It was revealed earlier in the week that hackers had taken command and control of a free e-bill Web site called CheckFree.com. CheckFree offers their customers the ability to collect all their bills and pay them with a few clicks of a mouse.
CheckFree is one the larger companies in e-payment business and serves about 24.7 million customers. Given this, there is little doubt they have a large amount of personal and financial data passing through their site.
The hacking method appeared to be a little less than sophisticated. Someone stole the username and password to the site and put in changes that directed users to a page that installs malware on the user's machine. This was done by changing the address in CheckFree.com's domain name system (DNS) to redirect visitors to an Internet address in the Ukraine. Although CheckFree is still analyzing the malware, Brian Krebs at the Washington Post was able to quote Trend Micro as saying the malware was designed to steal user credentials.
The registrar, Network Solutions, was quick to claim there had been no breach of their system. At this point in the game — since no one knows or is saying -- my guess is that this statement probably means there was one that they don't know of at this time. Network Solutions did warn their customers about a phishing attack on their customers about a month ago. This has led to speculation that the credentials were stolen by information-stealing malware, or by social engineering (someone being tricked into giving them up).
The Washington Post story also mentions that U.S. Bank might have been affected by this attack, but isn't commenting. In a subsequent post in Security Fix (Washington Post), Brian Krebs noted that Internet security firm known as Internet Identity reported that 71 other domains were pointed at the Ukrainian domain in question during the attack.
Thus far, about 5,000 victims have been identified. As in the past, instances where identities were compromised are being offered free identity theft protection for their unfortunate circumstance.
I decided to look at the CheckFree site itself. The reason I did this is because whenever I see the word "free," especially in cyberspace, I've learned to be wary.
Article comments
1 - User
CheckFree is paid by thousands of banks, credit unions, and portals to operate their "Bill Payment" operations. That's where they make their money, not from consumers.
2 - bliffle
Most of the hacking exploits have been primitive, like this one: "The hacking method appeared to be a little less than sophisticated. Someone stole the username and password to the site..."
Most exploits have been performed by tinkering neophytes, too.
But now, with all manner of high-level and experienced software professionals being laid-off and fired there is a great danger of really sophisticated exploits that are difficult to detect and nearly impossible to stop.
Compound that with the difficulty of getting police agencies interested in exploits that a person may find and you can predict utter chaos in the financial community.
Society may collapse like the Tower of Babel.