As you may have heard, the Justice Department, on Tuesday, indicted 11 people for hacking into nine major U.S. retailers networks which resulted in the theft of 40 million credit and debit card numbers.
If you or your family shopped at TJ Maxx, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 or DSW your information could have been included in this online heist. The thieves broke into the stores’ wireless networks using a technique called “war driving” whereby they simply drive or walk by the store using special equipment to detect vulnerable wireless networks. Once in they planted “sniffer” software which harvests credit cards and sends them to the hacker’s own off-shore servers. It was an international effort involving criminals in the U.S. and Eastern Europe.
As a consumer of these stores there is little you can do to protect yourself other than perhaps only using cash. But cash has an even greater risk of loss or theft so I’m not suggesting you shred all of your plastic to protect yourself. Besides, federal law limits your liability if your credit card number is misused as long as you report the loss.
It’s kind of scary when you think of it. You do everything you can do to protect your own PC and your own information and then you hand over your credit card to a store whose network inadvertently makes it vulnerable to thieves. You can’t control other people’s networks but it is a good idea to check your online credit card and bank statements regularly to see if there is any loss and to get your free annual credit reports from all three major credit bureaus. The only free credit service authorized by the Federal Trade Commission is AnnualCreditReport.com.
How to Secure Your Network
Of course there are things you can do to protect your own wireless WiFi network including using the encryption such as WPA (Wi-Fi Protected Access) to require users to enter a password before accessing your network. The older WEP (Wired Equivalent Privacy) is not as secure as WPA and its newest iteration, WPA2. The WiFi Alliance has a tip sheet on wireless security that recommends you use the WPA2 standard. You can also turn off the broadcast of your SSID network name to make it harder for thieves to find your network.
In an podcast I did for CBS News, TrendMicro security expert David Perry said that stores with highly sensitive customer data such as credit card information should avoid wireless networking completely and use a more secure wired network. Kaspersky Lab’s David Emm agreed “I guess you would see wireless networking as almost inherently more promiscuous so to speak than regular networks”