p2pnet - rss feed: Massive Wi-Fi ID theft ring busted
p2pnet news view | Crime:- War driving was once hot.
People would (and still do) cruise neighbourhoods looking for unsecured Wi-Fi connections and use them to surf —- and to download and upload songs and movies, leaving innocent account owners liable, ignorant of the fact they’d been used as unknowing file sharers.
The practice hasn’t been in the news lately, but a crew of hackers used it to scoop more than 40 million credit and debit card numbers from nine retailers and selling the information.
Now 11 people have been charged with tapping the networks of TJX Cos’ Marshalls, BJ’s Wholesale Club Barnes & Noble. bookstores, Sports Authority, Boston Market Corp, OfficeMax, Dave & Buster’s restaurants, DSW shoe stores and Forever 21, says Bloomberg News.
US attorney general Michael Mukasey the cost of the identity-theft scheme to citizens may total billions of dollars with some people may not realising they’ve been victims “for months or years”.
Nor are the ID thefts recent.
TJX, the hardest-hit retailer, “took $197 million in charges to cover losses from its breach, which began in July 2005,” says the Associated Press.
Once the hackers identified likely targets, they’d allegedly install programs to capture credit and debit card numbers in transit from the stores to payment processors, says the story.
“It’s almost an embarrassment of riches —- how do you move 41 million credit card numbers?” - AP has Jeff Moss, founder of the Black Hat and DefCon hacker conferences, asking.
“That’s like trying to rob Fort Knox by yourself.”
AP says Albert Gonzalez of Miami, the alleged ringleader, is an ex-US Secret Service informant, “previously arrested on fraud charges but later found to have been involved in the data-theft scheme, authorities said”.
He faces life in prison if he’s convicted of all charges.
“Of the 11 defendants, three are U.S. citizens,” says AP, adding:
“The others are from places such as Estonia, Ukraine, Belarus and China, a hodgepodge that reflects the international nature of organized computer crime. Many stolen card numbers are sold by outfits in Eastern Europe.”
Bloomberg has Mukasey saying sniffer software was loaded into retailers’ computer systems to capture credit and debit card numbers, along with passwords and account information.
“Some of them encoded credit-card numbers on blank automated-teller cards to withdraw tens of thousands of dollars at a time from ATM machines, the government said,” says the story.
Bluetooth sniper rifles
Back in 2005, when the first hacks supposedly began, “Four-man (or woman) hit squads of highly trained war-drivers, faces streaked with cammo-paint and equipped with state-of-the-art gear, prowl the suburbs of Toronto, New York, London and Paris, communicating with each other via custom-built VoIP headsets with super-cool wrap-around mics similar to those used by Britney Spears and/or Madonna,” said a p2pnet story.
It centered on movie and music industry allegations of “online theft” and “illegal” file sharing and went on »»»
One member in each team carries a Bluetooth sniper rifle (#1), one (#2) drives the team van, one (#3) uses his (or her ; ) Wi-Fi laptop, and #4 carries the latest in B&E tools.
Their mission? To steal movie and music files from the hapless record label and movie studio cartels by robbing people who download digital music or movie files.
The teams drive through neighbourhoods, stopping at regular intervals to allow specialists with the Bluetooth sniper rifle and laptops to scan for unguarded Net connections. When one is found, the team plugs in and checks to see if the user is downloading.
If that’s the case, using specially developed technology, they scan their victim’s hard drive to see if any (or all) of the files downloaded are copyrighted by either (or) the owners of the MPAA and/or RIAA.
If they are, #4 carefully and silently breaks in, opening the door to the remaining team members who overpower their victim, stealing his (or her) computer, now holding the illicit downloads.
Returning to their hi-tech HQs in the high-rent districts of New York, London and/or Paris, the war-driving teams remove the HDs and position them in special units holding banks of other hard-drives, also stolen from wicked file sharers who, of course, deserve everything they get.
We’re not suggesting this kind of technology (the pic comes from an earlier p2pnet post) was used in the present hacker heists, but …..
Meanwhile, “security researchers had a humdrum reaction to Tuesday’s indictments partly because identity theft is a booming, multibillion-dollar business,” says AP.
“Dismantling a successful operation just means another one will pop up in its place.”
Law enforcement agencies around the world co-operated with the current investigation.
.
.Stumble It!
Bloomberg News - U.S. Indicts 11 in Largest U.S. Identity Theft Case, August 5, 2008
Associated Press -Hacker indictment greeted with muted response, August 6, 2008
p2pnet story - War-driving mp3 thieves, September 29, 2005
earlier p2pnet post - DIY Bluetooth sniper rifle, arch 15, 2005
Use free p2pnet newsfeeds for your site. It’s really easy!Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile - http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.
