Say goodbye to Jonny Hell.
In what United States law enforcement deemed “the single largest and most complex identity theft case ever charged in this country,” Hell (legally known as Aleksandr Suvorov of Sillamae, Estonia) was among the 11 international citizens charged Tuesday in a case that involved “wardriving” hack attacks on nine major U.S. companies. The global identity theft ring (with members from countries including the United States, China and Belarus) netted 40 million credit card and debit card account numbers by essentially eavesdropping electronically, “sitting in parking lots outside the stores and electronically listening to computers inside,” explains the Detroit Free Press.
“It’s a tactic called wardriving, and it’s been around ever since Wi-Fi networks started becoming commonplace in 2001,” the Free Press says. “In the case of the ring busted Tuesday, officials said thieves tapped into the wireless computer networks of such big box retailers as TJ Maxx, Marshalls, OfficeMax, Barnes & Noble, Boston Market and Sports Authority, as well as several other stores.”
The name wardriving is derived from the 1983 Matthew Broderick film “WarGames,” in which a teen uses “wardialing” to break into military computers, nearly setting off World War III.
While law enforcement called the scheme complex, the wardriving technique was pretty straightforward: Members of the crime ring were suspected of grabbing credit card and debit card information out of thin air by driving around store parking lots and using laptops to hack into retailers’ Wi-Fi networks. “They used sophisticated computer hacking techniques that would allow them to breach security systems and install programs that gathered enormous quantities of personal financial data, which they then allegedly either sold to others or used themselves,” Attorney General Michael B. Mukasey said at a news conference.
The relative ease of wardriving suggests that while gas prices have most consumers cutting back on their car trips, identity thieves will still be out there circling stores, laptops close at hand.
Wardriving raises security concerns for businesses and consumers alike. “If 40 million account numbers could be so easily stolen, the security in place on those Wi-Fi networks has to be seriously questioned,” the Free Press says. While other wardrivers may have less nefarious goals, their targets could be more immediate: “They cruise subdivisions and note open systems used at home by regular consumers, as well as small businesses,” the Free Press says.
Businesses need to take precautions, such as following established security standards, but so do cardholders who use home wireless networks to make purchases. I’ve even seen this myself first-hand. I don’t know if the man I saw wanted anything more than just free Wi-Fi access, but I won’t soon forget seeing him carrying a laptop around the grounds of my old apartment complex, apparently searching for an open Internet connection (warwalking?).
If the recent announcement is any indication, businesses could be doing much more to guarantee the security of their customers’ credit card data. Therefore, fairly or unfairly, consumers should take at least some responsiblity for protecting their credit card information. What are you doing (if anything) to avoid becoming a victim of wardriving hackers? Have any security tips to share?
See related: Feds charge 11 in largest identity theft case in U.S. history, PCI compliance not enough to end breaches, If you’re a victim of fraud or identity theft, Gas prices take toll on family visits