A recent hack, suspected to be of Russian origin, hit the National Republican Senatorial Committee (NRSC). The online store of the NRSC was compromised with malware that compromises credit card information and has been skimming the information of thousands of credit cards for the past six months. The NRSC is believed to be one of more than 5,900 e-commerce sites hit by the same perpetrators.
Security experts believe that the stolen data was sent and consolidated in a network of servers in Belize. It is believed that the servers are owned and operated by a Russian-language internet service provider. The stolen credit card information was likely sold illegally on the dark web and anyone who purchased a product or donated via the NRSC website could have been affected. Dutch security analyst Willem De Groot says it is unknown how many credit cards were stolen from the NRSC but suggests, “According to TrafficEstimates, the Republican store has received some 350K visits per month lately. A conservative conversion ratio of 1 percent yields 3,500 stolen credit cards per month, or 21K stolen credits cards since March.” He goes on to say that based off the current black market price per card, the hackers could have made about $600k of the NRSC alone.
De Groot’s analysis of the malware found in the NRSC shows the hackers latched on to weak passwords and other security vulnerabilities. In addition, he discovered that the malware was also found within databases of the e-commerce sites which is how they were able to operate unnoticed. There has been no formal announcement from the Republicans but it is believed the party took steps to correct the problem. While other sites have also taken steps to correct the issue, hackers are continuing to infect new sites rapidly.