Hacked Republican website skimmed donor credit cards for 6 months
A website used to fund the campaigns of Republican senators was infected with malware that for more than six months collected donors’ personal information, including full names, addresses, and credit card data, a researcher said.
The storefront for the National Republican Senatorial Committee was one of about 5,900 e-commerce platforms recently found to be compromised by malicious skimming software, according to researcher and developer Willem de Groot. He said the NSRC site was infected from March 16 to October 5 by malware that sent donors’ credit card data to attacker-controlled domains. One of the addresses—jquery-code[dot]su—is hosted by dataflow[dot]su, a service that provides so-called bulletproof hosting to money launderers, sellers of synthetic drugs and stolen credit card data, and other providers of illicit wares or services.
De Groot said it’s not clear how many credit cards were compromised over the six months the site was infected. Based on data from TrafficEstimates, the NRSC site received about 350,000 visits per month. Assuming 1 percent of those visits involved the visitor using a credit card, that would translate to 3,500 transactions per month, or about 21,000 transactions over the time the site was compromised. Assuming a black market value of $4 to $21 per compromised card, the crooks behind the hack may have generated revenue of $600,000.