Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security IT Technology

Two Years Later, Hackers Are Still Breaching Local Government Payment Portals 5

Posted by msmash from the tussle-continues dept.
Two years after hackers first started targeting local government payment portals, attacks are still going on, with eight cities having had their Click2Gov payment portals compromised in the last month alone, security researchers from Gemini Advisory have revealed in a report shared with ZDNet today. From the news report: These new hacks have allowed hackers to get their hands on over 20,000 payment card details belonging to US citizens, which are now being traded on the dark web, the cyber-security firm said. Click2Gov is a web-based portal sold by Central Square, formerly known as Superion, to US and Canadian municipalities, small and large alike. It comes as a cloud-based offering and in a self-hosted version. Once up and running, Click2Gov provides a self-service portal where US citizens can pay taxes and bills. Such portals are widespread across the US and are not only used by locals, but also by Americans living across the country to pay bills and taxes for property they own in other cities or states. In 2017, a hacker group began targeting self-hosted Click2Gov portals that had been lagging behind with software patches.
This discussion has been archived. No new comments can be posted.

Two Years Later, Hackers Are Still Breaching Local Government Payment Portals More

Two Years Later, Hackers Are Still Breaching Local Government Payment Portals

Comments Filter:

  • This explains two things.

    1. My card was last hijacked around two years ago.
    2. The city water bill portal has been broken since not too long after that. SSL cert thing. Been using the phone system since.

    Son of a...

    of course, none at the city will lose their heads over this. They should, but they won't. Ditto Click2Gov.

  • Why are the well paid managers not fired and their retirement plans trashed when this occurs. Pure undeniable negligence if the patches are >1 Month old. Oh the same goes for not having workable backups and a working means to restore. And for each incident, ten are not reported. Class action lawyers should team up with these hackers, determine the age of negligence, then target the responsible person who signs off on this - such as the CFO, and print this name in the local paper for drawing a wage he/she

    • Re:Lawyers, Negligence, Accountability (Score:4, Interesting)

      by micheas ( 231635 ) on Friday September 20, 2019 @04:48AM (#59215384) Homepage Journal
      The problem is that the up to date code is insecure and click2gov doesn't know how it's software gets compromised.

      The cities should at this point be demanding refunds and the banks should be suing Superion for damages.

      Superion doesn't seem to know what the problem is nor how to fix the problem. I'm not sure how you find top-flight programmers that want to work in the mid-west on dot.net payment code.

      Also to make the job more painful, it's not a SAAS offering, but rather a self-hosted solution that by default installs in an insecure manner.

  • If that payment portal used CVV's (number on the back of the card) there wouldn't be this problem

Slashdot Top Deals

A morsel of genuine history is a thing so rare as to be always valuable. -- Thomas Jefferson

Close