Hackers plant card-stealing malware on website that sells baron and duke titles
Image: Wikimedia Foundation
Catalin Cimpanu November 29, 2021

Hackers plant card-stealing malware on website that sells baron and duke titles

Hackers plant card-stealing malware on website that sells baron and duke titles

A threat actor has hacked the website of the Principality of Sealand, a micronation in the North Sea, and planted malicious code on its web store, which the government is using to sell baron, count, duke, and other nobility titles.

Called a “web skimmer,” the malicious code allowed the hackers to collect user and payment card details for anyone who purchased products, such as nobility titles, from the country’s online store.

All transactions made on the site from October 12 have been intercepted by the hackers, Willem de Groot, founder of web security firm Sansec, told The Record in a phone call today.

De Groot said he discovered the code while analyzing the infrastructure of a web skimming group that has been active since last year.

The Sansec founder said he found the same code on the website of a French security services provider as well.

De Groot said the code was not functioning today due to an error but had been active since it was first planted on the Sealand website.

Founded in 1968 by Paddy Roy Bates, one of the operators of pirate radio station Radio Caroline, the Principality of Sealand is located on a decommissioned World War II military fort situated 11 kilometers off the UK coast in the North Sea.

While it declared its independence and sovereignty in the ’60s, the principality was never recognized as a formal state by any other UN nation and is considered a media stunt.

The principality is primarily known these days for selling nobility titles through its website, a practice used by many other small countries or local governments to raise funds for their local budgets.

A Sealand spokesperson could not be reached via telephone, and a request for comment sent via email was not returned prior to publication.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.