Online Privacy Archives - The Privacy Post


“Heartbleed” Security Flaw Affects Millions of Users and Sends Internet into Panic Mode

Posted by on Apr 15, 2014


Security bug “Heartbleed” allows hackers to access sensitive user information. Image from Wikimedia Commons

A major security bug, “Heartbleed”, has been making major headlines recently. The security vulnerability has infiltrated many well-known websites, and affected millions of users. It was discovered in some versions of OpenSSL, utilized by thousands of websites. OpenSSL is an encryption technology that uses TLS/ to secure communication over the Internet, and protect sensitive user information like usernames, passwords, credit card numbers, and financial data. Therefore, the exploitation of this critical bug allows cyber criminals to gain access to personal details of millions of Internet users. More information makes an attacker stronger, and opens the door to many more intrusions.

The bug was identified by a group of security engineers at Codenomicon while they were working on improving the security features of the company’s security testing tools. Heartbleed could be considered as one of the biggest security threats in Web security, because it exposes the contents of a server’s memory, where most sensitive user data is stored. This vulnerability allows anyone on the Internet to read the memory of systems protected by vulnerable versions of OpenSSL. It can compromise the private keys used for encrypting communication and identifying trusted sources on the Internet. The most worrisome aspect of this news is that this vulnerability existed for two years and was not detected until recently.

OpenSSL handles a service of TLS called Heartbeat, an extension to TLS added in 2012. German programmer, Robin Seggelmann, introduced the new feature “Heartbeat” to OpenSSL. His intention was to improve some features of the encryption technology, and enable the“Heartbeat” feature for better security in OpenSSL, the software package used in nearly half of all web servers. Open SSL is used to protect Apache and nginx Web servers, email servers (SMTP, POP, and IMAP), chat servers, VPNs, and other client-side software. According to the research of security experts, a mere coding “oversight” led to a coding error that created the  “Heartbleed” vulnerability. In an interview with The Guardian, Seggelmann said, “I am responsible for the error because I wrote the code and missed the necessary validation by an oversight. Unfortunately, this mistake also slipped through the review process and therefore made its way into the released version.” Segglemann submitted the code on the New Years Eve 2011, which means OpenSSL used in Websites and other client-side software has contained this vulnerability since that time.

It has also been discovered that Juniper and Cisco routing gears also have this vulnerability that might allow the hackers to capture passwords or personal user data while passing over the Internet. The way HeartBleed works is very simple. The Heartbeat extension is used by two computers to make sure if the other is alive or not. The client sends its heartbeat to the server to check its status, and the server sends it back to the client to give an indication that it is listening. The packet simply contains random chunks of data and a note saying how much data it sent. The server receiving the data returns exactly the same amount to the client. If by chance either one of them is down and does not respond, the other will know by the heartbeat sync mechanism.

With Heartbleed, the attacker exploits this mechanism by lying about the amount of data it has sent to the server. For example, even if only one byte of data was sent, it will tell the server that it sent 64KB of data. In doing this, the server makes a note that it has to send 64KB of information to the client in order to establish communication. If the server does not have 64KB of data, then it fills the packet with any other information it has in its memory at that time. This means that anything in the memory, like encryption keys, user keys, passwords, usernames, emails, and business documents, can be compromised by an attacker. Sending more Heartbleed requests allows the attacker to fetch even more memory. The good news is that there is no evidence so far that the bug has been exploited by anyone. Also, the issue has been fixed in OpenSSL v1.0.1g. However, users will still need to take protective measures to ensure protection against Heartbleed vulnerability. In my next post, I will be discussing about different security measures that users can take to protect themselves against Heartbleed.

Protection against cyber attacks with SpiderOak: HeartBleed is a major security vulnerability, having the potential to be exploited by hackers to access a massive amount of user data. However, strong security practices always make it difficult for intruders to easily access sensitive information. SpiderOak implements strong security controls to ensure protection of sensitive user data from cyber attacks.  SpiderOak’s encryption is comprehensive — even with physical access to the storage servers, SpiderOak staff do not know the names of your files and folders. The secret that keeps your data accessible to you alone is your SpiderOak password, which is never transmitted to SpiderOak in its original form. SpiderOak offers amazing products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. SpiderOak Blue provides enterprises with a fully private cloud service featuring all of the benefits of cloud storage along with 100% data privacy. And for the average web user, SpiderOak offers the same protections with lower costs and smaller storage space. Sign up for this product today.

Online Privacy Archives - The Privacy Post


The Ploutus Predicament: New ATM Malware Allows Hackers to Remotely Access Cash

Posted by on Mar 27, 2014

Ploutus malware

Ploutus malware allows attacker to take control of  ATM machines remotely.
Image source:

The recent major data breach at Target has been an eye-opener that showed how malware infected Point-Of-Sale (PoS) devices can be exploited to gather huge amounts of credit and debit card data. Malware attacks are on the rise these days. The reason why most of these attacks are successful is because most of the malware being used is new and unknown, and no defense mechanisms are in place to counter it. Another new form of malware, called Ploutus, is targeting ATM machines and allowing cyber criminals access cash. In order to install this malware, the hacker needs to be able to physically access the ATM machine. Therefore, in the majority of cases it is seen that standalone ATM machines, especially the ones in convenience stores, become victims of data breaches. The ATM machines in banks are usually more secure than standalone ATM machines, and have a heavy physical shield protecting them from unauthorized access.

Security vendor Symantec initially identified this new form of malware. They carried out research on a standalone ATM machine to determine exactly how the Ploutus malware works. The standalone machines allow hacker can access all parts of the machine with only minimal effort. The latest version of the malware allows the hacker to control the malware remotely via text messages. They must first set up a mobile phone within the ATM machine to connect and infect it with malware. To effectively connect with the ATM, the hackers use a method called USB tethering. Since the phone is connected to the ATM through a USB port, it continually draws power from the connection to keep the phone battery recharged. Once the phone is connected to the ATM, the hacker will send an SMS message to the phone attached to the ATM. The phone will detect the message, convert it into a network packet, and forward it to the ATM via USB cable.

According to Symantec, “the network packet monitor (NPM) is a module of the malware which acts as a packet sniffer, watching all network traffic going on in the ATM. As soon as the compromised ATM receives a valid TCP or UDP packet from the phone, the NPM will parse the packet, and search for the number “5449610000583686” at a specific offset within the packet in order to process the whole package of data. Once that specific number is detected, the NPM will read the next 16 digits and use them to construct a command line to run Ploutus”. The Ploutus malware has proven to be extremely effective for the cyber criminals to carry out fraudulent activities. It allows  them to control the machine remotely and withdraw as much cash as they want.

Ploutus ATM malware exploits standalone machines, using USB tethering and text messages to retrieve information.
IMage source:

The security researchers at Symantec believe the reason behind these kinds of attacks is the vulnerability in Windows XP operating system, which the majority of ATMs run on. This vulnerability is exploited by cyber criminals to install malware on ATM machines. Microsoft has already announced the risk of “zero day forever”. Once Windows XP retires, Microsoft will not be releasing any patches for upcoming security vulnerabilities, and as a result, these systems will only become more vulnerable to cyber attacks. Besides Ploutus, the Symantec security team has also found out several different forms of malware that target ATM machines for several other reasons. There are different kinds of sophisticated malware designed to carry out different types of attacks, like stealing PIN numbers or Man-in-the-Middle attacks.

These days, many ATM machines have better security features, like encrypting data on a hard disk, ensuring protection against malware installation. However, with older versions of ATM machines running on Windows XP, it is challenging to ensure protection against malware attacks. Still, a few things can be done to enhance the security on older version, such as upgrading to Windows 8, implementing full disk encryption for protection against tampering, and enhancing physical security by constantly monitoring the ATM machines using CCTV. By taking all these security measures into account, we can protect ATM machines from massive data breaches.

Shielding Private Data with SpiderOak

A great way to shield sensitive consumer and corporate data from any snooping eyes is through storing and syncing with a private cloud service provider. For enterprises looking for a truly private cloud service, SpiderOak Blue offers fully private “public” and onsite server deployment options for full flexibility. Choosing the right third party cloud service can be a challenge, as many services on the market have security gaps which leave private data vulnerable to third party attacks, malware, and legal snooping. But SpiderOak sets itself apart from the rest of the market by providing a fully private cloud service featuring all of the benefits of cloud storage along with 100% data anonymity.

SpiderOak protects sensitive enterprise data through 256-bit AES encryption so that sensitive files and passwords stay private. Authorized accounts can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices, as SpiderOak never hosts plaintext data. SpiderOak Blue’s private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, making this one of the only cross-platform solutions on the market. You can sign up for this product now




Online Privacy Archives - The Privacy Post


Snowden’s Take on the Value of End-to-End Encryption

Posted by on Mar 20, 2014


Edward Snowden highlights the importance of end-to-end encryption.
Image from Flickr User DonkeyHotey

The PRISM revelations have made us more aware and proactive regarding maintaining our privacy in the electronic medium. The NSA has left no stone unturned to monitor and gather millions of user data. They have circumvented almost every security control on the Internet for bulk data collection. When it is not possible for them to break into the system, they provide legal notice to companies to access sensitive user information. In such a situation, how can we expect to maintain the security of our data? How can businesses retain the trust of their consumers that their data is safe from surveillance?

Recently, Edward Snowden spoke at the Southwest Interactive technology festival in Austin via satellite video, regarding the importance of encryption for data privacy. He said encryption works if it is implemented properly. This practice has time and again proved to be one of the most effective ways of protecting data. Snowden emphasized that encryption should not only be implemented by businesses, but active research and analysis should also be done on this security control at an academic level. The best method is end-to-end encryption. It ensures complete security of data against unauthorized access. However, often times it is seen that end-to-end encryption is not implemented in mainstream commercial products. Across the majority of the Internet, online companies are hesitant to implement end-to-end encryptions in their products.

The reason behind this is that if major Internet companies, like Google or Facebook, would implement strong encryption protocol like end-to-end encryption, then it will become extremely difficult for them to gather data about their users to utilize for targeted advertising and will conflict with their business model. They believe that adding more security controls to a product will negatively impact the user experience. The tools that are used these days to offer end-to-end online communications are not refined and not easy to use.

A recent report revealed that several top websites use hidden scripts to determine how long you hover over an ad, when you pause, or click on it. In doing this, they are able to determine your interests and send you promotions or advertisements according to these perceived interests. Facebook has recently announced its intent to monitor cursor movement of users to make improvements in its service. It will collect various pieces of information, such as how long you hover over a particular part of its website or whether your news feed is visible at a given moment on your mobile phone’s screen. They store all this captured information in a data analytics warehouse and make sure that you are getting targeted ads related to this information. The NSA takes advantage of these technologies used for targeted advertisement to carry out surveillance activities. It has been successful in breaking encryption standards, monitoring website cookies, and tapping into the data center links of well-known technology companies to collect user data.

After the PRISM revelations, many technology companies like Google, Yahoo, and Facebook announced new encryption protocols to encrypt user data in transit. The problem with these protocols is that they encrypt communications at the point of transport, and then the companies decrypt and re-encrypt it. On the other hand, end-to-end encryption encrypts your data on your systems. Therefore, it is difficult for intelligence gathering services to target individual computers and access user data. However, one of the drawbacks of implementing strong encryption protocols is that it is usually harder to use and not available for free.  According to Snowden, “If you have to go to a command line, people aren’t going to use it. If you have to go three menus deep, people aren’t going to use it.” In order for end-to-end encryption to work effectively it has to be more user-friendly.

Besides implementing end-to-end encryption, companies should not store user data for an extended length of time. It is totally understood that at times companies need to collect user data for improving their services or adding some extra features to their application. However, if they make sure that the user data is not stored for unnecessarily long periods of time, then they can provide better security to their customers from surveillance programs.

Snowden also recommends some security tools to the Internet users for better security of their data on the Internet.  You can use disk protection to protect data on hardware, implement browser security plugins, like NoScript and Ghostery, for web cookie tracking, and last, but not the least, utilize Tor to hide your identity while surfing the Internet.

Protect your personal data from NSA surveillance with SpiderOak: SpiderOak encrypts the files in your computer before uploading them to the server. As a result, you, and only you, have access to your unencrypted data. Even SpiderOak cannot read your data because the keys used for encryption only belong to you. It is impossible for someone to gain control of your data by hacking into SpiderOak. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak offers amazing products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. SpiderOak Blue provides enterprises with a fully private cloud service featuring all of the benefits of cloud storage along with 100% data privacy. And for the average web user, SpiderOak offers the same protections with lower costs and smaller storage space. Sign up for this product today.


Online Privacy Archives - The Privacy Post


Managing Disaster Recovery in the Cloud

Posted by on Mar 18, 2014

Cloud based disaster recovery is the most efficient and cost effective approach for data back up.
Image from

Cloud computing is attracting many enterprises because of its easy deployment, cost effectiveness, and flexibility. One of the major advantages of cloud computing is its disaster recovery approach. With this system, enterprises have a cost effective disaster recovery plan in place, and do not have to worry about deployment and maintenance of IT infrastructure or resources for disaster recovery. Cloud computing gives a completely different approach to disaster recoveryIn this approach, the operating system, data and applications are integrated into a single software bundle or virtual server. This virtual server can be easily copied and backed up on an off-site data center within minutes. In comparison to the conventional disaster recovery approaches, this is extremely beneficial because it is hardware independent and therefore it is easy to transfer information from one data center to another without the burden of installing every component of the server. Cloud-based disaster recovery approach is extremely cost effective and dramatically reduces recovery time compared to traditional approaches.

Beyond easy deployment and cost effectiveness, there are a few other benefits of a cloud-based disaster recovery approach:

  • The cloud platform manages the disaster recovery servers and storage devices effectively and reduces the impact of failure at the disaster site.
  • With the cloud it is possible to add resources on an as-needed basis with fine granularity, and optimum costs.
  • The cloud-based approach completely eliminates the hardware dependencies, and reduces the hardware requirements at the back up site.
  • It can be easily automated, lowering recovery times after a disaster.

Given the benefits of cloud disaster recovery, it definitely looks like an attractive alternative for enterprises searching for reliable data storage and back up. Before implementing cloud disaster recovery, you do need to take several things into consideration. Like any traditional disaster recovery, there is no blueprint for cloud disaster recovery. Different organizations have different needs and priorities depending on the business they are in.

  • First and foremost, identify and prioritize the critical resources of your organization. Determine how much downtime is acceptable before there is a significant impact on the business. Prioritizing critical resources and determining recovery method is the most important aspect during this process. Ensure that all your critical apps and systems are included in the blueprint.
  • Once you have determined the critical resources, the next step is to identify a cloud provider who is equipped to fulfill your needs. There are different cloud providers that offer different facilities. If you want to build a cloud-based disaster recovery site, then you need to find a provider with specific capabilities. Similarly, if you want to replicate data to the cloud, then you should sign up for a storage plan only and avoid paying expenses for other services.
  • After all the above-mentioned tasks are taken care of, you need to determine the cost of your cloud-based disaster recovery plan. The pricing model is comprised of various factors, like monthly subscription, the amount of bandwidth used, storage space used, and the number of VMs.

Additionally, one of the most important aspects that an enterprise needs to take into consideration is security. The cloud is vulnerable to many security attacks and breaches. Therefore, while moving to a cloud-based disaster recovery plan, enterprises should focus heavily on the security practices of cloud service provider.

According to John Morency, research vice president at research firm Gartner, Inc. in Stamford, Connecticut, “You still see with some major events, such as the lightning strike in Dublin [in 2011] that took out the cloud services, of Amazon and Microsoft, that there can be some temporary loss of service. The cloud shouldn’t be considered 100% foolproof. If organizations do need that 100% availability guaranteed they need to put some serious thought into what they need to develop for contingencies.” There are several  aspects of security that the enterprises should take into account before moving to cloud disaster recovery: Determine how security data is transferred, stored and managed in the cloud. What  access control mechanisms are in place? What security controls are used to protect data from unauthorized access? Apart from passwords, what extra layer of security is used to protect your data? Lastly, make sure that the cloud service provider complies with all the security rules and regulations required to maintain the privacy of data. With strong security practices and controls in place, the cloud disaster recovery approach is one of the most efficient and cost effective approaches for modern enterprises.

SpiderOak and Disaster Recovery

SpiderOak provides makes it easy to backup existing data and provides disaster recovery. It allows users to create and sync their local documents with a cloud version, which they can later access from any device. These systems even save revisions of documents so users can go back if they make a mistake and retrieve a previous version. SpiderOak Blue provides enterprises and large businesses with fully secure cloud storage, zero-knowledge, end-point device backup, remote syncing, and sharing. Essentially, it offers all of the convenience of the cloud, along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers, or outsourced deployment through a private and secured public cloud server, so that enterprises can seamlessly tailor the service to fit their unique needs. Authentication is resolved via a virtual appliance that is positioned behind your firewall and is integrated with Active Directory/LDAP for a single sign-on. The service is compatible with Mac, Windows, and Linux, as well as iOS and Android, to provide comprehensive and mobile security for companies with a remote workforce. Sign up today to try SpiderOak.







Online Privacy Archives - The Privacy Post


NSA Surveillance Taking a Toll on U.S. Cloud Computing Companies

Posted by on Feb 20, 2014

The NSA surveillance might affect U.S. cloud computing companies negatively.
Image from

Recently we have examined both the conveniences and concerns regarding cloud services, and the conversation is most likely far from over. National Security Agency surveillance has definitely raised concerns about privacy of user data in cloud services. Documents leaked by Edward Snowden indicate that the NSA has been collecting huge amounts of user data by cracking encryption technologies, using backdoor methods, and in some cases providing legal notice. As enterprises are using well-known cloud services like Amazon or Google, the PRISM revelations might lead to a negative impact on U.S. cloud storage companies, as the surveillance activities of the spy agency have taken a toll on the reputation of technology companies. People are becoming increasingly concerned about the privacy and security of their data stored in the cloud.

The NSA is basically devising all possible ways to break the security controls on the web to track and collect huge amounts of user data. The news about the NSA cracking encryption of common online security products and placing secret doors at the access points can further undermine the confidence of foreign businesses. The NSA has been successful in cracking the majority of the encryption codes on the Web, by using supercomputers, technical trickery, court orders, and behind-the-scenes persuasion. Apart from deciphering the encryption of online products, the NSA has devised programs to deliberately insert vulnerabilities in commercial products, so that they may collect more information by exploiting those vulnerabilities. The NSA asks these companies to deliberately make changes to their products in undetectable ways like leaking encryption keys, making random number generator less random, adding a common exponent to a public-key exchange protocol, and so on.

According to research done by the information technology and innovation foundation (IITIF), NSA surveillance may end up costing U.S. cloud service companies $22 billion through 2016. The prediction by IITIF assumes that the U.S. might lose about 10% of its cloud computing market to European and Asian competitors. The United States is considered a leader in cloud computing usage and innovation, but PRISM revelations might cause a shift away from leading data storage providers like Google, Yahoo, and IBM. recently lost one of their major clients due to government surveillance activities. This is just one example showing the negative impact of surveillance on cloud services. In the future, if the government does not take a stand on reforming the surveillance programs, cloud service companies in this country might have to bear huge loss.

Taking all of the security concerns into consideration, many companies have requested the government to allow them to publish a transparent report of mass data collection requests made my the NSA. In order to gain the trust of their customers, it is extremely important for cloud service providers to be transparent regarding the storage and sharing of sensitive user information. The government needs to take action towards reforming the surveillance program, and allow companies to reveal more details about what data has been requested of them by the government. It also needs to establish international transparency to gain the trust of foreign customers.

Similarly, cloud service providers also need to implement strong security controls to ensure better safety of their customers from surveillance programs. It would be wide for them to construct strong encryption standards such as 256 bit-AES for better security. Encryption has time and again proved to be the most secure method for protecting data in the cloud. The keys used for encrypting sensitive customer data should be managed effectively by periodic key rotation and re-encryption of data with new keys. Employees should be not be given more access than what is needed to complete their tasks. Cloud storage companies should require strong passwords, longer keys, or complex hash algorithms to make it difficult for anyone to access user data.

I believe by implementing security measures and being transparent data usage, companies can gain the trust of their customers, and those who have been enjoying the benefits of U.S. cloud services might think twice before moving to alternate services. Under the light of NSA surveillance, cloud startups whose prime goal is to secure their customer data will see a huge growth in their business in the near future.

Protect your personal data from NSA surveillance with SpiderOak: SpiderOak encrypts the files in your computer before uploading them to the server. As a result, you, and only you, have access to your unencrypted data. Even SpiderOak cannot read your data because the keys used for encryption only belong to you. It is impossible for someone to gain control of your data by hacking into SpiderOak. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak offers amazing products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. SpiderOak Blue provides enterprises with a fully private cloud service featuring all of the benefits of cloud storage along with 100% data privacy. And for the average web user, SpiderOak offers the same protections with lower costs and smaller storage space. You can sign up for this product now.


Online Privacy Archives - The Privacy Post


Cloud Computing and Denial of Service Attacks: Examining the Vulnerability of NTP Servers

Posted by on Feb 18, 2014

Denial of Service Attacks on Cloud Services are becoming increasingly frequent.
Image from

Cloud services are becoming increasingly popular these days, both among the public and business enterprises. While convenient, Cloud services can be extremely vulnerable to Denial of Service attacks (DoS). As more organizations are relying on cloud computing technology for their business operations, denial of service attacks, one of the most common forms of attack on the cloud, can prove extremely damaging. A DoS attack makes your network or machine unavailable to the intended users by flooding them with connection requests. Within the eighth annual Worldwide Infrastructure Security Report from security provider Arbor Networks, it was revealed how cloud services increase the risk of attacks. The report indicated: “94% of data center operators reported security attacks, 76% had suffered distributed denial of service (DDoS) attacks towards their customers, while just under half (43%) had partial or total infrastructure outages due to DDoS and yet only 14% of respondents had seen attacks targeting any form of cloud service.”

Continue reading…

Online Privacy Archives - The Privacy Post


Healthcare Data Security: Is Your Cloud Service Provider HIPAA compliant?

Posted by on Feb 13, 2014


Cloud service providers must comply with HIPAA guidelines. Image from

With healthcare data doubling every year, it can be extremely difficult for medical institutions to manage such a huge amount of information using traditional IT systems. This is one of the reasons why the healthcare industry is gradually moving towards the use of cloud services.  A cloud storage system allows organizations to place data on a centralized electronic system that can be accessed anytime from anywhere. Cloud services can help the healthcare industry to access and manage health records effectively in order to provide better patient care. A properly implemented cloud storage system allows hospitals to process tasks effectively and quickly, without causing a drop in performance. Cloud computing has proven extremely beneficial and cost effective for patients and healthcare providers.

Continue reading…

Online Privacy Archives - The Privacy Post


How Can Enterprises Ensure Security Against Cloud Security Breaches?

Posted by on Feb 11, 2014

Secure cloud storage for better security.
Image from

Cloud computing has become the driving force of today’s IT industry. More and more enterprises are moving towards this technology because of its flexibility, cost effectiveness, and easy deployment. According to the technology researchers at Gartner, the cloud services are expected to grow to $210 million by 2016. However, cloud computing is vulnerable to several security breaches and cyber attacks. The fact that the cloud hosts a tremendous amount of data makes them an attractive target for the cyber criminals. It is also extremely difficult to track or investigate cyber attacks on cloud services because of an ever changing set of users and data centers.

Continue reading…

Online Privacy Archives - The Privacy Post


New Security Technology “Honey Encryption” Deceives Hackers

Posted by on Feb 7, 2014

bee hive

Honey Encryption tricks hacker from getting access to your data.
Image from

Security researchers have devised a unique method to trick the hackers trying to crack encrypted information. As you may know, encryption is one of the most effective methods of protecting data. However, it is seen that in many cases intruders are successful in getting into the system by trying different encryption-cracking methods. There are several sophisticated pieces of software that are capable of deciphering secure data. Keeping these security concerns in the forefront, two security researchers, Ari Juels and Thomas Ristenpart, from the University of Wisconsin Madison, have come up with a new encryption system called “Honey Encryption”.

Continue reading…

Online Privacy Archives - The Privacy Post


Wookie Gone Wrong: Tor-Enabled Malware ChewBacca Infects Dozens of Retailers

Posted by on Feb 4, 2014

Chewbacca infects Point of Sale terminals of retail stores.
Image from

The Point-of-Sale (PoS) malware attacks seem to be on the rise since last year. Many retailers like Target and Neiman Marcus became victims of such attacks. Recently, the RSA brought into light another PoS malware called “ChewBacca”. In the past three months, this Trojan has stolen credit and debit card information from dozens of retailers. While the majority of the retailers are based in the U.S., the attack has also been noticed in few other countries like Russia, Canada, and Australia. Due to lack of security controls on the PoS machines, they have become the easy target of financially motivated attacker, who is able to access millions of customer’s data. Let’s take a look at how the ChewBacca malware works. Continue reading…