54°F
weather icon Cloudy
Las Vegas, NV
News

Hacker case met with shrugs

August 7, 2008 - 9:00 pm
 

Federal authorities are calling it the largest hacking and identity theft case yet. But this week's indictments of 11 people accused of plundering millions of payment card numbers might not seriously dent the underworld where such crimes occur.

Researchers at a hacking conference in Las Vegas met the news with a muted reaction, saying the theft of credit and debit cards will still flourish.

"These guys were just persistent and lucky. And they got caught," said Jim Christy, a longtime cyber crime investigator who now works in computer-security outreach for the Department of Defense. "There's probably a lot more stuff being stolen that's never been reported."

The scope of the identity theft is breathtaking: More than 41 million debit and credit card numbers were stolen from major retailers, including TJX Cos., BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority and DSW.

It's also costly. The hardest-hit retailer, TJX, which operates the T.J. Maxx and Marshalls discount clothing chains, took $197 million in charges to cover losses from its breach, which began in July 2005.

Yet security researchers had a humdrum reaction to Tuesday's indictments partly because identity theft is a booming multibillion-dollar business. Dismantling one operation just means another will pop up in its place.

Another reason is the indictment revealed that the hackers' tactics were crude, suggesting they stumbled into a much bigger security hole than they had anticipated.

The hackers allegedly found insecure wireless networks using a simple method known as "wardriving," or driving around in a car with laptops or other devices, to look for stores' Wi-Fi connections with security holes. Once inside the networks, the hackers allegedly installed programs to capture credit and debit card numbers in transit from the stores to payment processors.

The vastness of the security vulnerability may have helped hasten the hackers' demise, because stolen card numbers are typically sold in batches of thousands or in some cases tens of thousands. Unloading millions of card numbers is likely to be spotted.

Even if the cards are broken into smaller chunks, banks and payment processors are likely to notice a large number of cards getting hit with the same "test" charges at once, typically a small amount to determine whether the card works.

"It's almost an embarrassment of riches -- how do you move 41 million credit card numbers?" said Jeff Moss, founder of the Black Hat and DefCon hacker conferences, which draw thousands to Las Vegas each year to learn about the latest vulnerabilities. "That's like trying to rob Fort Knox by yourself."

MOST READ
Don't miss the big stories. Like us on Facebook.
THE LATEST
People carry umbrellas while walking on a path at Alamo Square Park, in San Francisco, Tuesday, ...
California to holiday travelers: Stay off the roads
By Tran Nguyen The Associated Press

California officials and weather forecasters urged holiday travelers to avoid the roads on Christmas Eve and Christmas Day ahead of a series of powerful winter storms.

Police lights. (Las Vegas Review-Journal)
‘Sopranos’ actor indicted for attempted murder in road rage shooting
Jessica Schladebeck, New York Daily News

An actor whose credits include HBO’s hit “The Sopranos,” as well as the films “J. Edgar” and “The Prestige,” has been indicted on charges related to a road rage incident, during which he shot a woman in the face, police said.

As prisoners stand looking out from a cell, Homeland Security Secretary Kristi Noem speaks duri ...
‘60 Minutes’ pulls story about Trump deportations from its lineup
By David Bauder Associated Press

An internal CBS News battle over a “60 Minutes” story critical of the Trump administration has exploded publicly, with a correspondent charging it was kept off the air for political reasons and news chief Bari Weiss saying Monday the story did not “advance the ball.”

MORE STORIES