US warns shops to watch for customer data hacking

Aug 23, 2014

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

A hacker software weapon dubbed Backoff is "compromising a significant number" of businesses large and small, according to an advisory put out by the US Computer Emergency Readiness Team (CERT).

CERT urged those administering point-of-sale systems to check whether Backoff is mining information from transactions and to report any cases to the Secret Service.

"The impact of a compromised PoS system can affect both the businesses and consumer by exposing customer data such as names, mailing addresses, credit/debit card numbers, phone numbers and e-mail addresses to criminal elements," CERT said in an advisory.

"These breaches can impact a business's brand and reputation, while consumers' information can be used to make fraudulent purchases or risk compromise of bank accounts."

Backoff was first identified in 2013 and has been identified as a culprit in a set of Secret Service investigations.

Hackers have evidently been cracking into systems used to remotely access business or store networks and then installing malware to harvest credit card numbers, passwords or other valuable data used for purchases.

Remote access features have become increasingly common as businesses manage systems at diverse locations from central offices or workers link to headquarters from home or the field.

Hackers have been using "brute force" attacks which typically involved computer programs battering accounts with relentless guesses about user names or passwords, according to CERT.

An advisory on the CERT website outlines what business system operators should watch for and suggests ways to deal with Backoff.

US supermarket chain Albertsons, which has 1,060 stores in the United States, and its former owner SuperValu revealed last week that their computer systems were raided by hackers seeking credit card data.

However it was not immediately clear if the data had been stolen.

The hackers attacked sometime between June 22 at the earliest and ended the intrusion July 17 at the latest.

Both said the intrusion was brought under control, and that their customers can make credit and debit card purchases at the stores with no reason to worry.

The break-in is reminiscent of one suffered by retail chain Target, which revealed last year that 40 million bank accounts or credit cards had been compromised when its computer system was hacked from November 27 to December 15.

Explore further: US warns retailers on data-stealing malware

add to favorites email to friend print save as pdf

Related Stories

US warns retailers on data-stealing malware

Jul 31, 2014

US government cybersecurity watchdogs warned retailers Thursday about malware being circulated that allows hackers to get into computer networks and steal customer data.

Judge lets US intercept info from hacked computers (Update)

Jun 03, 2014

The Justice Department can continue to intercept information from 350,000 computers worldwide that are known to be infected with a data-stealing virus being spread by an alleged Russian computer hacker and his conspirators, ...

Official says hackers hit up to 25,000 US workers

Aug 23, 2014

The internal records of as many as 25,000 Homeland Security Department employees were exposed during a recent computer break-in at a federal contractor that handles security clearances, an agency official said Friday.

Recommended for you

Google offers peek into Bhutan with Street View launch

1 hour ago

Google provided a sneak peek into Bhutan Thursday by unveiling a Street View project for the remote Himalayan kingdom, featuring panoramic views of its majestic mountains, monasteries and crystal-clear rivers.

Twitter looks to weave into more mobile apps

15 hours ago

Twitter on Wednesday set out to weave itself into mobile applications with a free "Fabric" platform to help developers build better programs and make more money.

Google unveils app for managing Gmail inboxes

16 hours ago

Google is introducing an application designed to make it easier for its Gmail users to find and manage important information that can often become buried in their inboxes.

Fighting cyber-crime one app at a time

22 hours ago

This summer Victoria University of Wellington will be home to four Singaporean students researching cyber threats. The students have been working with Dr Ian Welch, a lecturer in Victoria's School of Engineering and Computer ...

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

TheGhostofOtto1923
1 / 5 (1) Aug 23, 2014
So, how soon before hackers break into everything and steal all our money? Any idea?
Doug_Huffman
not rated yet Aug 23, 2014
LOL What a hacker can steal is not currency, arguably not money but credit. MOLON LABE applies to much more than merely arms.
Vietvet
5 / 5 (1) Aug 23, 2014
LOL What a hacker can steal is not currency, arguably not money but credit. MOLON LABE applies to much more than merely arms.


Hackers have stolen money, millions of dollars.