11 Indicted In Credit Card Scam
There is more fallout from the single largest identity theft case in U.S. history. Eleven people have now been indicted, accused of stealing 40 million credit card account numbers over the past two years. The News On 6's crime reporter Lori Fullbright reports that would be equal to stealing the identity of every single man, woman and child in Oklahoma, Texas, Arkansas, Missouri, Kansas and New Mexico.
They sat outside businesses like Barnes and Noble, Sports Authority and Marshalls with a laptop and when they found one with a wireless network that wasn't secured; they jumped on it and installed a program that grabbed people's credit card information.
When you swipe a credit or debit card, the device takes that card number and later transmits it to a bank or credit card company for payment. Before it transmits, the number is stored on the business' network. And, those networks holding huge amounts of raw credit card information is where the attackers hit.
Companies were switching to the convenience of wireless networks and most weren't secure. The high-tech thieves knew that.
"If I'm a computer attacker or robber, do I go through the front door and hold a gun to your head and say give me all the credit card numbers? They're probably not going to know what I'm talking about or do I break in at night and steal the computer with all the credit card numbers? No. What I'm going to do is find an interesting way to hack in and get the credit card numbers," said Gavin Manes with Digital Forensics Professionals.
The hackers did it by war driving. That is driving around with a laptop looking for unsecured networks.
The News On 6 did a story in 2002 about Tulsans who were war-driving not for evil, but for good. Whenever they found an unsecured network, they warned the owner to secure it.
But, these hackers, found unsecure business networks and installed sniffer programs, which collected account numbers and passwords. Then, they sold much of that information online.
If someone buys your credit card account data online, they can put the information onto a blank card, then use that card to buy gas, groceries, cars, diamonds, you name it.
Even easier, they used the cloned cards to withdraw millions from different accounts at ATMs, money taken straight from your checking account.
A good offense is the best defense. You should check your credit card and bank statements carefully and frequently.
"The attackers aren't going to target the most secure people; they're going to go after the low hanging fruit, what's the easy target. Out of that 40 million credit card numbers they stole, there's bound to be a million people who didn't notice $10,000 missing from their account. That's a pretty good profit right there," said Gavin Manes with Digital Forensics Professionals.
If you notice a fraudulent purchase and report it within two days, you'll most likely be protected and won't have to pay it. If you wait two months, you could be footing the bill for someone else's spending.
Since this happened, stores that accept major credit cards are now required to secure their networks and use encryption programs to protect the data.