The feds have indicted 11 people for stealing millions of credit card numbers from the wireless networks of major retailers. What can you do to protect your family and your wireless network?
by Larry Magid
In August 2008, the Justice Department indicted 11
people for hacking into the networks of nine major U.S. retailers and stealing 40 million credit and debit card numbers.
If you or your family shopped at TJ Maxx, BJ’s Wholesale Club,
OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever
21 or DSW your information could have been included in this online
The thieves broke into the stores’ wireless networks using a
technique called “war driving” whereby they simply drive or walk by a
store using special equipment to detect vulnerable wireless networks.
Once in, they planted “sniffer” software which harvested credit and
debit card numbers and
sent them to the hacker’s own offshore servers. It was an
international effort involving criminals in the U.S. and Eastern Europe.
As a consumer of these stores there is little you can do to protect
yourself other than perhaps using only cash. But cash has an even
greater risk of loss or theft, so I’m not suggesting you shred all of
your plastic to protect yourself! Besides, federal law limits your
liability if your credit card number is misused as long as you report
Check your credit report & bank statements
It’s kind of scary when you think of it. You do everything you can
do to protect your own PC and your own information—and then you hand
over your credit card to a store whose network inadvertently makes it
vulnerable to thieves.
can’t control other people’s networks but it
is a good idea to check your credit card and bank statements
regularly to see if there is any loss. You should also get your free
annual reports from all three major credit bureaus. The only free
credit service authorized by the Federal Trade Commission is AnnualCreditReport.com.
Protect Your Wireless Network
You can protect your own wireless network by using encryption such as WPA (Wi-Fi
Protected Access) that requires users to enter a password before accessing
your network. The older WEP (Wired Equivalent Privacy) is not as secure
as WPA and its newest iteration, WPA2. The WiFi Alliance has a tip sheet on wireless security that
recommends you use the WPA2 standard. You can also turn off the
broadcast of your SSID network name to make it harder for thieves to
find your network.
In a mp3 file
” target=”_blank”>podcast I
did for CBS News, TrendMicro security expert David Perry said that
stores with highly sensitive customer data such as credit card
information should avoid wireless networking completely and use a more
secure wired network. Kaspersky Lab’s David Emm agreed: “I guess you
would see wireless networking as almost inherently more promiscuous so
to speak than regular networks.”