Massive ID Theft Linked to Wireless Networks and War Driving
August 9, 2008 – 4:36 amOn Tuesday, federal officials cracked the largest identity theft ring in history. The group of 11 people was charged with stealing more than 41 millions credit and debit card numbers fom major retailers such as OfficeMax and Barnes & Noble. How did they do it? Wardriving.
Wardriving is the technique of driving around in a car with a laptop searching for unsecured wireless networks. Have you ever been using your laptop in a new location and all of a sudden your laptop automatically connects to an unfamiliar network? You just accidentally found an unsecured wireless network. Some moron bought a wireless router and just plugged it into the wall without configuring any of the router’s security settings. Mr. Moron is now providing free wireless internet to anyone within range and has just opened up his network to anyone who wants to use it. A wardriver will hop in the car and seek out these unsecured networks, perhaps for nefarious purposes.
The crooks in this case apparently decided to wardrive down to their local strip mall and were probably pleasantly surprised to find that the computers used by retailers - those would be the one’s with all our debit and credit card information - were hooked up to wireless networks. Why not just download all the information and go shopping?
To be fair, these retailers’ wireless networks were probably not completely unsecured - at least I hope not. The crooks probably found ways to get around the security of these wireless networks. Given enough time and computing power any wireless network can be cracked. By definition a wireless network is constantly transmitting and receiving data over-the-air and anyone with the right equipment can receive it.
I have always been uncomfortable with the use of wireless networks in a business setting where confidentiality of information is an issue - and when is it not an issue? Do you really want your competitors reading your email or seeing what websites you browse? If you process thousands or millions of credit cards, security is paramount.
Wireless networks have security and encryption settings and certainly they should always be used, but by their nature wireless networks are never totally secure. I’m not sure I would ever trust them to keep my credit card information secret. Several large retailers just learned this lesson the hard way - and 41 million consumers are paying the price.
You must be logged in to post a comment.