Hackers set sights on small businesses, households

Over the past 20 years, in small cities and communities across America, the average daily police record of reported crimes and complaints would hold a familiar, and fairly uniform, list of events - a drunk and disorderly, car prowling, garage break ins, and vandalism would usually fill the police blotters of places like Issaquah and Sammamish.

By Jake Lynch • August 19, 2010 11:34 am

Over the past 20 years, in small cities and communities across America, the average daily police record of reported crimes and complaints would hold a familiar, and fairly uniform, list of events – a drunk and disorderly, car prowling, garage break ins, and vandalism would usually fill the police blotters of places like Issaquah and Sammamish.

In recent times, however, a new form of criminal activity is working its way into our communities, less personal, but perhaps even more invasive – credit card frauds, computer hacking, and identity theft. They call it white collar crime, but it makes no such discrimination, targeting both business owners and consumers, homeowners, students, the elderly.

Though big business was originally the target of hackers, who by using sophisticated programming applications gain access to banking accounts and security systems, now it is small businesses and regular households.

At last year’s Visa Security Summit in Washington DC, business owners and computer techs heard that, after years of spending a lot of money protecting themselves with top-line defense software and security teams, large businesses had forced the bad guys to look for an easier target.

Often that easier target is people like Sammamish’s Darla Padgett.

Not dissuaded by the bad economy, in June of this year Padgett opened her first retail store, My Little Shopper, in the Klahanie Shopping Center. With My Little Shopper, Padgett had done her homework. She originally leased the shop front for a temporary stint, selling a line of giftware while asking people what sort of products they wish were available in Klahanie. In this way, she was able to build the kind of store that was needed, using existing demand to decide what she would offer.

As anyone who has run their own business will tell you, there are a myriad of concerns at startup – inventory, suppliers, marketing, fit-out and administration systems. And Padgett didn’t know it yet, but there was one other thing she had to worry about. Someone had hacked into her computer system.

“From who knows where, they had hacked into the hard drive of my computer here in the store and downloaded what is known as a ‘key-logging’ program,” Padgett told The Reporter. “They could see everything I was typing, they could record all the numbers and information I typed into the computer. Emails, communications with clients, passwords, everything.”

By spying on Padgett’s computer activity, the hackers only had to wait until she logged into her online bank account before they had all the information they needed to get their payoff. The first Padgett knew that someone had been in her account and transferring money out at will was when she tried to log in. The hackers had changed the password. Immediately, the system crashed.

As soon as she had opened the doors to her new store, she had to close them again. My Little Shopper shut down for a day, and then reopened with a manual cash register. It was lucky that Darla had a brother-in-law, Paul, who specialized in computer security systems, so she was able to avoid the thousands of dollars it would have cost a consultant to clean her computer system.

The breach threw into confusion her supplier relationships – no one knew whether money had gone to legitimate businesses or the hackers’ accounts. But, as bad as it was for My Little Shopper, it was only the astute thinking of Padgett that prevented this security breach spreading to a whole web of Klahanie shoppers.

From the day she opened, Padgett insisted she have two separate lines – one for her computer system and another for the credit/debit card terminal. It costs her more, but, she said, it makes for safer shopping.

“If we had of been using the same line for both systems, as well as what I was typing on the store computer the hackers would also have been able to see every one of the swipes of customer’s cards,” Padgett said. “I had heard the horror stories of people having their credit card details that way. As a new small business, I wanted to make that extra effort to protect my customers. You can imagine my relief when I found out we had been hacked that I knew it was only going to be our accounts that were affected and not the people who had shopped here.”

Padgett also does not take debit cards, on the chance that hackers are recording pin numbers. In the end, Padgett will bounce back. But she has been forever changed by her brush with world of computer hacking.

“It wreaked havoc,” she said. “Here we are, a brand new business, and they are already all over us.”

According to one of Padgett’s neighbors at the Klahanie Shopping Center, Craig Walker of Plateau Computer and Wireless, hacking and virus installation was big business being run by organized crime syndicates, often out of Eastern Europe, particularly Croatia and Russia.

“We are talking about $200,000 a week,” he said. “There are rooms of people, all working on writing this kind of software.”

Walker said he sees at least one customer everyday whose computer security has been compromised – as The Reporter was speaking with him, a lady came in, urgently seeking his help. The store hadn’t even opened for the morning. For Walker, internet security and virus removal make up the biggest single part of his work; as lucrative as hacking is for the criminals, there are thousands of technicians, consultants and virus removal software companies who rely on there always being hackers.

Walker categorized four distinct kinds of hacking efforts:

• Delivery of Service (DOS) viruses – “These are just malicious, just for the hacker’s fun. They take pride in being able to crash your computer.”

• ‘Phishing’ tools – Trick you into entering personal information. An example of this is where a window will pop up telling you your computer needs a new security update. You are asked to input your credit card info, or other information. The window looks like its from Windows, but it’s launched by the hacker.

• Middle man virus – “For example, you go to the Bank of America site to do your online banking. You type in www.bankofamerica.com, and up comes a page, with a Bank of America logo on it and everything, asking you to confirm your details. You punch your info in, and the hackers have it. They are not hacking into the bank’s system, it is your computer, which takes you to the fake page.”

• Key loggers – This is the virus that made its way into My Little Shopper. The hacker records all of your keystrokes, gaining access to passwords and other sensitive information.

According to Walker, most viruses get into a home or office computer through unsecured web sites. He said a recent study found that 1 in 5 sites was infected by a virus. The great majority of these are porn or free gaming sites.

“If you just visit your regular sites, like cnn.com, news sites and such, your likelihood of getting a virus is pretty low,” he said. Walker added that students following obscure web links while researching often opened themselves up to infection – his business gets very busy in the months when college students return home for the holidays.