[ISN] Hackers gain access to server hosting bank Web sites

From: InfoSec News (isn@private)
Date: Wed May 31 2006 - 00:14:58 PDT


Associated Press
May. 31, 2006

MAPLEWOOD, Minn. - Premier Banks says there is no evidence so far that
hackers stole and used consumer data when they diverted customers from
Premier's Web site to a phony site that asked for customers' personal

President Mark Novitski said the Web site was immediately shut down
after a customer reported the problem.

Maplewood-based Premier Banks, which operates 22 branches, was among
more than 100 banks across the nation that were affected when hackers
gained access to a server operated by Goldleaf Technologies Inc. of
Brentwood, Tenn., on Thursday. Goldleaf is host to Web sites mostly
for smaller community banks.

Customers who tried to gain access to the sites were redirected to a
phony Web site that asked for a user name and password. If a customer
entered them, the site then asked for credit card and ATM
personal-identification numbers.

Goldleaf spokesman Scott Meyerhoff said the security breach affected
about 150 to 175 bank Web sites for anywhere from a minute to an hour
and a half. He said the breach was the first in the company's history.

Premier Banks notified the FBI and Federal Deposit Insurance Corp. and
plans to send letters to its customers about the incident, advising
them to change their online passwords, Novitski said.

"The crooks are getting smarter," Novitski said. "It's a never-ending

Novitski said the phony Web page fortunately didn't look like the
bank's Web site. But he said he couldn't be sure how many customers
may have entered information on the fake Web page.

If the phony Premier Bank Web site had looked convincing, more of the
bank's customers would have given up their data, said Ted Crooks, vice
president of global fraud solutions for Minneapolis-based Fair Isaac
Corp., which designs anti-fraud software for banks.

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Wed May 31 2006 - 00:33:16 PDT