Epsilon breach used four-month-old attack

Powered by SC Magazine
 

ReturnPath had warned partners of breach in November.

A data breach exposing the customer details of the likes of Citigroup, Hilton Hotels and Dell Australia was part of a series of socially-engineered attacks first reported by an Epsilon technology partner some four months ago, iTnews can reveal.

The world’s largest email service provider, Epsilon, disclosed on April 1, 2011 that the data it manages on behalf of a subset of its 2500 global clients had been accessed by hackers the day prior.

Today iTnews can reveal that Epsilon has been aware of the vulnerability behind this attack for some months.

In late November, Epsilon partner ReturnPath – which provides monitoring and authentication services to email service providers - warned customers about a series of coordinated phishing and hacking attacks levelled at the mailing list industry.

Neil Schwartzman, senior director of security strategy at Return Path’s ‘Email Intelligence Group’ warned its partners of “an organized, deliberate, and destructive attack clearly intent on gaining access to industry-grade email deployment systems”.

He said that the phishing attacks were targeted specifically at employees at email service providers that had specific access to email operations.

Schwartzman offered an example to illustrate:

“Hey Neil, it’s Michelle here, it has been a long time huh ? how’re you doing ? how’s your work with Return Path ? Is everything ok there ? Hey, can you believe it! I got married to Brian ! Yes I did. I tried to call but you did not answer. You have changed your number, haven’t you? Just give meyour current telephone number if you read this mail. It’s really a pity that we did not see you in our wedding. I wanted to invite you so much. Well, here I’m sending you a few pics taken in our wedding:

http://www.weddingphotos4u.net/Photos/Michelle/

Let’s keep in touch then.

Love,

Michelle & Brian”

The link in the body of the email took the user to a page that downloaded three malware programs – one that disables anti-virus software, another (iStealer) that is a Trojan keylogger to steal passwords, and a third (CyberGate) which offers hackers remote administration of the infected machine.

“The potential consequences should ESP [email service provider] client mailing lists be compromised at this time of the year is unimaginable,” Schwartzman told customers.

Schwartzman’s nightmare came true within days.

By December 10, drugstore giant Walgreens – today an Epsilon customer - revealed that it had been the victim of a phishing attack levelled at its customers.

On December 13, fellow email service provider Silverpop Services revealed that it too had “recently detected suspicious activity in a small percentage of customer accounts”, and responded by changing all passwords and engaging the FBI’s cybercrime division.

In the days that followed, it was revealed that McDonalds and Play.com customers had been hit with phishing attacks as a result of this breach.

In an update on December 15, Silverpop chief executive Bill Nussey revealed that the company was “working with industry peers to share what we have learned” from the attack.

Epsilon – the world’s largest email service provider and a ReturnPath partner – subsequently installed systems designed to alert administrators to unusual patterns in the downloading of data.

It was this system that kicked in on March 30, 2011 and the company subsequently informed its clients of a data breach affecting two percent of its large customer base.

“Epsilon is working with Federal authorities, as well as other outside forensics experts, to both investigate this matter and to ensure that any additional security safeguards needed will be promptly implemented,” the company said in a statement overnight.

The challenge for Epsilon will be to now convince its clients that it had done enough to protect their data, considering the number of months it had known of the vulnerability.

Copyright © iTnews.com.au . All rights reserved.


Epsilon breach used four-month-old attack
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  25%
TOTAL VOTES: 346

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  58%
 
No
  42%
TOTAL VOTES: 144

Vote