Major US card hacking case highlights WiFi insecurity
07 August 2008
Global Secure Systems says that a major Department of Justice case announced in the US, highlights the need to check - and recheck - the security of wireless connections within companies.
David Hobson, Managing Director of GSS
"The DoJ case, which centres on 11 people who are alleged to have hacked the wireless systems of nine major US retailers, resulting in the theft of more than 40 million credit and debit card numbers, illustrates the need for professional setting up of wireless networks, and for regular reviews of the security involved," said David Hobson, Managing Director of GSS.
"The US case is interesting from a security perspective, as it apparently involves quite sophisticated hacking of the retailers' wireless networks and the retrieval of large volumes of payment card data over an extended period of time," he added.
According to Hobson, the fact that the hackers were able to intercept such a large volume of payment card data illustrates the fact that, where card data is involved, there is a need for the highest possible security on the wireless networks concerned.
"That involves using lengthy encryption passwords and changing all the access points' passwords from their default settings. It's all very well using complex encryption passwords, but if you've left the admin password on your wireless router at its default setting, you might as well not bother using encryption in the first place," Hobson explained.
Hobson went on to say that wireless security in any organisation needs to be holistic, with IT staff taking a whole-of-system view on the security required. That, and frequent security reviews, he argues, is the only effective way of keeping hackers out.
"Although this was quite a sophisticated fraud, the potential rewards for the fraudsters ran into the tens of millions of dollars. If you process payment card data and have a wireless network, you need to take the highest level of security precautions possible. If major US retailers can get caught out, so can your organisation," Hobson said.
Contact Details and Archive...