TJX Breach Began With WEP Crack

Posted by kdawson on Saturday May 5, 2007 @07:33AM from the pwn3d-by-Pringles dept.

An anonymous reader sends us to the Wall Street Journal for a detailed report on what is known to date about the TJX data breach. It seems that the loss of over 45 million credit card numbers and more than 450,000 SSNs, driver's license numbers, and military identifications began with someone using a "telescope-shaped" antenna at a wireless link at a Marshall's near St. Paul, Minnesota in July 2005. The link was encrypted using WEP, which had been known to be broken since 2001. The crackers who got into the TJX central databases are believed to be Romanians or Russians with ties to the Russian mobs. The eventual cost of the TXJ fiasco could exceed $1 billion — not including the numerous lawsuits filed against the retailer.

2 of 164 comments (clear)

Min score:

Reason:

Sort:

Re:Why isn't WEP recalled? by Gordonjcp · 2007-05-05 09:46 · Score: 0, Troll

WPA is more like a front-door with a keylock and a deadbolt.

No, WPA is more like the lock on your bathroom door with a big sticker saying "This is really really secure, don't even try and break it!". It can be broken in a couple of minutes.

Ever wondered why proper commercial wireless equipment only gives you the choice of WEP and AES?
Re:Why isn't WEP recalled? by Gordonjcp · 2007-05-05 10:24 · Score: 0, Troll

I've seen WPA cracked in less than two minutes. It's broken. Do not use it. And yes, I mean WPA, not WEP.