Big Time Identity Theft Hackers Indicted

Robert Siciliano Identity Theft Expert

ABC news and a bazillion other outlets report that a former informant for the Secret Service was one of three men charged with stealing credit and debit card information from 170 million accounts in the largest data breach in history. The former informant, Albert Gonzalez of Florida, A.K.A “Segvec”, “SoupNazi,” and “j4guar17,” whose motto was ”Get Rich or Die Tryin'” was alleged to have been the ringleader of the criminal hacking operation of a prolific network that spans over five years of serious criminal activity. Once a criminal, always a criminal.

Gonzalez and two other unidentified hackers believed to be from Russia have been charged with hacking into Heartland Payment Systems, 7-11 and Hannaford Brothers Company, Dave and Busters and TJX Corporation, which involved up to 45 million credit card numbers..

Gonzalez was originally arrested in 2003 by the U.S. Secret Service and began working with the agency as an informant. Federal investigators say they later learned that the hacker had been tipping off other hackers on how to evade detection of security and law enforcement worldwide.

Gonzalez provided “sniffer” software used to intercept the credit and debit card numbers for the Russian hackers. Sniffer software or “malware” malicious software, acts like a virus attaching itself to a network and often spreading. The software allows the criminal hacker backdoor access to all the data in the server and provides remote control functionality.

The NY Times reports according to the indictment, Gonzalez and his conspirators reviewed lists of Fortune 500 companies to decide which corporations to take aim at and visited their stores and used a technique called “wardriving” to monitor wireless networks. The online attacks took advantage of flaws in the SQL programming language, which is commonly used for databases.

Threat Level, by Wired magazine, reported that Gonzalez had lived a lavish lifestyle in Miami, once spending $75,000 on a birthday party for himself and complaining to friends that he had to manually count thousands of $20 bills when his counting machine broke.

Protect yourself;

1. You can’t prevent this type of credit card fraud from happening to you when the retailer isn’t protecting your data. Eventually credit card protection solutions will  be available. For now, protecting yourself from account takeover is relatively easy. Simply pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks. If I’m traveling extensively, especially out of the country, I let the credit card company know ahead of time, so they won’t shut down my card while I’m on the road.

2. Prevent new account fraud.  Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

3. Invest in Intelius Identity Theft Protection and Prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing credit card data breaches and the sad state of cyber security on Fox News

TJX Identity Theft Costs Another 10 million, Protect Yourself from WarDriving

Robert Siciliano Identity Theft Expert

Most people are familiar with the TJX data breach, in which 45 million credit card numbers were stolen. TJX recently agreed to pay $9.75 million to 41 states to settle an investigation of the massive data breach. According to some reports, TJX has spent up to $256 million attempting to fix the problem that led to the breach.

It’s been said repeatedly that the criminal hackers responsible for the breach were sitting in a car outside a store when they stumbled across a vulnerable, unprotected wireless network using a laptop, a telescope antenna, and an 802.11 wireless LAN adapter. This process is called “Wardriving.”

WiFi is everywhere. Whether you travel for business or simply need Internet access while out and about, your options are plentiful. You can sign on at airports, hotels, coffee shops, fast food restaurants, and now, airplanes. What are your risk factors when accessing wireless? There are plenty. WiFi wasn’t born to be secure. It was born to be convenient. As more sensitive data has been wirelessly transmitted over the years, the need for security has evolved. Today, with criminal hackers as sophisticated as they ever have been, wireless communications are at an even higher risk.

When setting up a wireless router, there are two different security techniques you can use. WiFi Protected Access is a certification program that was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy. Wired Equivalent Privacy was introduced in 1997 and is the original form of wireless network security. Wireless networks broadcast messages using radio and are thus more susceptible to eavesdropping than wired networks.

It’s one thing to access your own wireless connection from your home or office. It entirely another story when accessing someone else’s unprotected network. Setting up a secure WiFi connection will protect the data on your network, for the most part, but if you’re on someone else’s network, secured or unsecured, your data is at risk. Anyone using an open network risks exposing their data. There are many ways to see who’s connected on a wireless connection, and gain access to their data.

There are a few things you should do to protect yourself while using wireless. Be smart about what kind of data you transmit on a public wireless connection. There’s no need to make critical transactions while sipping that macchiato.

Don’t store critical data on a device used outside the secure network. I have a laptop and an iPhone. If they are hacked, there’s nothing on either device that would compromise me.

Install Hotspot Shield. A free ad supported program, Hotspot Shield protects your entire web surfing session by securing your connection, whether you’re at home or in public, using wired or wireless Internet. Hotspot Shield does this by ensuring that all web transactions are secured through HTTPS. They also offer an iPhone application. There are fee based programs, including Publicvpn.com and HotSpotVPN, which can create a secure “tunnel” between a computer and the site’s server.

Turn off WiFi and blue tooth on your laptop or cell phone when you’re not using them. An unattended device emitting wireless signals is very appealing to a criminal hacker.

Beware of free WiFi connections. Anywhere you see a broadcast for “Free WiFi,” consider it a red flag. It’s likely that free WiFi is meant to act as bait.

Beware of evil twins. These are connections that appear legitimate but are actually traps set to snare anyone who connects.

Keep your antivirus and operating system updated. Make sure your anti-virus is automatically updated and your operating systems critical security patches are up to date.

Invest in Intelius Identity Protect. Because when all else fails you’ll have someone watching your back. Includes a Free Credit Report, SSN monitoring, Credit & Debit Card monitoring, Bank Account monitoring, Email fraud alerts, Public Records Monitoring, Customizable “Watch List”, $25,000 in ID theft insurance, Junk Mail OptOut and Credit Card Offer OptOut.

Robert Siciliano identity theft speaker discussing criminal wireless hack