These revelations come from Dutch researcher Willem De Groot, the co-founder and head of security at Dutch e-commerce site byte.nl. According to De Groot, Russian hackers targeted the NRSC, the purveyors of political paraphernalia like “Never Hillary” posters, as just one of 5,900 e-commerce sites. Credit card data from the site was then allegedly sent to a network of servers overseen by a Russian-language internet service provider.
The NRSC has yet to respond to requests for comment, but Krebs points out that a cached copy of the site’s source code from earlier in October shows the malicious code was indeed on the site at the time reported by De Groot’s.
And the attacks are not over yet. “Last Monday, my scans found about 5,900 hacked sites,” De Groot said. “When I did another scan two days later, I found about 340 of those had been fixed, but that another 170 were newly compromised.” Apparently, the root of the issue for many of the compromised sites is that they are using old e-commerce or content management system software.
The other issue, Krebs reports, is that the hackers seem to have placed their malware in the infected sites’ databases. “That’s why I think this has remained under the radar for a while now,” De Groot said. “Because some companies use filesystem checkers so that if some file changes on the system, they will get a notice that alerts them something is wrong.”
So fair warning — if you made a purchase or contributed to the NRSC in the last few months, you may want to check your credit cards. Malware just might have got to it.
