Businesses: Be wary of every keystroke

Posted Nov. 09, 2009, at 12:13 a.m.

Last week, we looked at fraud artists’ attempts to trick consumers into revealing personal and financial data online through a technique known as “phishing.” The cyber criminals are also targeting businesses, which often lack the protection Maine or federal law gives individuals.

In the spring of last year, Hannaford executives had one of their worst fears realized: Hackers had intruded into their computer network and stolen credit and debit card numbers and expiration dates.

At the time, The Associated Press cited company officials in reporting that up to 4.2 million card numbers may have been stolen. A mid-March report on Computerworld’s Web site indicated about 1,800 cases of fraud had resulted at that point.

The result for Hannaford has been costly. Hannaford’s chief information officer, Bill Homa, told reporters the company would be spending “in the millions” to make its computer networks more secure.

It arranged meetings with experts from several well-known firms aimed at going “above and beyond the industry standard for retailers” in terms of protecting card data. One new step is a “real time-real people” system that sends alerts whenever an attempted breach is discovered.

Hannaford’s widely publicized incident was far from the largest. A couple of years back, TJX Cos. Inc. — owner of T.J. Maxx, Marshalls and Bob’s Stores — was the target of computer hackers. In those attacks, thieves stole more than 45 million credit and debit card numbers.

A man from Miami and two unidentified Russian suspects have been indicted in the Hannaford, TJX and other cases.

Another kind of cyber crime preys on job seekers, offering them the kind of work that could put them in a legal bind.

In September, Downeast Energy and Building Supply, based in Brunswick, was the victim of cyber crooks who had planted keystroke logging malware on the company’s computers. They also managed to steal passwords the company used for online banking. Those steps allowed the thieves to transfer more than $200,000 in in-crements of less than $10,000, so as to avoid banks’ reporting requirements aimed at averting money laundering.

The transfers involve what are called “money mules,” either willing or unknowing “local agents” who move money by Cablegram or Western Union for gangs perpetrating the fraud. These “agents” are often hired through Internet jobs sites, offering big money for little work.

Of the money stolen from Downeast Energy’s accounts in early September, Washington Post blogger Brian Krebs reports, $150,000 has not been recovered. Krebs said the FBI — usually reluctant to specify dollar amounts from such crimes — is being more specific these days. With an estimated $85 million targeted by thieves and $40 million successfully stolen, federal officials want business people to know how serious cyber crime can be so they can protect themselves and their computer systems.

Officials with the state Department of Professional and Financial Regulation say they can expect to see more attempts to crack businesses’ security. Doug Dunbar, assistant to the commissioner, put it this way: “As criminals become more sophisticated [technologically], we’re bound to see more of this.”

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s membership-funded, nonprofit consumer organization. Individual and business memberships are available at modest rates. For assistance with consumer-related issues, including consumer fraud and identity theft, or for more information, write: Consumer Forum, P.O. Box 486, Brewer 04412, or e-mail contacexdir@live.com.

SEE COMMENTS →

ADVERTISEMENT | Grow your business
ADVERTISEMENT | Grow your business

Similar Articles

More in Business