A successful domain name server attack on a large Russian payment processor could be a sign of things to come, a U.S.-based online security firm warns.
According to the fourth-quarter 2010 e-crime report just issued by Internet Identity, a Tacoma, Wash. provider of online security services to financial institutions and other e-commerce enterprises, cyber fraudsters hacked the Internet domain of ChronoPay on Dec. 25 and 26, a DNS attack that redirected users to a bogus site and collected approximately 800 credit card numbers from customers.
IID’s president and CTO, Rod Rasmussen, said that in addition to credit card and other account information, such attacks can net corporate email, financial transactions and other sensitive data, and result in serious loss of reputation and non-compliance penalties for the company involved if it occurred in the U.S.
"While we’ve been warning for years that DNS hijackings could result in financial disaster, we hadn’t seen such a well-planned and successful attack of this nature until this incident," Rasmussen said. "With ChronoPay, our worst fears came true. Unlike the recent DNS hijackings of Twitter, Baidu and others, with ChronoPay we have confirmation that people’s vital information was stolen without them being aware of it."
The report also noted a holiday season spike in phishing attacks on e-commerce companies globally, up 13% from the previous quarter and 14% from the year-ago quarter.