See your link here
TJX perps' huge wardriving conspiracy theory
1 comment- TAGS:BJ's, credit card, dsw, TJX, wardriving
- IT TOPICS:Government & Regulation, Mobile & Wireless, Networking, Security, Servers & Data Center
It's IT Blogwatch: in which an alleged conspiracy of international cyber-criminals is indicted, in the largest such case the DoJ has ever prosecuted. Not to mention the Gates vs. Jobs lightsaber duel...
Grant Gross reports:
Eleven people have been charged or indicted in a massive identity theft and computer fraud scheme involving some of the largest data breaches in recent U.S. history, the Department of Justice announced Tuesday.The participants in the scheme targeted nine U.S. retailers, including BJ's Wholesale Club, TJX and DSW Shoe Warehouse, DoJ officials said. Those three retailers all announced large data breaches between 2004 and 2007. OfficeMax, Barnes & Noble, Boston Market, Sports Authority and Forever 21 also were targeted. The ID theft ring ... installed sophisticated "sniffer" programs on the retailers' networks, allowing them to collect credit card and password information
...
This case is believed to be the largest hacking and ID theft case the DoJ has ever prosecuted. more
Joseph Menn adds:
The ring is accused of driving past retailers and restaurants with wireless equipment, looking for ways into the corporate wireless networks. Once inside, they planted "sniffers"
...
A three-year undercover investigation turned up records on 41 million people stored on computers in Eastern Europe. Tens of millions of dollars were lost as the perpetrators created new bank cards with stolen data and then made withdrawals from ATM machines. more
Ben Worthen worries:
Nearly all of them remain at large and one is still known only by an online pseudonym–reminders of how difficult it can be to catch cyber criminals ... grand juries in Boston, San Diego and New York had indicted 11 alleged hackers ... [The] gang members hail from the U.S., Estonia, Ukraine, China, and Belarus. Three of the [alleged] criminals are in custody: Albert Gonzales, a U.S. citizen, is being held in New York; A Ukrainian national was arrested in Turkey last year; and an Estonian was arrested in Germany in March.
...
Gonzales has been working as an informant for the secret service since 2003. The fact that he can’t even name one of his alleged coconspirators speaks volumes about how hard it is to police cyber crime ... Most hacks go unreported, the ones that do are hard to investigate, and even when you know who did it the criminal is often in China or the Ukraine or some other country where it’s hard to get law-enforcement officials to cooperate. more
Angela Gunn would shoot the perps: [You're fired... See what I did there? -Ed.]
Aside from the grim satisfaction of seeing criminals hauling before the Law, I'm liking today's news ... because it provides something that many security folk crave, and that the sane ones actually get much too rarely: Ladies and gentlemen, we have a ginormous conspiracy.Conspiracy! Instead of the thousand little glitches, biffs, stumbles, stupidities, accidents and just plain coincidences that security folk have to cope with on a daily basis, we have a coherent group of bad guys doing big things in an organized fashion. Conspiracy!
...
In all seriousness it's nice to think that maybe some of the mega-breaches we've seen in the past few years were due to a distinct group of crooks who are now out of commission. No one believes that breaches are going away ... But if these 11 guys were responsible for so much mayhem, I'm pleased to hear they're collared.. more
Mike Masnick is depressed:
The "culprits" of the breach have been charged in the case, but it shouldn't exactly put your mind at ease about these breaches. After all, the credit card info they accessed (over 40 million cards by most accounts) is still out there, though many card holders have already changed their numbers.But, more importantly, it sounds as though most of those responsible aren't in the US at all and are basically sitting free in Eastern Europe and Asia. Hell, one of those "charged" is only known by his online username, with no indication where he might be located. So, yes, it's good that the feds tracked down some of the folks responsible, but most of them are probably still out there getting access to the credit cards your provider sent you to replace the ones compromised by these guys in the first place. more
ragethehotey reminds us:
And this was all because [TJX] transmitted customers credit card information in plaintext over an unsecured wireless connection. Not saying they shouldn't be held responsible for their incompetence, but I'm shocked that they actually had to pay out $60,000,000 [in PCI fines]. more
And finally...
Buffer overflow:
Other Computerworld bloggers:
- SJVN: Would you buy a Microsoft-less desktop?
- Michael R. Farnum: Clear Program = Clear Text
- Mike Elgan: How flying has changed in 20 years
- Heather Havenstein: Many companies vulnerable to 'brand hijacking'
- John Brandon: Best Olympic sites to bookmark now
- Mark Hall: A Good BI SaaS
- John Brandon: Site-of-the-Day: NHL.tv
- Douglas Schweitzer: Automated shortcuts lead to surprising places - or do they?
- Shark Tank: Just like that other thing, only not
- Shark Bait: Two Support tales
Like this stuff? Subscribe to the RSS feed.
Richi Jennings is an independent analyst/adviser/consultant, specializing in blogging, email, and spam. A 21 year, cross-functional IT veteran, he is also an analyst at Ferris Research. You can follow him on Twitter, pretend to be Richi's friend on Facebook, or just use boring old email: blogwatch@richi.co.uk.
Previously in IT Blogwatch:
Print
Email this
Digg this
