ALERT! “Backoff” Malware Hits 600 Stores ALERT!

The Department of Homeland Security is investigating “Backoff”  the latest malware to strike the point of sale systems of over 600 retailers. 

Point of sale systems or POS are the small card readers used nearly universally in stores all over the country. Backoff malware has been used by hackers to steal consumer payment data that includes credit and debit card information. The information was stolen from merchants that use remote administration desktop applications according to the  DHS. The announcement of the data breach was made Thursday.

Trustwave a cybersecurity company that assisted the DHS in compiling the report says at least six hundred businesses across the country have had the malware installed on their systems since Oct. 2013.

Karl Sigler, threat intelligence manager at Trustwave, stated that most of the 600 physical stores that have the malware are small businesses. But, he added, some large retailers may also have the malware. One DHS official who asked to remain anonymous stated that large stores were specifically vulnerable when buying smaller businesses that may not have strong security protections and policies in place. 

Hackers have been targeting businesses that use remote administration applications. According to the DHS experts these are the same remote administration software tools used by technical support to carry out work on computers from an off-site location. Once hackers identify businesses with inadequate I.T. security or poor password protection they simply break into the network then, using the remote administration tool, install the malware.

“Once the malware sees a credit card system in memory, or typed in, it grabs that credit card information, then encrypts it and ships it out to another system under criminals’ control,” Sigler explained.

Sigler also added that  “Many more victims are likely to be discovered in the coming months. A lot of smaller businesses were affected but there were very large chains that were affected as well. But they’re names anyone in the states would recognize,” Sigler said. “This is just the tip of the iceberg, but only time will tell how far this reaches.”

All businesses that have been identified as targets of the breach have been made aware of the attack, Trustwave said.

The Secret Service is also investigating the breach and searching for the  hackers behind the Backoff malware attacks.  The Justice Department  did not respond to questions and the Secret Service said it could not comment on how many businesses were affected.

Breaking It Down

Basically these government investigators are playing us for suckers. They are happy to notify the stores that were attacked by these hackers but not you, the customer and card holder. Do I need to say it again? I will, black people don’t play with our money.  Six hundred stores have had the malware since October of last year. So that includes the entire holiday shopping season. That includes the major data breach of Target. That’s a lot of people, black people, who have used their cards at any of these 600 mysterious stores.  But no one wants to let you know if your card is among the data lost. We have a right to know what stores are affected. We have a right as a consumer to know what stores have poor security or compromised systems. So we can stop shopping there. That’s our right as consumers. The government has left us high and dry.

This situation is basically the corporations telling you they don’t care and government saying we can’t help you. No matter what happens there is no one out there looking out for the consumer. When is someone going to tell you that your card data was lost? The stores simply pay off the fraud, you get your money back, and they pretend it didn’t happen. Its cheaper to pay you than fix the problem. How long is that going to last? How long before something really ugly happens and the U.S. economy suffers a destabilizing blow. Perhaps the hacking of a stock market computer that sends the economy reeling is what they are looking for. You’d better hope not.