Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Wardrivers Target Seattle Businesses

timothy posted more than 3 years ago | from the as-a-movie-plot-it's-too-obvious dept.

Crime 138

angry tapir writes "Seattle police are investigating a group of criminals who they say have been cruising around town in a black Mercedes stealing credit card data by tapping into wireless networks belonging to area businesses. The group has been at it for about five years, according to an affidavit signed by Detective Chris Hansen, a fraud investigator with the Seattle Police Department."

Sorry! There are no comments related to the filter you selected.

Why don't you (1)

DMFNR (1986182) | more than 3 years ago | (#35911644)

take a seat over there...

Re:Why don't you (0)

Anonymous Coward | more than 3 years ago | (#35911962)

Looks like he's taking your advice [thecarconnection.com] .

He's decided to change cars too!

I keep telling everyone (3, Insightful)

billyea (2029384) | more than 3 years ago | (#35911666)

SECURE YOUR WIRELESS ACCESS POINTS. Otherwise, unwanted traffic is your fault.

Re:I keep telling everyone (0)

Anonymous Coward | more than 3 years ago | (#35911686)

And secure them well, WEP is not security!

Re:I keep telling everyone (2)

cshay (79326) | more than 3 years ago | (#35914282)

Easier said than done. My neighbor has Windows7, and I tried to get her laptop to connect to her cable companies provided access point using WPA/WPA2 and it simply would not work. It would only work using WEP.

Seems to be a common problem....
http://answers.microsoft.com/en-us/windows/forum/windows_7-networking/windows-7-wireless-network-problem-windows-7-fails/ce399590-1c0d-482e-bc7e-bd4016e154b2 [microsoft.com]

Re:I keep telling everyone (-1)

Anonymous Coward | more than 3 years ago | (#35911718)

Mod parent troll!

What, you want take away the fun of cracking WEP from us?

Users, don't believe that, please do secure your networks, but use WEP.
WPA is believed to have wide open government back dour.

Re:I keep telling everyone (1)

billyea (2029384) | more than 3 years ago | (#35911774)

I thought the fun of cracking something came from defeating complex security. If there is no security (or weak-as-hell security like WEP) then where's your fun?

Re:I keep telling everyone (2)

jtownatpunk.net (245670) | more than 3 years ago | (#35911834)

The fun is sharing the CEO's pr0n stash with the entire company.

Re:I keep telling everyone (2)

Opportunist (166417) | more than 3 years ago | (#35913288)

But what do you do when he does it himself?

I once worked for a boss whose porn collection (and we're talking about spank-til-he-bleeds gay BDSM porn) was available on a public file share. How I knew it was his? Guess who was the guy without a mask...

I tried to be discreet about it, approached him, informed him that his rather private info is on the fileshare and promptly got asked whether I like them an invitation to his next party.

It was rather surreal. But then, the whole company was a bit like the role model for Reynholm Industries from IT-Crowd... Ahhhh, the good ol' dot.com times.

Re:I keep telling everyone (1)

John Saffran (1763678) | more than 3 years ago | (#35912322)

Why's the parent marked as troll? Securing your wireless access point is indeed your responsibility .. if you left your house unlocked most people would think you were being irresponsible, unsecured wireles points are just as irresponsible.

Re:I keep telling everyone (0)

Anonymous Coward | more than 3 years ago | (#35913070)

If I left my house unlocked I would only have to deal with crackheads, not arrogant neckbeards demanding that its their right they get at my data as it wants to be free. I know the crackhead would take the baseball bat to the head a lot better -cost of doing business and all. The neckbeard might just cry and I'd start to feel sorry for it. And no one wants that. Hackers aren't people, and people who make sure to let you know the difference between hackers and crackers certainly aren't people. So get out your bat, swing for the fences, and only worry about it if they claim to date fat chicks -- because then there might actually be children at stake.

Re:I keep telling everyone (1)

Israfels (730298) | more than 3 years ago | (#35913074)

It's worse than leaving your door unlocked. It's more like leaving your door unlocked and putting a sign out front in blinking lights telling everyone it's unlocked. (Broadcasting.)

Re:I keep telling everyone (1)

1u3hr (530656) | more than 3 years ago | (#35913974)

The access points were secured, but with WEP, which is easily cracked. I've got an old access point myself that only does WEP, but as I'm in a rural village the risk is minimal. In a city however, it'd be foolish.

Hi, I'm Chris Hansen from Dateline NBC. (2)

fak3r (917687) | more than 3 years ago | (#35911696)

Why don't you have a seat over there? ... What were you thinking?

Seattle Police - Priorities Are Not Job One (1)

gavron (1300111) | more than 3 years ago | (#35911716)

It's important to catch guys with laptops in a Mercedes, than gangbangers, murderers, or those guys who drive around in vans offering little girls candy.

Did someone in the Department find a $20 charge on his credit card, or is this just a simple case of "We serve nobody and protect nobody, but if you're using a laptop and an antenna in receipt of lawful radio signals, WE WILL FIND YOU!"?

I have done lots of wardriving. I can't afford a Mercedes tho. Does this put me halfway between the van-driving child-molesters and the war-drivers in the Merc? Should I fear if I ever go to Seattle?

E

Re:Seattle Police - Priorities Are Not Job One (1, Redundant)

benjfowler (239527) | more than 3 years ago | (#35911758)

If I had a dollar for every time I've read somebody try and justify their criminal activity by believing they're better than some other criminal. That's why paedophiles have such a hard time in prison: all the other criminals need to feel superior, while still remaining a complete and total waste of space. This happens so often, that this cognitive bias needs a name.

Re:Seattle Police - Priorities Are Not Job One (1)

oliverthered (187439) | more than 3 years ago | (#35911778)

ICD10-V-F60.2 or maybe F60.8

Re:Seattle Police - Priorities Are Not Job One (1)

Jaxoreth (208176) | more than 3 years ago | (#35912282)

ICD10-V-F60.2 or maybe F60.8

George Lucas, is that you?

Re:Seattle Police - Priorities Are Not Job One (3, Insightful)

gavron (1300111) | more than 3 years ago | (#35911822)

I hope you get lots of dollars, but wardriving is NOT a criminal activity. It's not a misdemeanor either. It's not against the law.

Receiving openly broadcast radio signals is one of our rights in the United States. While driving is a privilege, combining these does not make it a criminal activity.

I'm not trying to "justify" one event (not a crime) by comparing it to pedophiles (or paedophiles if you prefer an archaic and no longer correct spelling). There's no real comparison between NON-unlawful reception of open radio signals and molesting children. (Note: not all pedophiles molest children. I specifically referred to molesters because THAT IS criminal activity.

Best regards to you,

E

Re:Seattle Police - Priorities Are Not Job One (3, Insightful)

ustolemyname (1301665) | more than 3 years ago | (#35911868)

Using someone else's credit card is criminal. Doesn't matter if they use a megaphone and tell the whole world what it is. The fact the information is obtained through wardriving is simply the method.

Re:Seattle Police - Priorities Are Not Job One (0)

Anonymous Coward | more than 3 years ago | (#35911972)

who said anything about using other's credit cards? you're responding to a post that says wardriving isn't a crime. You can drive through my town and find out the library has free wifi, the little airport at the corner of the town has free wifi..... all free tor the taking, belly up to the trough and help yourself.

Re:Seattle Police - Priorities Are Not Job One (4, Insightful)

ustolemyname (1301665) | more than 3 years ago | (#35912082)

Exactly. But he was leaping to some crazy conclusion of this logic:
These guys were wardriving + the police are after them = cops are after them because they were wardriving
Which is stupid. The cops are after these guys for misusing the information they obtained, not because they were wardriving. If they had been wardriving, and simply retained the information for their own use the cops never could have found them and never would have needed to. Quite frankly his posts are aggressive and irrational, and I was trying to explain to him why the cops are actually after these guys. From the first sentence in the summary:

stealing credit card data

And if you RTFA you learn that the owner of the Mercedes was only discovered after he was busted performing other forms of fraud.

Re:Seattle Police - Priorities Are Not Job One (4, Insightful)

dissy (172727) | more than 3 years ago | (#35912182)

Using someone else's credit card is criminal. Doesn't matter if they use a megaphone and tell the whole world what it is

While yes using someone else's credit card fraudulently is criminal, I wouldn't say the megaphone bit doesn't matter.

Screaming out their customers credit cards of course does NOT excuse the wardrivers crime in any way shape or form. But the separate act of sending all of their customers credit card information to the world should also be a crime as well.

At the very least I wish the police would post a list of these companies, so the general public knows they can not be trusted with our business.

At most, the companies should be brought up on charges of mishandling customer credit accounts and fraud.
They will just need to schedule that court case for a different day than the wardrivers court date, so everyone can attend.

Re:Seattle Police - Priorities Are Not Job One (0)

Anonymous Coward | more than 3 years ago | (#35911880)

It makes no fucking difference if it is or isn't a crime. We're all fucked. Some maybe more than others of course.

Re:Seattle Police - Priorities Are Not Job One (3, Insightful)

hedwards (940851) | more than 3 years ago | (#35912080)

Did you even bother to read the summary? I get that this is /. and nobody RTFAs, but the summary was pretty clear that this wasn't just a case of wardriving, this was a case of wardriving until they found an unencrypted wifi connection and rummaging for credit card details. The details were then abused.

Trust me, they wouldn't be wasting the money on that around here if it were just stealing a bit of bandwidth.

Re:Seattle Police - Priorities Are Not Job One (1)

Jah-Wren Ryel (80510) | more than 3 years ago | (#35912410)

While driving is a privilege, combining these does not make it a criminal activity.

Driving is not a privilege. It is a right, under the broad umbrella of the right to travel freely.
If you want to compare it to something that is inarguably a right due to being explicitly enshrined in the Bill of Rights, look at guns.
You need a license to own a gun.
That license can be revoked as a criminal penalty.
Driving is pretty much the same.

Re:Seattle Police - Priorities Are Not Job One (3)

hedwards (940851) | more than 3 years ago | (#35912602)

Since when? Around here you don't need a license to own a firearm. In fact if you're a woman capable of claiming to be stalked, you can even get a handgun the same day.

Re:Seattle Police - Priorities Are Not Job One (1)

element-o.p. (939033) | more than 3 years ago | (#35912788)

I'll stay where I'm at, then.

I'm not a woman (nor do I play one on the Internet), I have never been -- nor have I ever claimed to have been -- stalked, but I was able to buy a handgun in a couple of hours recently.

Re:Seattle Police - Priorities Are Not Job One (2)

Jah-Wren Ryel (80510) | more than 3 years ago | (#35912906)

Since when? Around here you don't need a license to own a firearm.

Plenty of states do require you to have a license to own a firearm but yes, technically it is up to the individual state's laws. Just like requiring a driver's license is also technically up to the individual state's laws.

Re:Seattle Police - Priorities Are Not Job One (1)

dryeo (100693) | more than 3 years ago | (#35913082)

Most places you don't need a license to own a car or to drive it on private property. Requiring that you know how to drive (for using public roads) or use a firearm is quite reasonable. I've almost been killed by bad drivers and I've had too many bullets go by my head to think that any person should just be handed a dangerous tool without them having some knowledge about the tool.
Guns and automobiles have one thing in common, a bit of stupidity can kill innocent bystanders very easily.

Re:Seattle Police - Priorities Are Not Job One (2)

schwit1 (797399) | more than 3 years ago | (#35912772)

I never understood why did something become a privileged just because the state says it is. Rights can be limited or revoked if you break society's laws.

Re:Seattle Police - Priorities Are Not Job One (0)

Anonymous Coward | more than 3 years ago | (#35913100)

We've been under a "state of emergency" for decades, and we're all criminals. I don't care who you are. Every last person in this country is a criminal and that is FUCKED UP. It's like original sin to bypass the Bill of Rights.

Re:Seattle Police - Priorities Are Not Job One (0)

Anonymous Coward | more than 3 years ago | (#35913194)

That is the very definition of privilege. Something you are permitted to do only by the grace of some authority(be it an ethical or coercive one). That is why rights do not exist. They describe something already termed but more importantly, they assert tangible properties, that are in no way measurable. You can't have it both ways. If they are only conceptual properties, then they are no different than privileges. If they are material qualities, then where is the measure of these adjectives?

The truth is rights are a made up concepts which would be fine because many ideas that don't exist in reality are still valid, but unfortunately rights are not. All we ever have had as citizens are privileges that our government has offered us. You can cut through all this confusion over terms used by just looking at the actors and their actions. One small group of guys has guns and a set of rules which it enforces on itself and others (sometimes failing to do so and sometimes contradicting its rules but that isn't important for my point). They are not directly challenged or resisted by employing the initiation of force against the rest of the people. So as to prevent significant dissent, there is some cooperation involved in selecting who is tolerated to do the gun pointing but the offered choice is extremely limited. Among the rules that this small group promises to follow, there are some called rights which involve restrictions upon what the small group can do.

Now, if you consider groups that fit this description, you might notice that our government isn't the only one. Other coercive groups that rule through both violence and consent follow this pattern, like organized criminal bodies. Outright slaughter is avoided(even in the absence of a larger armed entity like our government, no mafia would be able to do such a thing, killing their host at best and being killed by it in retaliation at worst). Leaders are elected by not direct voting, but competition within the ranks and then an outward facing acceptance or rejection by the community.

So, being able to strip away the complicated beliefs in the government helps us see what rights are in another equivalent setting. Do shopkeepers have rights with respect to the mafia? No, of course not. We can see that the mafia abstains from certain behavior at its own discretion. This is no different than what our government does. It may be more explicit and codified, but the result is the same.

Re:Seattle Police - Priorities Are Not Job One (1)

petteyg359 (1847514) | more than 3 years ago | (#35912468)

Paedophile was never a correct spelling. Pædophile might have been, though.

Re:Seattle Police - Priorities Are Not Job One (0)

Anonymous Coward | more than 3 years ago | (#35912490)

Damn you /. and your lack of support for UTF-8.

Re:Seattle Police - Priorities Are Not Job One (0)

Anonymous Coward | more than 3 years ago | (#35913230)

I don't know if that us supposed to be funny, I didn't laugh.

Paedophile is the correct spelling in England which, I believe its the home of English.

Re:Seattle Police - Priorities Are Not Job One (2)

rolfwind (528248) | more than 3 years ago | (#35912502)

While driving is a privilege,

Driving is not a "privilege". The state cannot revoke your license because the governor or one of his officers just feels like it. It can only be taken under due process of law. That is the difference between a right and a privilege. Privileges can be revoked by the executive (doing what they feel like, not following any legislation.)

"The Right of the Citizen to travel upon the public highways and to transport his property thereon, either by horse drawn carriage or by automobile, is not a mere privilege which a city can prohibit or permit at will, but a common Right which he has under the right to life, liberty, and the pursuit of happiness." - Thompson vs. Smith, 154 SE 579.

Re:Seattle Police - Priorities Are Not Job One (1)

lee1 (219161) | more than 3 years ago | (#35912618)

Receiving openly broadcast radio signals is one of our rights in the United States. While driving is a privilege, combining these does not make it a criminal activity.

Then how can states make radar detectors illegal?

Re:Seattle Police - Priorities Are Not Job One (1)

Anonymous Coward | more than 3 years ago | (#35913474)

an archaic and no longer correct spelling

I always find it amusing to see US linguistic pedantry - from a country where people call a liquid 'gas'

Re:Seattle Police - Priorities Are Not Job One (0)

Anonymous Coward | more than 3 years ago | (#35911786)

You don't think that those stolen credit card numbers are being sold to organized crime and then used by very bad people to do very bad things? You live under a rock if you think this is a couple of harmless hackers.

Re:Seattle Police - Priorities Are Not Job One (4, Interesting)

Posting=!Working (197779) | more than 3 years ago | (#35911796)

I can't afford a Mercedes tho

It was a 1988 Mercedes. The laptop and antenna might have cost more than the car.

Re:Seattle Police - Priorities Are Not Job One (2)

coryking (104614) | more than 3 years ago | (#35911808)

Well, according to the Seattle PI, they are accused of stealing more than $750,000 In computer equipment and other items. So no, these guys did just a little bit more than a $20 charge on some dudes card.

Re:Seattle Police - Priorities Are Not Job One (0)

Anonymous Coward | more than 3 years ago | (#35912558)

In the time that you have done lots of wardriving, have you accumulated stolen servers, laptops, HDDs, gift cards, and credit card numbers to the tune of $750,000? Because, FYI, that's what the fucking article is about.

Re:Seattle Police - Priorities Are Not Job One (1)

The End Of Days (1243248) | more than 3 years ago | (#35912764)

It's a bizarre little group of armchair anarchists we have around here.

Re:Seattle Police - Priorities Are Not Job One (1)

artor3 (1344997) | more than 3 years ago | (#35912576)

I, for one, am glad that the Seattle PD is finally going after actual criminals instead of beating the shit out of teenage girls [youtube.com] and punching jaywalkers [youtube.com] .

To answer your question, you should fear going to Seattle only if you're a teenage girl. The Seattle cops aren't racist, they just prefer to beat on people who can't defend themselves.

Re:Seattle Police - Priorities Are Not Job One (1)

hedwards (940851) | more than 3 years ago | (#35912614)

Just out of curiosity, how do you think a reasonable police officer should handle being assaulted? That woman in the second video is damn lucky she was only punched, the officer could very easily have hit her with pepper spray or shot her under those circumstances.

Re:Seattle Police - Priorities Are Not Job One (1)

cbiltcliffe (186293) | more than 3 years ago | (#35912808)

Cop had his hand around the neck of the first one when the video started, choking her. That's unreasonable force for someone that was not seriously resisting.

In Canada, if you're arrested illegally, you have the right to resist arrest. So says the Supreme Court.

If a cop tried some shit like this with me for jaywalking, of all things, I would not go peacefully. And if they ever, for any reason, put their hand on my neck like this cop did to the first girl, they'd find some parts of their body mysteriously broken.

Re:Seattle Police - Priorities Are Not Job One (1)

artor3 (1344997) | more than 3 years ago | (#35912928)

I think a reasonable police officer should respond with reasonable force. A seventeen year old girl grabbing the wrist of a trained adult man does not warrant a full-on punch to the face.

And where's your defense of the first video? That girl, only fifteen years old, kicked her shoe off in the direction of the cop -- with an amount of force that a 90 year old cancer patient could shrug off -- and how does he respond? Throws her head first into a wall, grabs her by the hair and yanks her backwards onto the ground, sticks his knee in her back, and proceeds to beat the everloving shit out of her. Is that your idea of a reasonable response?

Re:Seattle Police - Priorities Are Not Job One (1)

flyneye (84093) | more than 3 years ago | (#35913750)

Sorry ,if officer O'Ryan has any testosterone at all he can handle a "female" suspect on his own or face ridicule in the locker room.
        Even sister-boy pork is expected to be able to handle basic stuff like a man. I can see some whiney low impact professions using any tech or method to make things easier, but there is an image to protect.
      But if that were my daughter in the first video, brat or not, both those officers would fall under deer rifle crosshairs in a very public way as an example to other cops nationwide. Those cops were just sister boy faggots and need prison raped.

Re:Seattle Police - Priorities Are Not Job One (1)

richlv (778496) | more than 3 years ago | (#35912904)

hmm. fuck. "disturbing" isn't the correct word for it (even disturbing is the though that this was way, way more common when cameras were not placed almost everywhere...)

even more disturbing is the small amount of publicity any abuse of power actually gets.

Re:Seattle Police - Priorities Are Not Job One (0)

Anonymous Coward | more than 3 years ago | (#35913066)

>It's important to catch guys with laptops in a Mercedes, than gangbangers, murderers, or those guys who drive around in vans offering little girls candy.

This is Seattle. We don't have gangbangers or murderers here, just lots of guys who drive around in vans offering little girls candy.

Re:Seattle Police - Priorities Are Not Job One (1)

Opportunist (166417) | more than 3 years ago | (#35913310)

Oh how I love answers like "Why do they prosecute $some_crime while there are still people doing $much_worse_crime at large?"

The reason is simple: Crimes are not solved serially. You might notice that they are also hunting murderers and gangbangers. It's not like the whole police department dropped everything they were doing, released suspects of murder crimes and are single mindedly hunting down wardrivers now.

What would you suggest? Let's ignore "minor" crimes for now 'til we got all the murderers, rapists and child molesters arrested? Ponder again. As a criminal, my immediate reaction would be "Hey! If I just rob that old lady's purse while not hurting her, they won't prosecute me. Soooo... as long as I don't hurt anyone and just steal their belongings, I have nothing to fear from the law".

I doubt you'd really want that.

And yes, wardriving by itself is not a crime (in most areas), but using that data to steal money is.

Re:Seattle Police - Priorities Are Not Job One (1)

Journe (1493651) | more than 3 years ago | (#35913556)

It's a crime because they're using these credit card numbers to purchase things. It's a crime because, even though WEP is not that secure, it's still basic security. It's a crime because they're accessing data that they should not be accessing.

They're not more important than the criminals you mention, they're not less important. They're criminals, period. Do you also think stopping murderers is more important than catching people who break into homes and steal things?

I'd like to see you come home to a ransacked house and say "I'm going to miss my TV, and all my other nice things, but boy, am I glad the police were busy catching a murderer."

You know... (1)

Anonymous Coward | more than 3 years ago | (#35911728)

If my coworkers and I shared your finacial information by tossing paper planes to one another, you'd think us nuts. Replace paper with electromagnetic waves and all is well.

Re:You know... (3, Informative)

geniice (1336589) | more than 3 years ago | (#35911950)

Tossing paper planes would probably be fairly secure.

1)data would remain within your line of sight so any attempt to directly intercept would be obvious
2)with correct folding data could be hidden making remote interception impossible
3)It's not standard enough for no one to have developed a standard attack

Feed 'em false numbers (4, Interesting)

karl.auerbach (157250) | more than 3 years ago | (#35911742)

It would be easy to set up a weakly protect access point that did nothing but generate bogus transactions with bad credit card numbers - that could pollute the crook's database, particularly if they don't do a good job of recording of which card number came from which network.

And if the bogus numbers were timestamped and logged then when the bad card numbers are used (and bounced) one could use the bounced transactions to build a map of where the crooks were on any given day.

Re:Feed 'em false numbers (0)

Anonymous Coward | more than 3 years ago | (#35911810)

It would be easy to set up a weakly protect access point that did nothing but generate bogus transactions with bad credit card numbers - that could pollute the crook's database, particularly if they don't do a good job of recording of which card number came from which network.

And if the bogus numbers were timestamped and logged then when the bad card numbers are used (and bounced) one could use the bounced transactions to build a map of where the crooks were on any given day.

That would require the cops to actually use a computer. or understand how to works

Re:Feed 'em false numbers (4, Insightful)

clang_jangle (975789) | more than 3 years ago | (#35911870)

I'm always amazed at shows like CSI and NCIS that make it look as though Law Enforcement is all about 1337 h4xx0rz using tech to prevail against evil, when reading between the lines of so many news articles reveals quite a different story.

Re:Feed 'em false numbers (1)

Anonymous Coward | more than 3 years ago | (#35912210)

That would require the cops to actually use a computer. or understand how to works

/. doesn't require understand how edits, why cops should understand how to works?

Re:Feed 'em false numbers (0)

Anonymous Coward | more than 3 years ago | (#35913276)

Didn't the us govt make honeypots illegal?

Re:Feed 'em false numbers (0)

Anonymous Coward | more than 3 years ago | (#35914484)

That's far too intuitive and sophisticated a solution for any governmental institution to implement.

No surprise (4, Interesting)

im_thatoneguy (819432) | more than 3 years ago | (#35911782)

We discovered that the company below us a few years back (here in Seattle) had not only an open wifi but also had all of their drives shared. We immediately went down stairs and warned them after one of us accidentally connected to their wifi and saw a whole bunch of computers (with official sounding names even) pop up in the file explorer.

Their reaction? "Whatever." They never put a password on it. I was actually surprised by their disinterest in locking down when alerted. Even after we told them that people could just drive by and steal all their company records... so stupid.

Re:No surprise (4, Funny)

blair1q (305137) | more than 3 years ago | (#35911828)

Let me guess. It was these guys [facebook.com] .

Re:No surprise (1)

actionbastard (1206160) | more than 3 years ago | (#35911948)

That's the funniest comment I've seen here in month's. Brah, seriously; I LOLed.

Re:No surprise (0)

Anonymous Coward | more than 3 years ago | (#35913754)

Seconded - and even /. agrees - my captcha is 'records'

Re:No surprise (4, Interesting)

dissy (172727) | more than 3 years ago | (#35912150)

That is unfortunately a very common reaction. I don't understand how people could not care either.

Another unfortunately common reaction is, after trying to be nice and warn them about the problem, once someone else actually does exploit the problem, they likely will come back to blame you :/

I do hope for your sake that doesn't happen, but I've had it happen to me before, and was shocked at the multiple layers of stupid their line of thinking was.

These days I don't even bother unless I already know the person. Being accused of a serious crime for only trying to help just isn't worth the chance.

Re:No surprise (0)

Anonymous Coward | more than 3 years ago | (#35912324)

I do hope for your sake that doesn't happen, but I've had it happen to me before, and was shocked at the multiple layers of stupid their line of thinking was.

Being in a position to receive blame for something you didn't do is stupid.

Unless you're getting paid a lot for it.

These days I don't even bother unless I already know the person. Being accused of a serious crime for only trying to help just isn't worth the chance.

It's that someone is more likely to be blamed for doing something rather than for not doing something. If something bad happens, and you didn't do anything, oh well, you didn't do it! But if you do something, and something bad happens, it's all your fault!

Nevermind that the "doing something" and "something bad happening" are two completely isolated things. It's still your fault!

More direct action was needed... (0)

Anonymous Coward | more than 3 years ago | (#35912380)

Anonymously writing the file names of various documents found on their drives and pasting the list on their front door would probably have started to get their attention enough to lock it. Without actually accessing their files, it would be a nice way of saying "your skirt's up, and here's what I can see"

Re:No surprise (4, Interesting)

PRMan (959735) | more than 3 years ago | (#35912590)

A company I used to work for was next door to a lawyer and all her drives showed up on our phones using Bluetooth (it was annoying when trying to reconnect your headset because you had to scroll past her 7 drives).

I told her about it and she didn't care! I told her that anyone could read her clients' confidential documents. She told me that she would sue them...<facepalm>

Re:No surprise (0)

Anonymous Coward | more than 3 years ago | (#35914312)

If I was their neighbor, it would be hard to resist...

1) Override the MAC on your wireless adapter to be random.
2) Create a shell script that writes consecutive files ("OpenWifiImagonnadeleteallayourdata!00001...) with just a few bytes each.
3) Write files to their drives until they run out of space or the wifi suddenly gets a password.

SMBs should stand up and take notice (1)

mysidia (191772) | more than 3 years ago | (#35911858)

Wireless Security is no longer an academic problem; as we can see from the article, it's now going beyond miscreants merely stealing access/internet bandwidth, or possibly pirating/illegal activities using the internet connection.

This goes to more serious crimes that more severely impact the operator of the network connected to the wireless AP.

SMBs can no longer safely dismiss wireless security with excuses such as "only a real expert hacker could break in anyways; there's no harm anyone's actually going to do; etc".

With money to be made breaching networks, practitioners of one of the oldest professions in the world, will be learning to breach insecure WiFi networks, to ply their trade of stealing....

More so, the more credit card computers get plugged into LANs without at least isolation from the wireless segment.

Re:SMBs should stand up and take notice (4, Funny)

plover (150551) | more than 3 years ago | (#35911954)

With money to be made breaching networks, practitioners of one of the oldest professions in the world, will be learning to breach insecure WiFi networks

Hookers are taking hacking classes now? Finally some slashdotters are going to meet some women!

Re:SMBs should stand up and take notice (1)

pspahn (1175617) | more than 3 years ago | (#35912120)

Wireless Security is no longer an academic problem; as we can see from the article

The medium may have changed, but the principles remain the same.

PCI security compliance with WiFi (1)

DigiShaman (671371) | more than 3 years ago | (#35911866)

I thought all business that deal with CC transactions must be within a secured network. In fact, there's even PCI guidelines on recommended settings to secure your WiFi access points. Unless business are using WPA/WPA2, shouldn't they be busted for not adhering to PCI security protocol? I've included a link to a PDF below for anyone interested.

https://www.pcisecuritystandards.org/pdfs/PCI_DSS_Wireless_Guidelines.pdf [pcisecuritystandards.org]

Re:PCI security compliance with WiFi (1)

plover (150551) | more than 3 years ago | (#35912012)

"Supposed to" and "are" are two different words.

Besides, it doesn't have to be PCI compliant if it's not customer data. They could be sniffing employees shopping on the web.

Re:PCI security compliance with WiFi (1)

DigiShaman (671371) | more than 3 years ago | (#35912040)

I'm willing to bet 99% of the Credit Card accounts on file with these businesses are from customers. If the look hard enough, they may find the corporate AMEX card.

Re:PCI security compliance with WiFi (1)

TheRaven64 (641858) | more than 3 years ago | (#35913450)

They could be sniffing employees shopping on the web.

Unlikely. When was the last time you saw a web store that didn't use SSL for submitting the credit card information (or a merchant bank that will do business with a company that doesn't)? If the site uses SSL, then a passive eavesdropper can't intercept the data, they need to perform some kind of MITM attack.

And this is why securing the access point is largely irrelevant. You should be treating the network as insecure, whether it's wired, wireless with WPA2, or carrier pigeons. Encryption should be end-to-end, not just for the first hop.

Re:PCI security compliance with WiFi (0)

Anonymous Coward | more than 3 years ago | (#35913514)

PCI has no teeth. Depends on your bank, but ours charges a whopping $18/month if we're not compliant. Cheaper to pay the fine then be PCI compliant from that perspective. Of course, we want to be secure regardless of PCI.

Great (2)

CruelKnave (1324841) | more than 3 years ago | (#35911916)

Now people are going to think that Wardriving is synonymous with stealing credit card numbers, when it's just the act of finding wi-fi from a car.

Re:Great (1)

Maow (620678) | more than 3 years ago | (#35913788)

Now people are going to think that Wardriving is synonymous with stealing credit card numbers, when it's just the act of finding wi-fi from a car.

I think Google has found that what you say is true.

They've faced a barrage of legal hassles for their "war-driving" whilst collecting Street View images. And it's never been shown, that I'm aware of, that they did anything remotely unethical with the data collected.

In fact, they even refused to release the collected info to governments due to "privacy reasons", if I recall correctly.

Wow, that's insanely silly (1)

Psychotria (953670) | more than 3 years ago | (#35911946)

"a group of criminals who they say have been cruising around town in a black Mercedes stealing credit card data by tapping into wireless networks belonging to area businesses."

If the criminals hadn't been wandering around blabbing about their exploits and saying it for everyone to hear then maybe the police wouldn't have even noticed them.

Re:Wow, that's insanely silly (2)

jd (1658) | more than 3 years ago | (#35912466)

Apparently it took five years of screaming at the top of their lungs for the police to notice them. Seattle apparently has rather more Lestrades' than Holmes'.

Criminal negligience (3, Interesting)

ndogg (158021) | more than 3 years ago | (#35912050)

Firstly, let's be clear, I want the people stealing the information caught, and locked up. They are criminals.

The business should be fined though if they did nothing to protect their information. This is like leaving a toddler at home alone all day (though not to the same degree.)

Re:Criminal negligience (1)

Beryllium Sphere(tm) (193358) | more than 3 years ago | (#35913318)

They should be facing private-sector penalties. They're answerable to their banks for compliance with the Payment Card Industry Data Security Standard, under their merchant account contract. The standard emphatically does not permit sending card numbers over open wireless networks.

Mix-a-lot (1)

tee-rav (1029032) | more than 3 years ago | (#35912084)

My money's on the Mix-a-Lot Posse.
Benzo? check.
Tinted windows? check.
One member of the gang, Larry, an allegedly-funny 'white guy' and 'real estate investor' has struggled in recent years to make payments on his many properties.
I predict the Benzo is an SEL, a 190 or an SEC, and that a search of the Benzo will reveal traces of buttermilk biscuits.

Re:Mix-a-lot (0)

Anonymous Coward | more than 3 years ago | (#35912684)

Awesome reference.

For those who don't know, Sir Mix-a-Lot, perhaps best known as the "I like big butts" guy, was from Seattle, and had a bunch of goofy 80s rap videos where he drove around Seattle in an 80s Benz.

I've lived in Seattle for about 3 years and I guess because nobody talks about him these days, didn't realize he was from here until recently. It's been interesting to re-discover him as a local hero. Lots of interesting local references in his old videos, many of them on YouTube.

Click on our website: ( http://www.fullmalls.com (-1, Troll)

xiaojiekfd (2061970) | more than 3 years ago | (#35912128)

Click on our website: ( http://www.fullmalls.com/ [fullmalls.com] ) Website wholesale various fashion shoes, such as Nike, Jordan, prada, also includes the jeans, shirt, bags, hats and decoration. Personality manufacturing execution systems (Mes) clothing, Grab an eye bag coat + tide bag Air jordan(1-24)shoes $30 Handbags(Coach l v f e n d i d&g) $35 Tshirts (Polo ,ed hardy,lacoste) $15Jean(True Religion,ed hardy,coogi) $30Sunglasses(Oakey,coach,gucci,A r m a i n i) $15 New era cap $12 Bikini (Ed hardy,polo) $20accept paypal and free shipping ( http://www.fullmalls.com/ [fullmalls.com] )

I just stabbed someone with a fork... (-1)

Anonymous Coward | more than 3 years ago | (#35912218)

Outlaw all forks before the children are hurt! THINK OF THE CHILDREN!

Unpossible! (0)

Anonymous Coward | more than 3 years ago | (#35912240)

Some small and medium businesses of Seattle don't implement PCI. They have probably falsified some stickers as well to make the customer feel good. They get wardriven all the way to the Afghanistan. This is all unpossible.

Wireless (0)

Anonymous Coward | more than 3 years ago | (#35912642)

Just a suggestion in 5 years of being clipped you might just want to secure those networks.
I suppose it would have been done by now if they were paying for the loss instead of the cc company.

Oups (0)

Anonymous Coward | more than 3 years ago | (#35912726)

Oups... Shouldn't these guys have complied with PCI DSS? That should be what the article is about instead of talking about the people trying to access the data.

If only we had listened... (2)

jafo (11982) | more than 3 years ago | (#35912746)

When google gave us a wake-up call that someone in a van could drive around and gather all sorts of information we didn't realize we were broadcasting.

blink blink (0)

Anonymous Coward | more than 3 years ago | (#35912936)

*looks down at the disassembled barcode scanning guns on his desk*

*looks outside at seattle*

Once again, the police are behind the curve.

Detective Chris Hansen (2)

itsphilip (934602) | more than 3 years ago | (#35913214)

"Why don't you have a seat over there"

surprise-- (-1, Troll)

irislll (2062784) | more than 3 years ago | (#35913220)

-Something unexpected surprise-- Hello. My friend === http://www.happyshopping100.com/ [happyshopping100.com] ==== Dedicated service, the new style, so you feel like a warm spring!!! WE ACCEPT PYAPAL PAYMENT YOU MUST NOT MISS IT!!! thank you!!! Believe you will love it.

Black Mercedes? (1)

optymizer (1944916) | more than 3 years ago | (#35914020)

This looks like the Russian Mafia.

The real world (1)

magamiako1 (1026318) | more than 3 years ago | (#35914290)

In the real world most businesses really don't care about security, particularly SMBs. They are such easy targets it's ridiculous. They pay their tech dude to come in and do a little bit of work, fix things if they're broken, etc.

"I have a virus on my system popping up stuff all the time and blocking my internet" is a case of calling a technician in.
"I want you to audit my network for security" is a question they wouldn't even know how to ask and whether or not they should ask, and they really wouldn't know whether or not the auditor did a good job.

Did I mention the technician might just be some local dude who has only ever set up basic linksys devices and worked at geeksquad?

The cost of doing business in an insecure manner is cheaper than the cost of doing business otherwise. And this article obviously shows it. Instead of going after the businesses for doing things in this manner, they're going after the guys driving around pointing it out.

They should charge each of these businesses for stolen credit card information until they get it through their heads they have to follow compliance rules.

End-to-end encryption? (1)

rfugger (923317) | more than 3 years ago | (#35914776)

Why aren't the connections with card processors encrypted end-to-end with SSL/TLS? Then the wifi security, which is outside the card processors' hands, would be irrelevant, and the card numbers would not be exposed to internet routers either. This is the responsibility of the card processors IMO. Everyone knows you don't send credit card numbers over the internet without TLS.

Re:End-to-end encryption? (1)

rfugger (923317) | more than 3 years ago | (#35914794)

Ah, I see it was probably stealing card numbers stored or entered into computers using keyloggers or other malware, so never mind the TLS.

Black Mercedes (1)

Grand Facade (35180) | more than 3 years ago | (#35914878)

should be outlawed!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?