Hackers Purloin Credit-Card Data From Wireless Networks

The most notorious thievery of bankcard PIN started a couple of years back before a Marshalls discount outlet close to St. Paul, Minn.

Presently, detectives think that cyberpunks had aimed a telescope like aerial towards the store and employed a laptop to decipher information transmitted between handheld device, cash registers and the outlet's PCs. This way they infiltrated into the main database of Marshalls' parent company, Framingham Mass. based TJX Cos. to steal client data recurrently.

The simplicity and magnitude of the scam reveal how inadequately several firms were safeguarding their clients' information on wireless networks, which is transmitted by radio emission that can be easily tapped.

Close to 2003, the wireless industry was extending a safer system known as Wi-Fi Protected Access or WPA, with more complicated encryption. Several entrepreneurs strengthened their security, but some, counting TJX were tardy in upgrading security. Afterward an assessor detected that the firm also neglected to set up firewalls and data encryption on several of its machines utilizing the wireless network, and didn't fix the recently purchased security program correctly.

As per detectives the TJX cyberpunks left a few electronic tracks, which prove that their attacks were executed during the maximum sales period to secure tons of information. They initially intercepted data sent by handheld device that shops use to convey price reductions and to handle stock list. The handheld devices are linked with computers in shop's cash registers and with routers that conveys some housekeeping information.

Detectives think that after exploiting information to break the encryption program, cyberpunks digitally intercepted the staff accessing TJX's main Framingham database and purloined some user ID and passcodes. Armed with that data, they installed their personal accounts in the TJX system and gathered banking details into 100 huge records containing bankcard numbers for their personal entrée. They entered the TJX system from a remote terminal, investigators allege.

As the cyberpunks were thieving information, they were trading it on the cyberspace on secure websites utilized by gangs who then collect charges using these bogus cards which are duly etched with numbers from the purloined credit card data, detectives state.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 5/14/2007