Magazine article American Banker

Data Hackers Shift to Phishing for Domain Name Credentials

Magazine article American Banker

Data Hackers Shift to Phishing for Domain Name Credentials

Article excerpt

Byline: Daniel Wolfe

Security experts are warning financial companies of a relatively new type of computer attack in which hackers gain control of a bank's domain name.

The technique gained widespread attention last month when hackers briefly took over the domain names of Fiserv Inc.'s CheckFree bill payment unit, and observers say they have seen signs that this form of attack will be used more widely this year.

The domain name system, or DNS, attack "in late 2008 has started getting a lot of attention from attackers, as opposed to past years, when this area was pretty quiet," Amit Klein, the chief technology officer at Trusteer Ltd. of Tel Aviv, said in an interview.

"The major reason" for the trend, he said, "is that attackers found out that it's much easier to get users to browse to so-called legitimate sites rather than direct users to sites that are obviously not legitimate."

Most phishing attacks involve fake sites that replicate a bank's site but must be hosted elsewhere. In some cases, fraudsters are able to register domain names that include the brand of the site they are imitating, but people who type banks' domain names into the browser each time they visit would typically not be directed to fake sites.

Because consumers are aware of such ways to avoid false sites, "the effect of phishing, at large, is somewhat less than it used to be," which has prompted attackers to seek new methods, Mr. Klein said.

A DNS attack "does take a bit more expertise" than phishing does "but not a lot more," he said, especially since expertise can be bought. "Everything that's very sophisticated today becomes a kit within a year or two ... if it's proven successful enough."

And old-fashioned phishing still plays a role, but with DNS attacks, the recipients of the phishing e-mails are not consumers but the people who work at domain name registrars, the companies that control Web site names, Mr. Klein said.

"Earlier this year, there were attempts of phishing for credentials that were used to manage domain names in a major DNS registrar," he said. "Such attempts would indicate that fraudsters are looking to hijack domains just as successfully as they did with CheckFree."

Lori Stafford-Thomas, a Fiserv's spokeswoman, said in an e-mail that the cause of the Dec. 2 CheckFree incident remains under scrutiny by the Federal Bureau of Investigation and that she could not comment on how fraudsters might have succeeded in controlling its domain names.

She stressed that the takeover was brief and did not lead to a breach of any data held by Fiserv. It regained control of its domain names at 5 a. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.