I was catching up on my reading and came across an article at SC Magaizine by Dan Kaplan about where the TJX breach all started... Wain Kellum CEO at my former employer
Trusted Network Technologies was quoted. If you're looking to prevent this take a look at
Wi-fi Owl, it is designed to catch this type of thing before you make the papers.
You can get what sounds like the antenna they used at
Cantenna.com Dan Kaplan May 4 2007 17:00The suspects who lifted the personal data of 45.7 million customers from TJX's processing systems hatched their elaborate plan some two years ago at a Marshalls outlet in Minnesota, where they used simple technology to tap into the store's wireless connection, The Wall Street Journal reported today.
According to the story, citing investigators, the intruders, from the parking lot, used a "telescope-shaped antenna" and a laptop to decode data that was moving among the Marshalls store’s scanning devices, cash registers and PCs, which were using wireless LAN connectivity.
What the intruders either learned or physically planted that day helped them later
hack into TJX’s main database, where they quietly pilfered data for two years and ended up executing the largest
data breach in the nation’s history.
Investigators told the newspaper that the St. Paul, Minn. Marshalls location was running a wireless network protected by the weak
Wired Equivalent Privacy (WEP) industry standards, which have since been superseded by the more robust
Wi-Fi Protected Access (WPA) guidelines.
TJX operates more than 2,000 discount retailers, including hundreds of Marshalls.
Gartner Vice President and Senior Fellow John Pescatore told SCMagazine.com today that the replacement standards - required under the
Payment Card Industry mandates - are much more secure than WEP, which was "riddled with holes," he said.
"The
encryption to keep someone from breaking in was done very poorly in this first generation," he said. "It's no better than (no security at all). This is something I would have thought an audit would've caught."
According to the newspaper, the hackers used an antenna, a common tool used to retrieve a wireless signal from a distance, Pescatore said.
He said he has heard of people creating antennae out of Pringles potato chip cans - and several websites offer instructions on how to do so. Then, he said, "all it takes is a laptop with
Windows XP and it tells you what access points it can hear. It doesn't take any special equipment."
The hackers may have planted some malware on the network that day to help them later access the central database, or they may have stolen certain data that allowed them to later intrude, Pescatore said.
"The basic issue is if you connect to an access point that puts you on the network, it's just as good as if you broke into their data center and sat down on a PC," Pescatore said. "You're on their network."
The incident highlights the need for business executives to understand the value of information assets, Wain Kellum, president and CEO of Atlanta-based
Trusted Network Technologies, told SCMagazine.com today.
He said that in many cases "fairly low-level network engineers" create wireless policies without any understanding of risk or financial impact to the organization if there is a breach.
"Management people are now starting to get aware that they have to participate in the dialogue," Kellum said.
A TJX spokeswoman could not be reached for comment today.
Since the breach, the
Federal Trade Commission has launched
an investigation, and three New England banking associations
filed a lawsuit seeking to recoup costs associated with fraudulent purchases.
However, TJX has reported no negative effect on sales, which rose during the first quarter of this year.