The Canadian Press - ONLINE EDITION

Homeland Security warns retailers about hacking software, estimates 1,000 businesses affected

  • Print

WASHINGTON - More than 1,000 U.S. retailers could be infected with malicious software lurking in their cash register computers, allowing hackers to steal customer financial data, the Homeland Security Department said Friday.

The government urged businesses of all sizes to scan their point-of-sale systems for software known as "Backoff," discovered last October. It previously explained in detail how the software operates and how retailers could find and remove it.

Earlier this month, United Parcel Service said it found infected computers in 51 stores. UPS said it was not aware of any fraud that resulted from the infection but said hackers may have taken customers' names, addresses, email addresses and payment card information.

The company apologized to customers and offered free identity protection and credit monitoring services to those who had shopped in those 51 stores.

Backoff was discovered in October, but according to the Homeland Security Department the software wasn't flagged by antivirus programs until this month.

Jerome Segura, a senior security researcher at cybersecurity software firm Malware Bytes, said that the way that Backoff works is not unique. The program gains access to companies' computers by finding insufficiently protected remote access points and duping computer users to download malware, tricks that have long been in use and are often automated.

What has changed, Segura said, is that the hackers deploying it have become increasingly sophisticated about identifying high-value computer systems after they've broken into them.

"Once the bad guys realized they were able to penetrate larger networks, they saw the opportunity to develop malware that's specifically for credit cards and can evade antivirus programs," he said.

By using Backoff selectively, rather than distributing it widely on the Internet, the hackers likely managed to escape detection for longer. Following Homeland Security's warnings in July, however, companies are much better able to probe their own computers for Backoff.

The battle between retailers and hackers is an ongoing one. Retail giant Target, based in Minneapolis, was targeted by hackers last year and disclosed in December that a data breach compromised 40 million credit and debit card accounts between Nov. 27 and Dec. 15. On Jan. 10, it said hackers stole personal information — including names, phone numbers and email and mailing addresses — from as many as 70 million customers.

Target, the third-largest retailer, has been overhauling its security department and systems in the wake of the pre-Christmas data breach, which hurt profits, sales and its reputation among shoppers worried about the security of their personal data. Target is now accelerating its $100 million plan to roll out chip-based credit card technology in all of its nearly 1,800 stores.

So-called chip and pin technology would allow for more secure transactions than the magnetic strip cards that most Americans use now. The technology has already been adopted in Europe and elsewhere.

Though improving card technology and updating malware detection will help retailers defend themselves, Segura said that the recent profusion of computer breaches should make companies think harder about how they use remote access systems for employees and vendors. By limiting what portions of their systems can be accessed remotely, he said, companies can limit the damage that hackers can do.

"This past year and a half has been breach after breach," he said. "It's incredible."

___

Associated Press writer Anne D'Innocenzio in New York contributed to this report.

Fact Check

Fact Check

Have you found an error, or know of something we’ve missed in one of our stories?
Please use the form below and let us know.

* Required
  • Please post the headline of the story or the title of the video with the error.

  • Please post exactly what was wrong with the story.

  • Please indicate your source for the correct information.

  • Yes

    No

  • This will only be used to contact you if we have a question about your submission, it will not be used to identify you or be published.

  • Cancel

Having problems with the form?

Contact Us Directly
  • Print

You can comment on most stories on winnipegfreepress.com. You can also agree or disagree with other comments. All you need to do is be a Winnipeg Free Press print or e-edition subscriber to join the conversation and give your feedback.

You can comment on most stories on winnipegfreepress.com. You can also agree or disagree with other comments. All you need to do is be a Winnipeg Free Press print or e-edition subscriber to join the conversation and give your feedback.

Have Your Say

New to commenting? Check out our Frequently Asked Questions.

Have Your Say

Comments are open to Winnipeg Free Press print or e-edition subscribers only. why?

Have Your Say

Comments are open to Winnipeg Free Press Subscribers only. why?

The Winnipeg Free Press does not necessarily endorse any of the views posted. By submitting your comment, you agree to our Terms and Conditions. These terms were revised effective April 16, 2010.

letters

Make text: Larger | Smaller

LATEST VIDEO

Doug Speirs does C4 Comicon

View more like this

Photo Store Gallery

  • MIKE.DEAL@FREEPRESS.MB.CA 100615 - Tuesday, June 15th, 2010 The Mane Attraction - Lions are back at the Assiniboine Park Zoo. Xerxes a 3-year-old male African Lion rests in the shade of a tree in his new enclosure at the old Giant Panda building.  MIKE DEAL / WINNIPEG FREE PRESS
  • Someone or thing is taking advantage of the inactivity at Kapyong Barracks,hundreds of Canada Geese-See Joe Bryksa’s goose a day for 30 days challenge- Day 15- May 22, 2012   (JOE BRYKSA / WINNIPEG FREE PRESS)

View More Gallery Photos

Poll

Are you in favour of the Harper government's new 'family tax cut'?

View Results

View Related Story

Ads by Google