Russian Hackers Siphon Payment Data from GOP Donor Site—For Months

Written by

It turns out that the Democrats aren’t the only ones subject to election season hacking nuttiness: Russian hackers have been found siphoning off credit-card data for the past six months from visitors to the National Republican Senatorial Committee’s web storefront.

“If you purchased a ‘Never Hillary’ poster or donated funds to the NRSC through its website between March 2016 and the first week of this month, there’s an excellent chance that your payment card data was siphoned by malware and is now for sale in the cybercrime underground,” said security researcher Brian Krebs, in a post.

News of the break-in comes from Dutch researcher Willem De Groot, co-founder and head of security at Dutch e-commerce site He found that hackers used security vulnerabilities or weak passwords to break into the NRSC and more than 5,900 other e-commerce sites, including top names like Audi and Converse.

He also said that the purloined card data was sent to a network of servers operated by a Russian-language Internet service provider incorporated in Belize called Dataflow.

“Dataflow has long been advertised on Russian-language cybercrime forums as an offshore haven that offers so-called ‘bulletproof hosting,’ a phrase used to describe hosting firms that court all manner of sites that most legitimate hosting firms shun, including those that knowingly host spam and phishing sites as well as malicious software,” Krebs explained.

A list of the sites currently hosted by Dataflow include, for instance, a number of Russian-language sites selling synthetic drugs and stolen credit-card data.

Taken in all, the hack is most likely perpetrated by financially-motivated organized crime, unlike the attacks on the Dems.

“The NRSC hack is likely apolitical, as it is one of nearly 6,000 other compromised e-commerce sites—in this one research study alone,” said Kenneth Geers, senior research scientist, Comodo, via email. “However, given how sophisticated the malware is, flying under the radar as a Trojan horse on so many web servers for so long, the cybercriminals are professionals who likely have detailed files on each of their significant victims. This means that they knew they had hacked members of the US Republican Party. This, in turn, suggests that this compromise will take on added meaning for US law enforcement.”

For its part, the NRSC said that its website is now secured, according to De Groot.

Photo © Brian A Jackson

What’s hot on Infosecurity Magazine?