This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Major US card hacking case highlights WiFi insecurity

07 August 2008

Global Secure Systems says that a major Department of Justice case announced in the US, highlights the need to check - and recheck - the security of wireless connections within companies.

David Hobson, Managing Director of GSS
David Hobson, Managing Director of GSS

"The DoJ case, which centres on 11 people who are alleged to have hacked the wireless systems of nine major US retailers, resulting in the theft of more than 40 million credit and debit card numbers, illustrates the need for professional setting up of wireless networks, and for regular reviews of the security involved," said David Hobson, Managing Director of GSS.

"The US case is interesting from a security perspective, as it apparently involves quite sophisticated hacking of the retailers' wireless networks and the retrieval of large volumes of payment card data over an extended period of time," he added.

According to Hobson, the fact that the hackers were able to intercept such a large volume of payment card data illustrates the fact that, where card data is involved, there is a need for the highest possible security on the wireless networks concerned.

"That involves using lengthy encryption passwords and changing all the access points' passwords from their default settings. It's all very well using complex encryption passwords, but if you've left the admin password on your wireless router at its default setting, you might as well not bother using encryption in the first place," Hobson explained.

Hobson went on to say that wireless security in any organisation needs to be holistic, with IT staff taking a whole-of-system view on the security required. That, and frequent security reviews, he argues, is the only effective way of keeping hackers out.

"Although this was quite a sophisticated fraud, the potential rewards for the fraudsters ran into the tens of millions of dollars. If you process payment card data and have a wireless network, you need to take the highest level of security precautions possible. If major US retailers can get caught out, so can your organisation," Hobson said.

Contact Details and Archive...

Print this page | E-mail this page