Boston has become somewhat of a hub for what is looking like the biggest ID theft in US history (to date, of course). The US Attorney General
Michael Mukasey annonunced yesterday here in Boston that a ring of 11 were
charged with massive ID theft in a series of successful attacks on the wireless networks of major retailers:
“They then hacked into the networks of TJX, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Dave & Buster's, Sports Authority, Forever 21, and DSW. After gaining access to the systems, they installed programs that captured card numbers, passwords, and account information, officials said.”
The ring is notably international, which shows how this type of crime is not in any way limited by geography. Note in the following quote that the hackers used better security than their victims:
“The defendants - one from Estonia, three from Ukraine, two from China, one from Belarus, and one of unknown origin - allegedly concealed the data in encrypted computer servers they controlled in Europe and the United States.”
The key to the operation: breaking into the networks of these large retailers through the weakest link in the perimeter, their poorly secured wireless network.
2 comments:
What a breach.
There was another article in the Globe yesterday, that describes the breach in more detail. The hackers had their own VPN to tunnel back into the network from anywhere.
This is why regular security audits are recommended, to help detect holes in your network like the ones TJ Maxx had, including configuration reviews of network equipment such as wireless access points. Even more thorough audits that include a review of systems can uncover malicious software already installed.
Another important point of the article is that the hackers and hard core criminals have been teaming up for a while now:
"Details of how to encode blank cards with stolen account numbers are among the topics typically discussed on underground websites, security experts say; the Secret Service estimates there are 20 message boards or websites in the United States and overseas where criminals sell stolen numbers, trade tips, and form bonds like those between Gonzalez and Yastremskiy."
Post a Comment