Between TJ Max and Heartland Payment Systems, cyber thieves compromised a quarter of a million credit card numbers. Court records from the trial of Albert Gonzalez, a hacker that plead guilty to fraud and conspiracy charges in both cases, reveal just how easily the thieves behind these breaches were able to obtain the information.
Cyber Criminal Technique #1: War Driving
War driving means “cruising” for WiFi signals. Once detected, cybercriminals use FREE password-breaking software to intercept the signal broadcasting from any home or business.
Monitoring WiFi networks over time, cyberthieves can establish a virtual private network and connect directly to a server or database.
Cyber Criminal Technique #2: SQL Injection
SQL injections are a popular way for cybercriminals to get inside “protected networks”. In a SQL injection attack, the hacker types random characters into a web form, such as a log in page. The attack may be carried out manually or using a robot to penetrate the form. Once inside, hackers can gain access to databases containing sensitive, personal information.
War driving and SQL injection attacks are the means to a cyber criminal’s end. Once the target server is breached, he or she implants a “sniffer” program. (Sniffers are widely available for free, and they are capable of logging all traffic moving across a network). Savvy hackers have devised and sell sniffers designed specifically to detect and record credit and debit card information.
