Skip to main content
Advertising

Originally published August 26, 2014 at 7:50 AM | Page modified August 26, 2014 at 9:25 AM

  • Share:
           
  • Comments
  • Print

Gov't warns US retailers about hacking software

More than 1,000 U.S. retailers could be infected with malicious software lurking in their cash register computers, allowing hackers to steal customer financial data, the Homeland Security Department said Friday.


Associated Press

advertising

WASHINGTON —

More than 1,000 U.S. retailers could be infected with malicious software lurking in their cash register computers, allowing hackers to steal customer financial data, the Homeland Security Department said Friday.

The government urged businesses of all sizes to scan their point-of-sale systems for software known as "Backoff," discovered last October. It previously explained in detail how the software operates and how retailers could find and remove it.

Earlier this month, United Parcel Service said it found infected computers in 51 stores. UPS said it was not aware of any fraud that resulted from the infection but said hackers may have taken customers' names, addresses, email addresses and payment card information.

The company apologized to customers and offered free identity protection and credit monitoring services to those who had shopped in those 51 stores.

Backoff was discovered in October, but according to the Homeland Security Department the software wasn't flagged by antivirus programs until this month.

Jerome Segura, a senior security researcher at cybersecurity software firm Malware Bytes, said that the way that Backoff works is not unique. The program gains access to companies' computers by finding insufficiently protected remote access points and duping computer users to download malware, tricks that have long been in use and are often automated.

What has changed, Segura said, is that the hackers deploying it have become increasingly sophisticated about identifying high-value computer systems after they've broken into them.

"Once the bad guys realized they were able to penetrate larger networks, they saw the opportunity to develop malware that's specifically for credit cards and can evade antivirus programs," he said.

By using Backoff selectively, rather than distributing it widely on the Internet, the hackers likely managed to escape detection for longer. Following Homeland Security's warnings in July, however, companies are much better able to probe their own computers for Backoff.

The battle between retailers and hackers is an ongoing one. Retail giant Target, based in Minneapolis, was targeted by hackers last year and disclosed in December that a data breach compromised 40 million credit and debit card accounts between Nov. 27 and Dec. 15. On Jan. 10, it said hackers stole personal information -- including names, phone numbers and email and mailing addresses -- from as many as 70 million customers.

Target, the third-largest retailer, has been overhauling its security department and systems in the wake of the pre-Christmas data breach, which hurt profits, sales and its reputation among shoppers worried about the security of their personal data. Target is now accelerating its $100 million plan to roll out chip-based credit card technology in all of its nearly 1,800 stores.

So-called chip and pin technology would allow for more secure transactions than the magnetic strip cards that most Americans use now. The technology has already been adopted in Europe and elsewhere.

Though improving card technology and updating malware detection will help retailers defend themselves, Segura said that the recent profusion of computer breaches should make companies think harder about how they use remote access systems for employees and vendors. By limiting what portions of their systems can be accessed remotely, he said, companies can limit the damage that hackers can do.

"This past year and a half has been breach after breach," he said. "It's incredible."

___

Associated Press writer Anne D'Innocenzio in New York contributed to this report.



Want unlimited access to seattletimes.com? Subscribe now!

News where, when and how you want it

Email Icon

Career Center Blog

Career Center Blog

Bad email habits to break today


Advertising
The Seattle Times

The door is closed, but it's not locked.

Take a minute to subscribe and continue to enjoy The Seattle Times for as little as 99 cents a week.

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Subscriber login ►
The Seattle Times

To keep reading, you need a subscription upgrade.

We hope you have enjoyed your complimentary access. For unlimited seattletimes.com access, please upgrade your digital subscription.

Call customer service at 1.800.542.0820 for assistance with your upgrade or questions about your subscriber status.

The Seattle Times

To keep reading, you need a subscription.

We hope you have enjoyed your complimentary access. Subscribe now for unlimited access!

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Activate Subscriber Account ►