It seems Alex Jones' store had malicious JS added to their webpage which scraped credit card data from fields and sent it to a Google Analytics look-alike domain. 1600 customers may have been...
It seems Alex Jones' store had malicious JS added to their webpage which scraped credit card data from fields and sent it to a Google Analytics look-alike domain. 1600 customers may have been impacted by this.
Rather than accept that malicious actors don't care about politics, though, Alex Jones issued this response:
This criminal hack is an act of industrial and political sabotage. The corporate press is claiming that a Magento plugin to the shopping cart was the point of entry, but that is not true. Infowarsstore.com has never installed that plugin. We use some of the top internet security companies in the nation and they have reported to us that this is a zero-day hack probably carried out by leftist stay behind networks hiding inside US intelligence agencies.
Magento's top security people have done a site-wide scan and found no security vulnerabilities. And we believe security features we will not mention, appear to have blocked them from getting anyone's credit card numbers.
The hack took place less than 24 hours ago; it is undoubtedly the hacker or hacker group that then reported this to the establishment corporate press in an attempt to scare business away from Infowarstore.com.
Only 1600 customers may have been affected. Most of those were re-orders so their information would not be accessible. Nevertheless, our customer-supporter base is being contacted so they can watch for any unusual charges to their account and rectify them.
Bottom line: this latest action is a concerted effort to de-platform Infowars by big tech, the communist Chinese, and the Democratic party who have been publicly working and lobbying to wipe Infowars from the face of the earth.
In summation, America is under attack by globalist forces and anyone standing up for our republic will be attacked mercilessly by the corporate press, Antifa and rogue intelligence operatives. Infowars will never surrender!
At least they identified it fairly quickly, though.
This part doesn't make any sense to me. If they found no security vulnerabilities, then how did the card skimming software get there? Even if it was a zero-day that's still a security...
Magento's top security people have done a site-wide scan and found no security vulnerabilities. And we believe security features we will not mention, appear to have blocked them from getting anyone's credit card numbers.
This part doesn't make any sense to me. If they found no security vulnerabilities, then how did the card skimming software get there? Even if it was a zero-day that's still a security vulnerability that needs to be addressed. Looks like InfoWars is going to use this to rally their supporters against "the leftists" rather than actually address the vulnerability. I won't be surprised to see another hack on the site in the future, and the next one will likely be better executed.
Hopefully this is just a PR announcement and they are actually working to get to the bottom of what actually happened and they can better protect their users in the future.
No, I am quite familiar with Alex Jones. I just thought that since he has been deplatformed, that website is about the only source of income he has left. I would have thought he would want users...
No, I am quite familiar with Alex Jones. I just thought that since he has been deplatformed, that website is about the only source of income he has left. I would have thought he would want users to feel comfortable buying stuff from his site and he would want to make sure that any vulnerabilities are fixed. I guess he is relying on his users not caring. And he's probably right that they wont.
You're thinking too much like a rational person. His default programming is to whip his followers up into a frenzy of fear and hate. And if he has to set up a strawman to be the target of that...
You're thinking too much like a rational person. His default programming is to whip his followers up into a frenzy of fear and hate. And if he has to set up a strawman to be the target of that fear and hate so he can redirect it toward liberals, so be it.
If it's a verified zero-day, then Magento would be able to validate that such a vulnerability exists. Otherwise, the so-called "top internet security companies in the nation" are claiming it's a...
We use some of the top internet security companies in the nation and they have reported to us that this is a zero-day hack. . .
Magento's top security people have done a site-wide scan and found no security vulnerabilities.
If it's a verified zero-day, then Magento would be able to validate that such a vulnerability exists. Otherwise, the so-called "top internet security companies in the nation" are claiming it's a zero-day without proof. This suggests that those two statements above are completely contradictory and thus bullshit.
The more likely scenarios are that either their security is shit and they're trying to deflect scrutiny, they're just using this as an opportunity to peddle more garbage and get their base riled up, someone they hired/contracted added that JS from the inside and they don't want to admit it, or some combination of the above.
Whatever the case, they aren't particularly good at keeping their story straight.
His statement almost makes it almost seem plausible that they put the hack in themselves just for the ridiculous spin they would get from it.
This criminal hack is an act of industrial and political sabotage. The corporate press is claiming that a Magento plugin to the shopping cart was the point of entry, but that is not true. Infowarsstore.com has never installed that plugin. We use some of the top internet security companies in the nation and they have reported to us that this is a zero-day hack probably carried out by leftist stay behind networks hiding inside US intelligence agencies. (...)
His statement almost makes it almost seem plausible that they put the hack in themselves just for the ridiculous spin they would get from it.
This has been a pretty common type of compromise lately. Brian Krebs wrote an article about it a couple of weeks ago: Who's in Your Online Shopping Cart? He links it in there, but the article...
This has been a pretty common type of compromise lately. Brian Krebs wrote an article about it a couple of weeks ago: Who's in Your Online Shopping Cart?
Another report I read stated that this same person has confirmed the same malware on "100 other popular sites". But no mention of what those sites are.
Another report I read stated that this same person has confirmed the same malware on "100 other popular sites".
It seems Alex Jones' store had malicious JS added to their webpage which scraped credit card data from fields and sent it to a Google Analytics look-alike domain. 1600 customers may have been impacted by this.
Rather than accept that malicious actors don't care about politics, though, Alex Jones issued this response:
At least they identified it fairly quickly, though.
This part doesn't make any sense to me. If they found no security vulnerabilities, then how did the card skimming software get there? Even if it was a zero-day that's still a security vulnerability that needs to be addressed. Looks like InfoWars is going to use this to rally their supporters against "the leftists" rather than actually address the vulnerability. I won't be surprised to see another hack on the site in the future, and the next one will likely be better executed.
Hopefully this is just a PR announcement and they are actually working to get to the bottom of what actually happened and they can better protect their users in the future.
That's because it's all bull... are you not familiar with Alex Jones?
No, I am quite familiar with Alex Jones. I just thought that since he has been deplatformed, that website is about the only source of income he has left. I would have thought he would want users to feel comfortable buying stuff from his site and he would want to make sure that any vulnerabilities are fixed. I guess he is relying on his users not caring. And he's probably right that they wont.
You're thinking too much like a rational person. His default programming is to whip his followers up into a frenzy of fear and hate. And if he has to set up a strawman to be the target of that fear and hate so he can redirect it toward liberals, so be it.
You're right. Somehow I'm still surprised by the sheer idiocy of it all sometimes.
If it's a verified zero-day, then Magento would be able to validate that such a vulnerability exists. Otherwise, the so-called "top internet security companies in the nation" are claiming it's a zero-day without proof. This suggests that those two statements above are completely contradictory and thus bullshit.
The more likely scenarios are that either their security is shit and they're trying to deflect scrutiny, they're just using this as an opportunity to peddle more garbage and get their base riled up, someone they hired/contracted added that JS from the inside and they don't want to admit it, or some combination of the above.
Whatever the case, they aren't particularly good at keeping their story straight.
His statement almost makes it almost seem plausible that they put the hack in themselves just for the ridiculous spin they would get from it.
It would be delicious if the only true false flag was the one Alex Jones planted.
This has been a pretty common type of compromise lately. Brian Krebs wrote an article about it a couple of weeks ago: Who's in Your Online Shopping Cart?
He links it in there, but the article about the British Airways breach is a good read too.
This seems incredibly familiar. Didn't something like this already happen a few years ago?
I think I was just experiencing deja vu when I wrote that. I can't find anything on the internet.
My number one concern is whether the liberals who are no doubt responsible are using their ill-gotten gains to fund child slave sex tourism on Mars.
Another report I read stated that this same person has confirmed the same malware on "100 other popular sites".
But no mention of what those sites are.