiving 3rd party spam only days after registering. They sold my email address to a handful of different companies without my consent. Any website that would do that normally would find themselves out of business pretty quick... because it's wrong and in some countries illegal (because it's wrong). If I had to do it over again I would have never registered with the GOP or any political website and I urge my friends not to do it. You might as well throw away your email address because you'll be bombarded by spam for years to come. With that in mind, I say take a look at the web developer as being a prime suspect. I equate their morality with that of a porn site, none at all.

    1. Re: Inside Job by Anonymous Coward · · Score: 1

      A/c included DNC

    2. Re:Inside Job by JackieBrown · · Score: 1

      And it's a Russian conspiracy too!

  4. Who cares by Anonymous Coward · · Score: 1

    The US Senate has and always will be bought and sold by the highest bidder anyway

  5. Oh well by Anonymous Coward · · Score: 3, Funny

    I'm sure all the people who were enthusiastic about the DNC hacks will agree that it doesn't matter who did this. Only the information that's released matters. Absolutely no need to identify the perpetrators because they're doing a public a service by releasing information that would otherwise have remained hidden.

    1. Re:Oh well by Bing+Tsher+E · · Score: 1

      Definitely. A few contributors having to cancel and replace their credit cards is worth the full disclosure of the rotten-to-the-core political culture at the DNC. I bet you could even find and interview Republicans who are victims of this particular hack who would agree it's worth it.

      It's all fine. The information released by the DNC hack is quite important. It won't even stop being relevant and worth study after the election.

      (Anybody who thinks the Coronation will be the end of it is a little nuts.)

  6. Prickileaks by PopeRatzo · · Score: 1

    "We Open Governments"

    --
    You are welcome on my lawn.
  7. Is NRSC Federal Government or Private? Private. by Anonymous Coward · · Score: 0

    DNC is Private.
    Not sure about NRSC. The name implies it is Federal Government; however its website is .org and the website looks like it is Private. All Government sites SHOULD BE .gov so there is no confusion; however, too many Government groups do not abide by the original rules of top level domains. Cannot trust the name of an organization to be accurate anymore.

    1. Re:Is NRSC Federal Government or Private? Private. by smooth+wombat · · Score: 3, Informative

      Obviously you're not from the U.S. or you would have known instantly the NRSC has nothing to do with our government aside from being a way for Republicans to get money for Senatorial candidates. The Democrats do the same thing, they just call their version something different.

      No one, particularly at this level of fundraising, would be stupid enough to use a .gov domain name. That invites all kinds of scrutiny, and possible legal action, which no one wants to be part of.

      --
      We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
  8. In Soviet Russia by Anonymous Coward · · Score: 0

    the state cards you

  9. Qui s'éxcusé s'accusé. by Anonymous Coward · · Score: 0

    > Only the information that's released matters.

    Well, yes, it doesn't matter who did it, but what they did--simple thievery--is generally considered wrong. Pay attention to their actions, ignore their words.

    > Absolutely no need to identify the perpetrators because they're doing a public a service by releasing information that would otherwise have remained hidden.

    Well, if they use this to expose Republican corruption, I'm all for it! If, instead, what they do is petty thievery, then I'm not sure how that's "releasing information." But it does say something about those who excuse it, no? Qui s'éxcusé s'accusé is something I've had to keep in mind a lot these days.

    Anyhow, I have to wonder: are you for thievery or against exposing corruption? Perhaps both? If so, why? For myself, I'm for exposing all corruption. I'm against thievery. And I'm curious about those who do not share these views.

    1. Re:Qui s'éxcusé s'accusé. by Anonymous Coward · · Score: 0

      Your post is an extended excuse about why crime and criminals should be enabled, routinely and actively, if only 'corruption' is exposed. Thus, the end justifies the means.

      Meanwhile, back in the land of the sane, normal people don't like criminals and don't support hackers. Why do you? You'd make hacking legal if it catches corruption and illegal if it does not? So the motivations of the hackers are of no interest to you?

      Does it not occur to you that you are incentivizing ALL hackers to find corruption while they steal? After all, hide a (the hackers hope) minor crime under the guise of some 'public service'. It further incentives them to plant evidence of corruption if they cannot find any real evidence. For all we know that has already happened in the service of your gullability.

      Your moral compass is broken. You are enabling and empowering hackers who will only grow richer and more powerful, while you make excuses for them and mumble uselessly about corruption.

      You know what is corrupt? Your thought process. But you can be saved. Act now, and send thousands to your local huckster preacher, who will promise to send you a teaspoon of holy oil and send prayers to heaven that will save your mortal soul. Really, they will do it! And for sure your soul will be saved. It's the money that makes the difference...

  10. That darn Hillary! by Anonymous Coward · · Score: 1

    How she found the time to back the NRSC site I just don't know. I am so gosh darn upset.

  11. Sloppy Work! by surfcow · · Score: 2

    Fool! Putin himself said we don't hack the Republicans.

  12. Dems have juicy gossip by Anonymous Coward · · Score: 0

    It's only common sense, Dems have juicy gossip and salacious info, but Republicans have better credit.

  13. Notice how comments are all political by Anonymous Coward · · Score: 0

    This is more about skimming a web site than political. But these days if it happens to be a political related site its all political. Which means people develop a sense this was a attack on a political party rather than a opportunity for someone to gain access to credit card information. This seems the norm now as skimmers look to less secure sites to attack. Probably going to get worse as holidays get closer, just waiting for that big site to get hacked.

  14. Russian hackers hack NRSC by khz6955 · · Score: 1

    "a report this past week out of The Netherlands suggests Russian hackers have for the past six months been siphoning credit card data from visitors to the web storefront of the National Republican Senatorial Committee"

    Where's the evidence that Russian hackers were responsible?

    1. Re:Russian hackers hack NRSC by bheerssen · · Score: 1

      Well, the evidence is a Dutch "report" from "this past week". It's right there in the summary.

      Seriously, though, there's an analysis of the malware linked in one of the articles. That's as much proof as you're going to get.

      --
      (Score: -1, Stupid)
  15. hacking by Anonymous Coward · · Score: 0

    I don't know about hacking but when my ex was cheating on me, a friend of mine referred me to Mr Robert I thought it wasn't real but he later proved me wrong by helping me to spy on my ex-husband and got me all the necessary evidence I needed. He helped me to hack and spy on his emails, mobile , all his social media and his bank accounts, Robert did all this remotely without touching his devices. You can contact him with mastershield55@gmail.com if you are in the same shoe as I was..

  16. BLANK ATM CARD by Anonymous Coward · · Score: 0

    We are hackers, We just succeeded with a new invention. We've got hacked ATM cards for sale. These hacked ATM cards have been programmed to work on any ATM machine. The cards have been topped up with $100,000 With a daily withdrawal of $3000 per day ( depending on how it is programmed ). The cards have got some special features which includes;
    *Deactivating the cctv cameras when inserted in the ATM machine,
    * It comes with a 4 digit pin just like every other ATM card,
    * It can be topped up when the money in it has been exhausted,
    *It is untraceable and undetected.
    The cards were successfully programmed with the hard-work of our hackers. And they are cloned using a writer (MSR 606).
    If you need to get the cards, order one today and it will be shipped to your location. Contact us on to get one..
    SIMPLEHACKERS2@GMAIL.COM
    ***********Serious buyers only**********