Businesses these days are troubled not only by the marketplace but also more devastating things like database infiltrations. It’s similar to a house burglary, most don’t account for them with the concept of “it won’t happen to me.” Well, this is exactly how businesses see it.

Database infiltrations can prove destructive for a business. They are not common, however, and advanced measures against them are costly. The true gold to a hacker is a credit/debit card database. With a decently sized company, a hacker can access and exploit millions of credit card numbers and relative details. With the rising usage of bank cards, these databases are everywhere; minor retail outlets hold access to an entire company network with this information. A small slip in one of these stores could result in devastating effects.

Wireless internet is one of these vulnerabilities. An unsecured network of a retail outlet can be quickly accessed by a third party. An experienced hacker could quickly tie in with the network locating system information (passwords, IP addresses, etc.). With this the hacker could then locate numerous related databases with valuable bank and personal details of recorded customers – simple as that. A simple WPA Key can be placed on wireless access points to secure it and is the most common to protect from these attacks. Even these, however, are becoming vulnerable – related article1.

A recent event, considered the largest ID Theft attack in the US, was caused this way. In 2003, Albert “Segvec” Gonzalez (Miami), part of a global identity theft ring, located an unsecured wireless access point at a BJ’s Wholesale Club store. Databases linked to this access point were then breached but the breach was not identified until almost a year later in early 2004. The identity theft ring then located another unsecured access point at an OfficeMax retail outlet in Miami later that year. These findings seemed to have encouraged the group to plunder additional locations as a member in 2005 named Christopher Scott compromised two additional access points run by a massive retailer known as TJX (owner of TJ Maxx, Marshalls and HomeGoods). Bank account information was then stored by the group and simple access to millions of dollars was available to them. The data breaches were only fully identified in 2007 and several members were prosecuted in 2008.

Based on my portfolio article2. Bibliography following.

Article1, Vulnerability Discovered in WPA Encryption
Angela Moscaritolo (November 6, 2008)
http://www.scmagazineus.com/Vulnerability-discovered-in-WPA-encryption/article/120572/

Article2, ID Theft Ring Attacked Retailers on Multiple Levels
Grant Gross (August 6, 2008)
http://www.cio.com/article/441867/ID_Theft_Ring_Attacked_Retailers_on_Multiple_Levels

Pictures (in order of appearance)

http://oreillygmt.typepad.com/photos/uncategorized/2007/06/14/hack_day_schedule.jpg

http://milkyourmoney.com/wp-content/uploads/2008/08/identity-theft-protection-why1.jpg

If you enjoyed this post, make sure you subscribe to my RSS feed!