|
U.S. Republican group hit by
Russian-linked virus: researcher
Send a link to a friend
 [October 07, 2016]
WASHINGTON (Reuters) - A U.S.
Republican Party website selling campaign stickers and other political
gear is among thousands of websites infected with a credit-card stealing
virus that sent data to a server in Russia, according to a Dutch
security researcher.
A page on the National Republican Senatorial Committee's website selling
stickers, T-shirts and baseball caps was infected with a hard-to-detect
virus that collected all information entered on orders, including
buyers' names and addresses, credit card numbers and merchandise
ordered, according to the researcher, Willem de Groot.
De Groot, co-founder of Dutch e-commerce company Byte, said that he
learned of the infection after conducting a web scan to find sites
infected with the virus. "I don’t think it was a targeted attack," de
Groot told Reuters.
Other victims include clothing retailers, car manufacturers and local
shops. He declined to identify them, saying he had not had time to
notify them of the infection.
The NRSC took down the website on Thursday and acknowledged that it had
been targeted by a "skimming operation".
NRSC spokeswoman Andrea Bozek said a vendor discovered "an issue
yesterday that affected an extremely small number of supporters."
"The problem was fixed immediately and we are contacting those who were
affected," she said in a statement. She provided no further details.
The NRSC, a party operation dedicated to getting Republicans elected to
the Senate, said it found no evidence that its primary donation system
was hacked. The numbers affected account for less than 0.0018 percent of
online donations to the NRSC, a committee aide said.
The committee had received more than $65 million in political
contributions for the 2016 campaign, as of Aug. 31, according to Federal
Election Commission records.
[to top of second column] |
A supporter of Republican presidential nominee Donald Trump attends
a campaign rally in Reno, Nevada, U.S., October 5, 2016.
REUTERS/Mike Segar
Researcher De Groot documented the attack in a video on his blog, in
which he demonstrates that entering an order on the NRSC site causes
the malware to send its details to a server in Russia.
http://bit.ly/2dxNS6z
The malware was embedded into the site's code, which can be viewed
using a common web browser, according to de Groot.
A search of archived versions of the set led him to determine that
it had been infected since at least March of this year, he said.
The infection was earlier reported by the Dutch website Follow the
Money, www.ftm.nl.
(Reporting by Jim Finkle in Boston and Toby Sterling in Amsterdam.
Additional reporting by David Morgan in Washington; Editing by
Alistair Bell)
[© 2016 Thomson Reuters. All rights
reserved.]
Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
