- The Washington Times - Tuesday, October 18, 2016

A Republican Party website that sells bumper stickers and T-shirts advertising presidential candidate Donald Trump was compromised earlier this year by hackers who spent several months silently stealing credit card details and other personal information from purchasers, according to a Dutch security researcher.

The digital storefront used by the National Republican Senatorial Committee (NRSC) to sell products ranging from “Never Hillary” stickers to “Make America Great Again” bracelets was compromised for nearly six months starting March 16, researcher Willem de Groot wrote in a recent report.

Mr. De Groot was scouring the internet for websites running a vulnerable version of the Magento e-commerce platform when he discovered the NRSC store had been compromised by hackers who managed to install malicious skimming software designed to siphon customers’ credit card information, he wrote in a report published earlier this month.

By inspecting the malicious code, Mr. De Groot determined that hackers had been quietly sending the stolen data to domains hosted by Dataflaw, a internet company whose other customers include websites where visitors can purchase synthetic drugs, stolen credit card information and other illegal goods and services.

Hackers likely didn’t specifically target the NRSC. According to his research, Mr. De Groot believes nearly 6,000 e-commerce sites had been infected by the same group of cybercriminals, including pages used by Audi, Converse, the Washington Cathedral and the Malaysian government.

Mr. De Groot first scanned for vulnerable sites around a year ago and found 3,501 stores containing the malicious code, according to a recent CSO article. The number of infected e-commerce sites surged by almost 30 percent between March and September, and had nearly doubled by the time he released his findings earlier this month.

“Last Monday my scans found about 5,900 hacked sites,” he wrote recently. “When I did another scan two days later, I found about 340 of those had been fixed, but that another 170 were newly compromised.”

On Monday this week, he said at least 841 of the infected stores had been repaired in the wake of disclosing the scope of the cyber campaign.

Cybersecurity reporter Brian Krebs wrote that the malicious code was purged from NRSC’s store as of Oct. 6, but not before stealing the full names, email addresses and billing details pertaining to nearly six months’ worth of orders. Mr. De Groot estimates as many as 3,500 transactions on the NRSC site were compromised each month the code was in place, amounting to potential $600,000 in illegal revenue, Ars Technica reported.

“One reason that many hacks go unnoticed is the amount of effort spent on obfuscating the malware code. Earlier malware cases contained pretty readable Javascript, but in the last scan more sophisticated versions were discovered,” Mr. De Groot wrote.

The NSRC fundraises on behalf of Republican politicians defending or vying for position in the U.S. Senate, and is chaired by Sen. Roger Wicker of Mississippi. An aide said less than 0.0018 percent of online donations to the NRSC were affected by the breach, and that its e-commerce site has since been updated to use a new payment platform.

The Democratic Congressional Campaign Committee, a similar organization that raises money for House Democrats, was compromised earlier this month by hackers who reconfigured its donation portal in order to siphon contact information from would-be contributors.

FireEye, a U.S.-based security firm that investigated the breach, attributed that hack to the same Russian espionage group believed responsible for recent attacks suffered by the Democratic National Committee and other organizations and individuals tied to the Democratic Party.

• Andrew Blake can be reached at ablake@washingtontimes.com.

Copyright © 2023 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.

Click to Read More and View Comments

Click to Hide