Jordan Robertson of the Associated Press reports:
Think of it as one more reason not to write checks.
Hackers believed to be operating out of Russia have figured out a high-tech way to carry out the decidedly low-tech crime of check fraud, a computer security company says — writing at least $9 million in fakes against more than 1,200 legitimate accounts.
But these hackers got the account information in an unusual way: They broke into three websites that specialize in a little-known type of business — archiving check images online.
[…]
Stewart uncovered the scam while investigating malicious software that steals banking passwords. In eavesdropping on one criminal group’s communications, which he was able to do by infecting his own computer with the malicious program the group was using, he noticed they were doing something unexpected: collecting massive amounts of images of checks.
He found a file logging all of their transactions, which revealed that 3,285 checks were written against 1,280 accounts since June 2009. Most checks were written for less than $3,000 to evade banks’ anti-fraud measures. Overall, he saw about 200,000 stolen check images — suggesting the criminals have exploited only a fraction of the accounts on which they have information.
SecureWorks isn’t identifying the hacked sites.
Read more in the Portland Press Herald.