Seattle companies' wireless networks hacked by wardrivers

Tools

More than a dozen businesses in the Seattle area were hacked into via their wireless networks, according to a grand jury indictment of three men this month. To add insult to injury, authorities said that the small hacker ring penetrated one business's network using computer gear it had stolen from that business, reports Mathew J. Schwartz at InformationWeek.

The accused hackers drove around in a black 1988 Mercedes sedan equipped with special antennas and network gear, and targeted networks using Wired Equivalent Privacy (WEP), an outdated standard still in use in a lot of Wi-Fi routers, Schwartz reports. They were indicted on 10 counts, accused of stealing credit card numbers and payroll data among other things. They took control of the payroll system to channel funds to debit cards and used credit card numbers to buy high tech gear and expensive merchandise, according to the indictment. 

"They hijacked payroll information so that payroll funds would be distributed to accounts under their control and sent company funds to reloadable debit cards, allowing them to rapidly cash out the company accounts," the indictment reads.

The hackers "wardriving" tactic is not a new one, Schwartz notes. The infamous hack into TJX Companies--which compromised 45.6 million credit and debit card numbers--also involved wardriving and the WEP standard.

Schwartz asks the obvious: "Why are businesses still using WEP?"

For more:
- see Mathew J. Schwartz's article at InformationWeek

Related Articles:
Six likely security holes in your organization
Security advice from ex-Anonymous 'hacktivist'
Is your partner's network your weak link?