Online Payment Site Hacked

December 3, 2008

It has been reported that the well known US Online Payment Service, Checkfree, has been hacked and that at least two of their domain names had been taken over. Throughout the US, users were being given bogus security certificates when attempting to login to their accounts.  Also, the site was mapping to an IP address which is allegedly connected to a criminal gang in Eastern European.

At the moment it is uncertain whether customers have been warned that their data may be compromised and the parent company of Checkfree, Fiserv, has not yet made any comments.

Domain names can be hacked through a variety of ways. One common way is through a method called domain poisoning. Essentially this is done when an attacker plants counterfeit data into the cache of a name server. When a user requests a domain name the poisoned server directs the user to another website. Experts have not yet ruled this out as possibility in this case, however, they are saying it is probably more likely that the domains were simply  maliciously transferred away from the domain owners own registrar. This method has been used many times in other attacks.

If the hackers are indeed in Eastern Europe it will be difficult to find a viable legal recourse for Fiserv to pursue and their best bet is to look to technological solutions instead.