The Department of Justice handed out 11 indictments in what is believed to be the biggest identity theft hacking case. Allegedly, this eclectic group of Americans, Ukrainians, Estonians and Chinese were involved in stealing more than 40 million credit card numbers by hacking into wireless networks of retailers such as TJX, BJ's Warehouse, OfficeMax, DSW and Forever21. The credit info was then sold in Eastern European and US black markets. The total loss is currently unknown - in fact, you might be a victim and not know it.
If you even wonder if wardriving is something that you should be concerned about, this case should cure you of such misconception. These guys did nothing more than drive around looking for an open wireless access point, attached and used a sniffer to capture account info, passwords and credit card numbers flowing unencrypted across the wireless network. It was so easy, you could have done it!
My question is - what kind of culpability is incurred by the retailers? Aren't they at least responsible to take reasonable steps to protect consumer privacy info? Was the wireless network even encrypted? Should the retailers be held legally liable?
Somehow, saying we're sorry just doesn't seem enough.
Leave a comment