Contact us  
 
HOME       >       Safety in the News

Safety in the News

Highlights of the latest news,
laws, products and potential risks,
research, predatory methods and more

Here you'll find highlights of the latest articles on Internet safety worth reading——laws, products (and potential risks), research, predatory methods, and so on—along with my take on what's important in these stories. If you see something in the news you think I should know about, send it to AskLinda@look-both-ways.com . (Don’t forget to send a link to the source article.)

Digging Deeper Into the CheckFree Attack

E-billing Company CheckFree Hacked

Summary

CheckFree, the nations largest e-billing system, was hacked last week. The hackers were able to redirect visitors to a fake customer login site in the Ukraine that tried installing password-stealing software.

CheckFree has more than 24 million users, which is between 70 and 80 percent of the online bill paying market according to Avivah Litan, a fraud analyst with Gartner Inc. Consumers use the service to pay bills like military credit accounts, insurance payments, mortgage and load payments, and utility bills.

The Hackers gained access by using stolen network credentials. Network Solutions, their domain registrar, warned users about a month ago that phishers were attempting to trick customers into giving their website credentials. A similar attack was also launched against eNom, the second-largest domain name registrar. Someone who knew CheckFree’s credentials apparently fell for the phishing scam.

"If all that's protecting a bank's Web site is a user name and password, that's kind of like having a massive vulnerability in the core of the Internet," Litan said. "This could have been a lot worse, and if they can do it to CheckFree, they can do it to other banks."

CheckFree was last weeks highest profile breach, but at least 71 other domains were also compromised and directed to the fake site in the Ukraine according to the anti-phishing company Internet Identity.

Domain registrars are attractive targets for cyber criminals. Internet Identity reviewed 12,305 domain names registered with Network Solutions. According to their president, Rod Rasmussen those domains cover the entire banking industry plus select e-commerce and infrastructure providers.

Panos Anastassiadis, chief executive at Cyveillance, believes this type of attack will be more frequent next year “This type of attack is going to come in a dozen flavors in the coming months. Registrars don't comprehend the layers of security they may be forced to put in place as a result."

My Thoughts

Following on the heels of my recent blog Thieves Winning Online War, May Be Using Your PC, this breach is particularly sobering. If a phishing scam that fools one individual into providing authentication keys is enough to hijack the country’s largest e-payment system, we’re in very serious trouble.

The four recommendations I gave in that blog stand.


Linda


Published Friday, December 12, 2008 3:07 PM by Linda Criddle

Comments

No Comments
Anonymous comments are disabled
   
  Home | Stay Safe Online | Ask Linda | Blog | Safety in the News | About the Book | Consulting | Contact Us
Terms of Use and Privacy Policy
© 2007 Look Both Ways - Onlline Safety Consulting - All rights reserved