After hearing about new information on the TJ Maxx (and subsidiaries) data breach pretty much on a daily basis, one can’t help but imagine how all of the credit cards were stolen. Did the criminals have insiders to give them leverage on the payment scanners? How did social engineering play a role in it all? How much planning was done before the actual hack begun? Well, all of those questions can be answered with this:

It was all done by wardriving.

With TJ Maxx having less secure wireless networks than most home networks according to the Wall Street Journal (which I still find hard to believe), all the hackers had to do was sit outside of the TJ Maxx parking lot, decode the payment information, and watch the credit cards roll in. The next story I would like to hear about this is how the TJ Maxx security team is being dealt with.

Cyber-thieves using a telescoping wireless antenna to intercept payment information may be responsible for the “biggest data breach ever,” investigators theorize.

The Wall Street Journal reported that hackers in St. Paul, Minnesota, parked outside a Marshalls’ department store and used the antenna to decode data between hand-held payment scanners, enabling them to break into parent company TJX’s database and make off with credit and debit card records of nearly 47 million customers.

Drive-by hacking, or “wardriving,” was the first major threat to Internet access over wireless connections. Wardrivers drive by or park near Wi-Fi hotspots or open networks and use various means to siphon off data from unsuspecting users.[more]

Tags: Hackers, Identity Theft, Wireless Security