About | Buy Stuff | News | Products | Rants | Search | Security | Social
Home » NewsRoundups)

Massively Stupid Identity Giveaway

40 million identities exposed. Biggest bust in history of Microsoft. Major US retailers found grossly negligent.


Get It

Try It

WASHINGTON (Dow Jones) -- Prosecutors in the US have brought charges against 11 individuals who they claim ran the biggest identity theft campaign ever, harvesting 40 million credit card and debit card numbers from major retailers.

Although little is said about how the crime ring could break into all these computer networks in the first place it's fairly obvious what's going on.

Zip skills in security and use of Microsoft products.

Careless with Your Identity!

The list of US retailers who left people's identities vulnerable on insecure computers includes TJX, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, and DSW. No charges have yet been brought against these companies for gross negligence.

This is the single largest and most complex identity theft case ever charged', said US attorney general Michael Mukasey. Charges have been filed in Boston, San Diego, and New York. Quantifying the damages has been difficult but it's at least 8 digits in US currency. The thefts have been ongoing for the past five years right up to months before the big bust.

Unprotected Wireless!?

Many of the cited negligent companies were running unprotected wireless networks which made it child's play for the crime ring to break in. Once inside the nonexistent perimeter the gang installed data mining software that forwarded the booty to other networks in the US and eastern Europe.

Once in the care of the crime ring (where it was undoubtedly protected with greater skill and zeal) the data was sold over the Internet to interested investors who used it to create ATM ready credit cards. At least one of the defendants profited by at least $11 million according to prosecutors in San Diego.

The hapless Mukasey hopes the charges will send a clear message to crime rings. 'We will track you down wherever you are in the world.' No message is currently being prepared for companies who knew full well their unsafe networks would expose client identity information.

Poor Things!

Meanwhile the negligent retailers are not apologising - but complaining. The thefts have been a headache for them, say reps for TJ Maxx and Marshalls. Their parent company TJX reached an agreement with MasterCard to compensate the latter with $24 million in damages and another agreement with Visa for $41 million.

Yet not a one of those pinheads thought for a single second to switch to a more secure computer network and no one's yet offered apologies to the customers who were hurt. Nor has anyone come forward and explained how Unix can be dearer than over $60 million in damages or who the idiot is who insists they stick with Windows.

In the most comical twist of this entire nonevent TJX praised the actions of the prosecutors and - get ready - called on the banks and credit card industry to 'improve security measures'.

TJX spokesman Sherry Lang commits the ultimate faux pas with the following morsel.

'The sheer number of retailers attacked by these cyber criminals demonstrates the much broader challenges in protecting sensitive consumer data from this increasing threat.'

Yes it's the thieves fault, Sherry. That's why people are suing YOU.

Civil Suits!

Yet clients are not sitting idly by. And they shouldn't either. What happens if you leave your automobile with a valet who doesn't protect it? Who do you sue?

Using Windows on the Internet is criminal negligence. Do not under any circumstances entrust your identity or other property to any company not totally and intelligently distanced from all things Microsoft.

Gee Whiz What Server Could They Be Running?

In the case of the incomparable TJX the following comes as no surprise. BN weren't a shocker either. Which isn't to say with people of this lack of caliber even Fort Knox would be more than a pushover.

HEAD tjx.com
HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Wed, 06 Aug 2008 09:04:41 GMT
X-Powered-By: ASP.NET
Location: index.html
Connection: Keep-Alive
Content-Length: 131
Content-Type: text/html
Cache-control: private

HEAD tjx.com/index.html
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Wed, 06 Aug 2008 09:06:04 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Wed, 16 Jul 2008 16:51:13 GMT
Content-Length: 32457

HEAD barnesandnoble.com
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Wed, 06 Aug 2008 09:14:27 GMT
P3P: CP="CAO DSP COR ADM DEV TAI PSA IVDo CONo HIS TELo DEL SAMo UNRo LEG PRE"
Connection: Keep-Alive
Content-Length: 71422
Content-Type: text/html
Set-Cookie: recentlocs=; expires=Mon, 05-Aug-2013 09:11:44 GMT; domain=.barnesandnoble.com; path=/
Set-Cookie: csxslt=no; domain=.barnesandnoble.com; path=/
Set-Cookie: browserid=version=; expires=Mon, 02-Feb-2009 05:00:00 GMT; domain=.barnesandnoble.com; path=/
Set-Cookie: returning=1; expires=Mon, 05-Aug-2013 09:11:44 GMT; domain=.barnesandnoble.com; path=/
Set-Cookie: pds_vcart_sess=d=; domain=.barnesandnoble.com; path=/
Set-Cookie: cartexists=yes; expires=Tue, 06-Aug-2013 09:11:44 GMT; domain=.barnesandnoble.com; path=/
Set-Cookie: pds_sess=d=; domain=.barnesandnoble.com; path=/
Set-Cookie: userid=; expires=Tue, 06-Aug-2013 09:11:44 GMT; domain=.barnesandnoble.com; path=/
Set-Cookie: pds_life=d=; expires=Mon, 05-Aug-2013 09:11:44 GMT; domain=.barnesandnoble.com; path=/
Cache-control: private

See Also
Discuss: Massively Stupid Identity Giveaway

About | Buy Stuff | News | Products | Rants | Search | Security | Social
Copyright © Radsoft. All rights reserved.