Hackers Swipe Card Numbers From Local Government Payment Portals

A previously unknown hacker group is behind a mounting number of breaches that have been reported by local governments across the US. From a report: In a report published today, US cyber-security vendor FireEye has revealed that this yet-to-be-identified hacker group has been breaking into Click2Gov servers and planting malware that stole payment card details. Click2Gov is a popular self-hosted payments solution, a product of US software supplier Superion. It is sold primarily to US local governments, and you can find a Click2Gov server installed anywhere from small towns to large metropolitan areas, where it's used to handle payments for utility bills, permits, fines, and more.

FireEye says this new hacker group has been attacking Click2Gov portals for almost a year. The company's investigators believe hackers are using one or more vulnerabilities in one of Click2Gov's components --the Oracle WebLogic Java EE application server-- to gain a foothold and install a web shell named SJavaWebManage on hacked portals. Forensic evidence suggests the hackers are using this web shell to turn on Click2Gov's debug mode, which, in turn, starts logging payment transactions, card details included.

More reasons to use Privacy virtual cards.

[Anonymous Coward]

Yet another website hack stealing card info. This is why I use Privacy virtual debit cards wherever I can. Card number I used to pay my {name government fee/tax here} bill got hack? No worries, it was a burner card number anyway! Shameless referral link: https://privacy.com/join/JWVHW

extra fees for online payments here...

[Anonymous Coward]

nice to see those extra costs going to security of our payment information.

we get charged like 3-10 dollars (scales-up by payment amount) to make a registration or tax payment online. this covers "costs" and merchant fees to handle the online payments so that the net payment is the same as an in-person cash payment. it's codified into state law to be that way, which completely ignores the cost savings from reduced labor costs, shortened dmv hours and closing of rural offices, etc. good thing, too. because of those extra costs, we pay the ~ 50c for the stamp and just mail the fucking things in instead, and hand-deliver payments for local taxes or county fees

Re:

[bob4u2c]

Same thing with state tax returns. You will let me electronic state file for like $20, or I can mail it in for less than $2, guess which one I'll choose (I also work just two blocks from the post office).

Re:

[magarity]

we get charged like 3-10 dollars (scales-up by payment amount) to make a registration or tax payment online

My state used to do that but came to its senses. Complain (politely) to your state level congresscritter at "town hall" meetings until your state fixes it too.

Re:

[StormReaver]

I write and maintain credit card processing software (among other things). The card processing companies charge a percentage of the purchase price as a fee to process the card transaction. Many government entities are forbidden by law from using taxpayer money to cover those fees, so they are passed on to the card holder. The government offices I know don't keep a penny of the fee, as it all goes to the processor.

Production "debug mode" to the rescue

[MTEK]

I would like a word with that developer.

Story

[sadafba786]

Yes I've read a similar story at https://www.thecyberforum.com/... [thecyberforum.com]

Re: Story

[fifi320]

guess which one I'll choose (I also work just two blocks from the post office). https://8ballpool.onl/ [8ballpool.onl] https://discord.software/ [discord.software] https://omegle.onl/ [omegle.onl]