Is your banking information safe from cyber marauders?
May 18, 2011
Thieves who steal credit card numbers and other personal identification information--or PII in network security jargon--have started targeting small and medium-sized businesses in an effort to find out more about you, your bank credit card or other financial information about you.
And sometimes they are going right to the source--you.
The technique is called "wardriving" and it involves someone driving around in a vehicle--sometimes a car with heavily tinted windows--and using a long-range antennae to find wireless signals. When they find a good one, they pull over and use a laptop from their vehicle to hack into a network and load a bunch of malware that fetches all that valuable PII, including credit card numbers but also sometimes other data such as checking account numbers or savings accounts numbers that are then used to either buy stuff or is sold over the Internet to other crooks.
Information thieves focusing on smaller companies
This may sound like one of those scary urban myths that don't have a lot of validity, but Verizon's recent Data Breach Investigations Report found that it is increasingly true. As larger companies, including big retailers, beef up their security and make it tougher for hackers to collect your bank credit card or other PII, the criminals have turned to smaller companies to find their treasure.
What the thieves are looking for are networks using an unsecured WiFi standard called Wired Equivalent Privacy (WEP) which has a number of security flaws. Big businesses that transact business that requires they accept credit card information or checking account numbers or other types of PII have moved away from WEP systems in the last three years, but many smaller companies still use this standard.
WEP can encrypt your credit card or debit card account information, but those scrambling methods are easy to crack.
Reports of theft
Although WEP problems have been known for years, criminals are still taking advantage of these loopholes to steal PII. In Seattle last year, police arrested a group that was driving around in a Mercedes equipped with a laptop station, tinted windows and a long-range antennae. This wardriving operation appears to be connected to a string of burglaries in which thieves broke into companies and stole laptops and servers--not for the hardware but for the credit cards stored on them.
What can they do with your information?
Once a wardriver gets into a network, he can start pulling off indentifying information and financial data, according to the Seattle Post-Intelligencer. They use financial data - such as checking account numbers and other bank account data - to redirect money to fake payroll accounts. Or they use bank account numbers and credit card information to buy such things as consumer electronics and car parts that can then be resold for money.
According to the Verizon report, hackers aren't interested in big caches of credit card numbers these days as they are in other financial data. Large scale thefts of credit card numbers has created a glut on the black market for account numbers, so now thieves are looking for more profitable information about your banking activities and accounts. According to PC World, 64 percent of the hacking cases were after authentication information, organizational data and intellectual property.