ID Theft Ring Attacked Retailers on Multiple Levels

By Grant Gross
Wed, August 06, 2008
. What's this?

IDG News Service —

A ring of identity thieves that targeted U.S. retailers used sophisticated and multifaceted attacks to steal more than 40 million credit and debit card numbers from TJX, OfficeMax, Barnes & Noble and other companies, according to court documents.

The attacks cost retailers and credit card companies tens of millions of dollars.

Members of the ID theft conspiracy used so-called wardriving techniques to find holes in wireless networks operated by retail stores. Once inside the networks, the thieves located and stole credit card transaction information stored on the retailers' networks, according to court documents.

The thieves also installed so-called sniffer software to capture password and account data on the stores' networks, and they used Internet-based attacks, including SQL injection attacks, to gain access to credit card databases.

The ID theft group stored the captured credit card numbers on compromised servers in the U.S., Latvia and the Ukraine, according to court documents. The thieves then encrypted the credit card numbers on those servers, according to the indictment document of Albert Gonzalez, the alleged ringleader of the ID theft scheme.

Gonzalez, of Miami, was indicted Tuesday in U.S. District Court for the District of Massachusetts on charges of computer fraud, wire fraud, access device fraud, aggravated identity theft and conspiracy. Ten other defendants have been indicted or charged with crimes in what's believed to be the largest ID theft and computer hacking investigation in the history of the U.S. Department of Justice, the DOJ announced Tuesday.

The indictment document for Gonzalez, who was working as an informant for the U.S. Secret Service while allegedly engaged in the scheme, sheds some light on the ID theft operation. The thieves were able to encode credit card information on blank cards that were used to obtain tens of thousands of dollars from cash machines in single visits, the court document says.

Among the attacks detailed in the court document:

-- In about 2003, Gonzalez and others found an unencrypted wireless access point at a BJ's Wholesale Club store. BJ's reported a breach of its computer networks in early 2004.

-- In 2004, other members of the ID theft ring compromised an OfficeMax wireless access point in Miami, and they were able to steal credit card data. After law enforcement officials in 2006 identified OfficeMax as the victim of a data breach, the company said it hired an outside auditor to conduct an investigation and found no evidence of a security breach. An OfficeMax spokesman didn't immediately return a message seeking comment.

Continue Reading

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
White Papers »
Real Fabrics for a Virtual World
Many factors influence what "ideal" approach organizations should take when planning to implement a fabric-based infrastructure policy. This presentation charts the likely evolution of the market for fabric-based infrastructures, to help IT leaders determine the most appropriate vendor approach.

Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.
5 steps from Scheduler to Enterprise Workload Automation
A patchwork of job schedulers can cause many inefficiencies, hindering IT's ability to serve the business. An enterprise approach solves these issues and adds new value. Five steps can take you from a costly mishmash to benefits like increased productivity, lower costs, and better service.
Optimizing Business Processes in Today's Enterprises
What is workload automation, and how does it compare to traditional job scheduling? IDC tackles these questions and more in a new white paper.
You'll read about:

* Key factors increasing IT complexity - and how to manage them

* Building an automation strategy

* Definition and components of today's workload automation software
Analyst WP: ESG-Proven value with the Oracle Database Appliance
IT organizations of all sizes are looking for ways to reduce cost in their data center. While larger enterprises can more easily muster the necessary skills and resources in pursuit of this goal, mid-sized organizations typically have limited time and funds they can denote.
Effective Data Leak Prevention Programs: Start by Protecting Data at the Source - Your Databases
This IDC white paper presents a proactive approach to data protection, discusses the growing threats to business information, and the impact government regulations have on requiring additional data protections.
Forrester: Formulate A Database Security Strategy to Ensure Investments Will Actually Prevent Data Breaches and Satisfy Regulatory Requirements
Although most organizations are taking stronger measures to protect their data, significant gaps still exist at the very core - their databases. Many don't have a comprehensive database security strategy to defend against sophisticated attacks, track sensitive data, or even meet emerging regulatory requirements.
Webcasts »
Oracle Database Appliance Best Practices
Business users increasingly demand 24x7 availability of their data while IT departments face the challenge of ensuring maximum availability while operating with limited budgets.
The Rise of Data-Driven Security
Date: Wednesday, May 23, 2012
Time: 11:00 a.m. PDT / 2:00 p.m. EDT

IT security faces challenges as never before. At one end of the spectrum, industrialized exploits hammer organizations with a volume and frequency of attacks that only a few short years ago would have been unimaginable.
Unlock the Value of Cloud Computing with Workload Automation
Learn how to get the most from your cloud investment in our on-demand webinar from BMC and InformationWeek. You'll hear how integrating the cloud into your production workload brings critical business benefits.
Best Practices to Optimize Your Data Center at Every Layer of the Stack
Date: May 31, 2012
Time: 1 PM EST

Organizations are reaping the benefits of simplifying IT, lowering costs and dramatically improving transactional throughput by deploying optimized application-to-disk solutions. These pre-tuned, tested solutions encompass a wide variety of applications and use cases. Hear from industry experts, and IT executives, how these full-stack solutions can achieve three times faster deployment times and up to 75% reductions in acquisition and operational costs.
Workload Automation Trends and Best Practices in 2012
Find out when you join EMA Senior Analyst, Torsten Volk, for a discussion on the 2012 trends in workload automation and how these trends contribute to better connecting workload automation to business processes. These trends are derived from EMA's empirical research work conducted for the 2012 Workload Automation Radar Report.
Analytics at the Speed of Thought
What if you could run financial and operational planning cycles 10 times faster? Or monitor and adjust marketing campaigns in real time? What if you could instantly visualize how a price change would impact the profitability of thousands of products?
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

Real Fabrics for a Virtual World

5 steps from Scheduler to Enterprise Workload Automation

Optimizing Business Processes in Today's Enterprises

Analyst WP: ESG-Proven value with the Oracle Database Appliance

Effective Data Leak Prevention Programs: Start by Protecting Data at the Source - Your Databases

Forrester: Formulate A Database Security Strategy to Ensure Investments Will Actually Prevent Data Breaches and Satisfy Regulatory Requirements

Ready or not, here comes the cloud

The Potential Business Benefits of a Private Cloud-Based Database Appliance

Get a Robust, Flexible Foundation for Enterprise Cloud Deployments

Mobility in the Network: A Phased Technology Approach

Message Maps: Blueprints for Pandemic Preparedness

Gartner Magic Quadrant for Web Content Management, 2011

Web Content Management for Online Experience

Finding a Reliable Network Solution in China for an ERP System

The SMB Top Choice for Virtualization

IT Consolidation with HP and VMware for the Midmarket

How SMBs Get on Board with Virtualization

What Is VMware vCenter Site Recovery Manager?

SMBs Launch into Cloud Computing and Virtualization

HP VirtualSystem VS1 for VMware
Sponsored Links

Learn how Accenture helps clients become high-performing businesses

Choose New and slash the number of devices you manage

Customized information views & Twitter events at New Fulcrum Point

Splunk translates machine data into "aha" moments for IT and the business.

ManageEngine Desktop Central - Automate and Audit Your Desktop Management! Learn More...

Cloud Readiness Starts with Intel® Technology

Visit the Virtually There Learning Page to learn how to use virtualization to your competitive advantage.

High performance. Delivered. Click to see Accenture's client successes

CYBERMARYLAND | Learn Why Maryland is the Epicenter for Cybersecurity

Get Ethernet speeds from 1 Mbps to 10 Gbps - Comcast Business Class

Cognizant. Leading in Business, Application & Technology Services

Collaboration: driving better business outcomes

Managed Hosting Buyer's Guide - Benefits to key considerations

Click to see how Accenture has delivered high performance to clients

Learn how Accenture helps clients become high-performing businesses.

Choose New and manage one device instead of 170

Choose New for 8x the firewall and NAT performance

Check out a smart way of mobilizing your business with enterprise-ready Samsung Mobile.

Redefine your data center with HP servers.

Enhance your business with Windstream IT Solutions. Speak to someone local.

BlackBerry® Mobile Fusion. Different mobile devices. One platform.

Akamai Kona Security. Web security so you can innovate fearlessly

Click to see how Accenture has delivered high performance to clients

Free: Hunter Muller's "The Transformational CIO."

Join us for an upcoming Microsoft 365 live online demo event.

Discover your easiest path to unified communications

Virtualizing Your Infrastructure Just Got Easier

Gain cutting-edge insights at MIT in 2-5 day executive programs.

See how Accenture helps clients perform at the highest levels

Connect with global CIOs now at Enterprise CIO Forum

Resource Center
buy a link »
Ads by TechWords