Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Steal Credit Card Data From Visitors of US Senate GOP Committee Website (krebsonsecurity.com)

Posted by BeauHD on from the malicious-malware dept.

pdclarry writes: While all of the recent news has been about hacking the Democratic National Committee, apparently the Republicans have also been hacked over many months (since March 2016). This was not about politics, however; it was to steal credit card numbers. Brian Krebs reports: "a report this past week out of The Netherlands suggests Russian hackers have for the past six months been siphoning credit card data from visitors to the web storefront of the National Republican Senatorial Committee (NRSC). [...] If you purchased a 'Never Hillary' poster or donated funds to the NRSC through its website between March 2016 and the first week of this month [October 2016], there's an excellent chance that your payment card data was siphoned by malware and is now for sale in the cybercrime underground." Krebs says his information comes from Dutch researcher Willem De Groot, co-founder and head of security at Dutch e-commerce site byte.nl. The Republicans were not alone; theirs was just one of 5,900 e-commerce sites hacked by the same Russian actors. You can view De Groot's analysis of the malware planted on the NRSC's site and other services here. Krebs adds: "The NRSC did not respond to multiple requests for comment, but a cached copy of the site's source code from October 5, 2016 indicates the malicious code was on the site at the time (load this link, click 'view source' and then Ctrl-F for 'jquery-cloud.net')."

4 of 29 comments (clear)

  1. Oh well by Anonymous Coward · · Score: 3, Funny

    I'm sure all the people who were enthusiastic about the DNC hacks will agree that it doesn't matter who did this. Only the information that's released matters. Absolutely no need to identify the perpetrators because they're doing a public a service by releasing information that would otherwise have remained hidden.

  2. Re:Is NRSC Federal Government or Private? Private. by smooth+wombat · · Score: 3, Informative

    Obviously you're not from the U.S. or you would have known instantly the NRSC has nothing to do with our government aside from being a way for Republicans to get money for Senatorial candidates. The Democrats do the same thing, they just call their version something different.

    No one, particularly at this level of fundraising, would be stupid enough to use a .gov domain name. That invites all kinds of scrutiny, and possible legal action, which no one wants to be part of.

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
  3. Sloppy Work! by surfcow · · Score: 2

    Fool! Putin himself said we don't hack the Republicans.

  4. Re:Dear supporter by ArmoredDragon · · Score: 2

    I think this summary is the most creative dupe on slashdot I've ever seen.

    Here's the original one from three days ago:

    https://news.slashdot.org/stor...

    Why creative? Well, this one made it all about the RNC website, and mentioned the other sites with less emphasis. Meanwhile, the original post mentioned the other sites, while mentioning the republican site with less emphasis. And it seems that few people noticed, which is somewhat unusual because dupes are usually quickly spotted by commenters.