Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Government United States Technology

Hackers Swipe Card Numbers From Local Government Payment Portals (zdnet.com) 15

A previously unknown hacker group is behind a mounting number of breaches that have been reported by local governments across the US. From a report: In a report published today, US cyber-security vendor FireEye has revealed that this yet-to-be-identified hacker group has been breaking into Click2Gov servers and planting malware that stole payment card details. Click2Gov is a popular self-hosted payments solution, a product of US software supplier Superion. It is sold primarily to US local governments, and you can find a Click2Gov server installed anywhere from small towns to large metropolitan areas, where it's used to handle payments for utility bills, permits, fines, and more.

FireEye says this new hacker group has been attacking Click2Gov portals for almost a year. The company's investigators believe hackers are using one or more vulnerabilities in one of Click2Gov's components --the Oracle WebLogic Java EE application server-- to gain a foothold and install a web shell named SJavaWebManage on hacked portals. Forensic evidence suggests the hackers are using this web shell to turn on Click2Gov's debug mode, which, in turn, starts logging payment transactions, card details included.

This discussion has been archived. No new comments can be posted.

Hackers Swipe Card Numbers From Local Government Payment Portals

Comments Filter:
  • by Anonymous Coward

    Yet another website hack stealing card info. This is why I use Privacy virtual debit cards wherever I can. Card number I used to pay my {name government fee/tax here} bill got hack? No worries, it was a burner card number anyway! Shameless referral link: https://privacy.com/join/JWVHW

  • by Anonymous Coward on Wednesday December 19, 2018 @11:40AM (#57830756)

    nice to see those extra costs going to security of our payment information.

    we get charged like 3-10 dollars (scales-up by payment amount) to make a registration or tax payment online. this covers "costs" and merchant fees to handle the online payments so that the net payment is the same as an in-person cash payment. it's codified into state law to be that way, which completely ignores the cost savings from reduced labor costs, shortened dmv hours and closing of rural offices, etc. good thing, too. because of those extra costs, we pay the ~ 50c for the stamp and just mail the fucking things in instead, and hand-deliver payments for local taxes or county fees

    • by bob4u2c ( 73467 )
      Same thing with state tax returns. You will let me electronic state file for like $20, or I can mail it in for less than $2, guess which one I'll choose (I also work just two blocks from the post office).
    • we get charged like 3-10 dollars (scales-up by payment amount) to make a registration or tax payment online

      My state used to do that but came to its senses. Complain (politely) to your state level congresscritter at "town hall" meetings until your state fixes it too.

    • I write and maintain credit card processing software (among other things). The card processing companies charge a percentage of the purchase price as a fee to process the card transaction. Many government entities are forbidden by law from using taxpayer money to cover those fees, so they are passed on to the card holder. The government offices I know don't keep a penny of the fee, as it all goes to the processor.

  • by MTEK ( 2826397 ) on Wednesday December 19, 2018 @01:36PM (#57831352)

    I would like a word with that developer.

  • Yes I've read a similar story at https://www.thecyberforum.com/... [thecyberforum.com]

I judge a religion as being good or bad based on whether its adherents become better people as a result of practicing it. - Joe Mullally, computer salesman

Working...