How Hackers Steal Your Credit Cards From Retailers

After reading this article, it amazes me how stupidly most people implemented wi-fi when it first came out. When we bought our first laptop in 2004, we were able to view networks that our neighbors set up, and none of them were secured. Now, everybody has a security key that is generally set up by the equipment manufacturer.

So, if you jump in the Wayback Machine for a moment, you can see why the famous hacks mentioned in the media recently (TJ Maxx, Barnes and Noble, DSW Shoes) could have taken place out in the parking lot without anyone in the store knowing, while the hackers drove from location to location trying to pick up something:

[Brian] Salcedo, 25, is serving a record-breaking nine-year prison term for a 2003 intrusion into Lowe’s corporate network. Salcedo and another hacker had parked outside a Lowe’s in Southfield, Michigan and tapped into the store’s unsecured WiFi network. Over the course of weeks, they used their foothold to penetrate Lowe’s servers at stores across the country, where they eventually planted software that would sniff and store customer credit card numbers as they flew from cash registers to a processing server in North Carolina.

…

[Albert] Gonzalez is the alleged mastermind of a series of WiFi based intrusions into U.S. retailers, including TJ Maxx, OfficeMax and DSW. Perfecting the attack pioneered by Salcedo, Gonzalez allegedly stole at least 40 million credit and debit card numbers worth millions of dollars on the black market. Gonzalez was arrested in a Miami hotel room last week, in possession of more than $20,000 in cash and a Glock 27 firearm with ammunition.