Fraudsters have managed to hijack the domain name of ChronoPay, Russia's biggest online payment processor, and point it to a fake version of the site in order to steal credit card details.
Brian Krebs reports that chronopay.com directed visitors to the phishing page for several hours during the night between December 25 and December 26.
Criminals managed to steal credit card data from around 800 customers during that period and then posted a message in the company's name saying that the entire database of transactions from 2009 and 2010 was compromised.
ChronoPay's CEO Pavel Vrublevsky rejected this claim as untrue and said the company is still working with its domain registrar, Directnic, to determine how the hijack occurred.
Apparently the attackers not only managed to change the domain's DNS records, but also transferred it from Directnic to Network Solutions.
They also stole and leaked a number of private keys used to sign SSL certificates that protect ChronoPay transactions, however, according to Vrublevsky, almost all of them are old.
Domain hijackings have become quite common and there are several ways in which they are performed, depending on each registrar's verification process.
Just last month, Turkish hackers hijacked the domain name of Secunia, one of the leading vulnerability research companies in the world.
Last year, Baidu, the largest Web search engine in China, sued Register.com for gross negligence after one of its employees handed its domain over to hackers, even though they failed to pass the required security checks.
Also in 2009, a group called Iranian Cyber Army managed to hijack Twitter.com for a brief period of time and direct users to a different website.
Two years ago, in December 2008, CheckFree, a large US online bill payment service, announced that two of their domain names have been hijacked for nine hours.
0 comments:
Post a Comment