"Tolley wouldn't say what banks were affected by the hack, but the
majority of these five million customers were CheckFree's own users,
she said. In total, about 42 million customers access CheckFree's bill
payment site, she said.
Customers who went to CheckFree's Web
sites between 12:35 a.m. and 10:10 a.m. on the morning of the attack
were redirected to a Ukrainian Web server that used malicious software
to try and install a password-stealing program on the victim's
computer.
The criminals were able to take control of several
CheckFree Web domains after logging into the company's Internet domain
registrar, Network Solutions, and changing the CheckFree DNS (Domain
Name System) settings. This same technique was used by hackers one year
ago, to take control of Comcast's Web site. It is not clear how the
attackers were able to get CheckFree's Network Solutions password, but
some security experts believe that CheckFree may have fallen prey to a
phishing attack.
Looking at typical Web site traffic patterns,
Fiserv guesses that about 160,000 consumers were exposed to the
Ukrainian attack site, but not all of these customers would have been
infected. For the attack to work, the victim would have to be a PC user
without antivirus software who was also using an out-of-date-version of
Adobe Acrobat. Because of these conditions, Fiserv believes that "a
very small number" of people were affected, Tolley said."
