[ISN] Hackers in attack on RBS credit card firm

From: InfoSec News (isn@private)
Date: Thu Nov 06 2003 - 22:56:28 PST

  • Next message: InfoSec News: "[ISN] Verisign Plans for Security Alert System"

    http://www.business.scotsman.com/banking.cfm?id=1224512003
    
    6 Nov 2003
    
    COMPUTER hackers have attacked a company that processes online credit
    and debit card transactions for thousands of UK businesses, it has
    emerged.
    
    WorldPay, which is part of Edinburgh-based Royal Bank of Scotland
    Group, said it had been bombarded with millions of bogus e-mails in
    the past couple of days, which had left the firm struggling to deal
    with genuine payments.
    
    The Cambridge-based company has around 27,000 clients of all sizes
    around the world, ranging from blue-chip heavyweights such as Vodafone
    and Sony Music Entertainment to numerous small online retailers. The
    bulk of its clients are located in the UK and mainland Europe, and
    payment requests from websites are normally sent in via e-mail.
    
    The firm said a massive number of messages from elsewhere had come in
    to the same address over a 24-hour period. As a result, transaction
    requests have either crashed or been slowed down.
    
    However, it appears those behind the e-mails - which originate in the
    Ukraine - have set out to disrupt business rather than attempt to
    commit fraud. WorldPay said it was putting alternative systems in
    place which should solve the problem.
    
    In an e-mail sent to its customers, the firm said that "a co-ordinated
    effort by a third party" had left the networks surrounding its payment
    and administration systems "flooded with requests on a massive
    computer generated scale".
    
    A company spokesperson said: "It is important to stress that the
    integrity of the WorldPay payment and administrative systems is intact
    and there has been no third party access or interference with customer
    or merchant data."
    
    WorldPay operates in more than 70 countries and accepts payments on
    major credit cards including Visa, Mastercard, Diners and American
    Express. At the start of this year, Visa and Mastercard admitted a
    hacker had gained access to more than five million credit card
    accounts.
    
    More recently, net provider PSINet and security firm PanSec
    International said an unprotected website they set up as part of a
    study was attacked about 2000 times a week over a two-month period.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Nov 07 2003 - 02:37:22 PST