Evidencing the reality that cybercriminals have no political allegiances, reports indicate that a website used to raise funds for Senate Republicans has been infected with malware for the last six months. Said malware gives cybercriminals access to the names, addresses and credit card data of Republican donors.
The storefront for the National Republican Senatorial Committee was one of about 5,900 e-commerce platforms recently found to be compromised by malicious skimming software, according to researcher and developer Willem de Groot.
According to de Groot, the NRSC site carried the malware from March 16 to October 5 — during that time, donors’ credit card data was sent directly to attacker-controlled domains. At least one of the endpoints for the data is a site hosted by dataflow[dot]su — a service that provides so-called bulletproof hosting to money launderers, sellers of synthetic drugs and stolen credit card data, and other providers of illicit wares or services.
It remains unknown at this point how many credit cards were compromised over the six or so months the malware infection went on — based on data from TrafficEstimates, the site gets about 350,000 visits per month. If one percent of those visits ended with a card-based transaction, that would mean hackers got access to about 3,500 virtual swipes per month over 6 months (or about 21 thousand transactions over the course of the attack). Assuming a black market value of $4 to $21 per compromised card, the crooks behind the hack may have generated revenue of $600,000 on the low end.
“This clever form of card skimming has been going for a while, at least since March,” de Groot wrote in an October 4 post revealing the NRSC compromise. “The culprits are hiding behind a shell company in Belize. Their business is growing rapidly.”
The site was cleansed of infection by October 6th — though word of the hack only began making the rounds a week later.
De Groot noted that the NRSC site was far from alone in the hack — 5,900 online platforms were similarly compromised. The hack of Senate Republicans’ fund raising efforts also follows ongoing cyber attacks against the DNC, Democratic Congressional Campaign Committee and various Clinton campaign officials. Those attacks have resulted in the publication on WikiLeaks and elsewhere of tens of thousands of private e-mails belonging to senior Democratic officials.
There does seem to be some difference in motive, however — the DNC hacks seem aimed, according to the FBI, at steering the outcome of the election. The RNC hack seems to be more purely financially motivated.