Slashdot Mirror


Wardrivers Target Seattle Businesses

angry tapir writes "Seattle police are investigating a group of criminals who they say have been cruising around town in a black Mercedes stealing credit card data by tapping into wireless networks belonging to area businesses. The group has been at it for about five years, according to an affidavit signed by Detective Chris Hansen, a fraud investigator with the Seattle Police Department."

95 of 138 comments (clear)

  1. I keep telling everyone by billyea · · Score: 3, Insightful

    SECURE YOUR WIRELESS ACCESS POINTS. Otherwise, unwanted traffic is your fault.

    1. Re:I keep telling everyone by billyea · · Score: 1

      I thought the fun of cracking something came from defeating complex security. If there is no security (or weak-as-hell security like WEP) then where's your fun?

    2. Re:I keep telling everyone by jtownatpunk.net · · Score: 2

      The fun is sharing the CEO's pr0n stash with the entire company.

    3. Re:I keep telling everyone by John+Saffran · · Score: 1

      Why's the parent marked as troll? Securing your wireless access point is indeed your responsibility .. if you left your house unlocked most people would think you were being irresponsible, unsecured wireles points are just as irresponsible.

    4. Re:I keep telling everyone by Israfels · · Score: 1

      It's worse than leaving your door unlocked. It's more like leaving your door unlocked and putting a sign out front in blinking lights telling everyone it's unlocked. (Broadcasting.)

    5. Re:I keep telling everyone by Opportunist · · Score: 2

      But what do you do when he does it himself?

      I once worked for a boss whose porn collection (and we're talking about spank-til-he-bleeds gay BDSM porn) was available on a public file share. How I knew it was his? Guess who was the guy without a mask...

      I tried to be discreet about it, approached him, informed him that his rather private info is on the fileshare and promptly got asked whether I like them an invitation to his next party.

      It was rather surreal. But then, the whole company was a bit like the role model for Reynholm Industries from IT-Crowd... Ahhhh, the good ol' dot.com times.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    6. Re:I keep telling everyone by 1u3hr · · Score: 1

      The access points were secured, but with WEP, which is easily cracked. I've got an old access point myself that only does WEP, but as I'm in a rural village the risk is minimal. In a city however, it'd be foolish.

    7. Re:I keep telling everyone by cshay · · Score: 2

      Easier said than done. My neighbor has Windows7, and I tried to get her laptop to connect to her cable companies provided access point using WPA/WPA2 and it simply would not work. It would only work using WEP.

      Seems to be a common problem....
      http://answers.microsoft.com/en-us/windows/forum/windows_7-networking/windows-7-wireless-network-problem-windows-7-fails/ce399590-1c0d-482e-bc7e-bd4016e154b2

    8. Re:I keep telling everyone by sortadan · · Score: 1

      Yep. Old wifi cards can't do new crypto. Go get a new wifi card for $10 and use WPA2 with a strong password.

    9. Re:I keep telling everyone by Coren22 · · Score: 1

      Old or cheap, pick one.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    10. Re:I keep telling everyone by Coren22 · · Score: 1

      Or watching porn on your TV with no curtains...you are showing it to all...

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    11. Re:I keep telling everyone by Coren22 · · Score: 1

      If you leave your car door unlocked, and it is stolen, the insurance company won't pay up for damage when the car is recovered. If there is no sign of forced entry on your house when it is robbed, same thing. In both cases you will have to fight with your insurance company to get them to pay out, as it appears that you allowed the robbery in both cases.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  2. Hi, I'm Chris Hansen from Dateline NBC. by fak3r · · Score: 2

    Why don't you have a seat over there? ... What were you thinking?

    1. Re:Hi, I'm Chris Hansen from Dateline NBC. by sortadan · · Score: 1

      Oh god, not Chris Hansen! [shoots self in head]

  3. Seattle Police - Priorities Are Not Job One by gavron · · Score: 1

    It's important to catch guys with laptops in a Mercedes, than gangbangers, murderers, or those guys who drive around in vans offering little girls candy.

    Did someone in the Department find a $20 charge on his credit card, or is this just a simple case of "We serve nobody and protect nobody, but if you're using a laptop and an antenna in receipt of lawful radio signals, WE WILL FIND YOU!"?

    I have done lots of wardriving. I can't afford a Mercedes tho. Does this put me halfway between the van-driving child-molesters and the war-drivers in the Merc? Should I fear if I ever go to Seattle?

    E

    1. Re:Seattle Police - Priorities Are Not Job One by benjfowler · · Score: 1, Redundant

      If I had a dollar for every time I've read somebody try and justify their criminal activity by believing they're better than some other criminal. That's why paedophiles have such a hard time in prison: all the other criminals need to feel superior, while still remaining a complete and total waste of space. This happens so often, that this cognitive bias needs a name.

    2. Re:Seattle Police - Priorities Are Not Job One by oliverthered · · Score: 1

      ICD10-V-F60.2 or maybe F60.8

      --
      thank God the internet isn't a human right.
    3. Re:Seattle Police - Priorities Are Not Job One by Posting=!Working · · Score: 4, Interesting

      I can't afford a Mercedes tho

      It was a 1988 Mercedes. The laptop and antenna might have cost more than the car.

      --
      This sentence no verb.
    4. Re:Seattle Police - Priorities Are Not Job One by coryking · · Score: 2

      Well, according to the Seattle PI, they are accused of stealing more than $750,000 In computer equipment and other items. So no, these guys did just a little bit more than a $20 charge on some dudes card.

    5. Re:Seattle Police - Priorities Are Not Job One by gavron · · Score: 3, Insightful

      I hope you get lots of dollars, but wardriving is NOT a criminal activity. It's not a misdemeanor either. It's not against the law.

      Receiving openly broadcast radio signals is one of our rights in the United States. While driving is a privilege, combining these does not make it a criminal activity.

      I'm not trying to "justify" one event (not a crime) by comparing it to pedophiles (or paedophiles if you prefer an archaic and no longer correct spelling). There's no real comparison between NON-unlawful reception of open radio signals and molesting children. (Note: not all pedophiles molest children. I specifically referred to molesters because THAT IS criminal activity.

      Best regards to you,

      E

    6. Re:Seattle Police - Priorities Are Not Job One by ustolemyname · · Score: 3, Insightful

      Using someone else's credit card is criminal. Doesn't matter if they use a megaphone and tell the whole world what it is. The fact the information is obtained through wardriving is simply the method.

    7. Re:Seattle Police - Priorities Are Not Job One by hedwards · · Score: 3, Insightful

      Did you even bother to read the summary? I get that this is /. and nobody RTFAs, but the summary was pretty clear that this wasn't just a case of wardriving, this was a case of wardriving until they found an unencrypted wifi connection and rummaging for credit card details. The details were then abused.

      Trust me, they wouldn't be wasting the money on that around here if it were just stealing a bit of bandwidth.

    8. Re:Seattle Police - Priorities Are Not Job One by ustolemyname · · Score: 4, Insightful
      Exactly. But he was leaping to some crazy conclusion of this logic:
      These guys were wardriving + the police are after them = cops are after them because they were wardriving
      Which is stupid. The cops are after these guys for misusing the information they obtained, not because they were wardriving. If they had been wardriving, and simply retained the information for their own use the cops never could have found them and never would have needed to. Quite frankly his posts are aggressive and irrational, and I was trying to explain to him why the cops are actually after these guys. From the first sentence in the summary:

      stealing credit card data

      And if you RTFA you learn that the owner of the Mercedes was only discovered after he was busted performing other forms of fraud.

    9. Re:Seattle Police - Priorities Are Not Job One by dissy · · Score: 4, Insightful

      Using someone else's credit card is criminal. Doesn't matter if they use a megaphone and tell the whole world what it is

      While yes using someone else's credit card fraudulently is criminal, I wouldn't say the megaphone bit doesn't matter.

      Screaming out their customers credit cards of course does NOT excuse the wardrivers crime in any way shape or form. But the separate act of sending all of their customers credit card information to the world should also be a crime as well.

      At the very least I wish the police would post a list of these companies, so the general public knows they can not be trusted with our business.

      At most, the companies should be brought up on charges of mishandling customer credit accounts and fraud.
      They will just need to schedule that court case for a different day than the wardrivers court date, so everyone can attend.

    10. Re:Seattle Police - Priorities Are Not Job One by Jaxoreth · · Score: 1

      ICD10-V-F60.2 or maybe F60.8

      George Lucas, is that you?

      --
      In general, it is safe and legal to kill your children. -- POSIX Programmer's Guide
    11. Re:Seattle Police - Priorities Are Not Job One by Jah-Wren+Ryel · · Score: 1

      While driving is a privilege, combining these does not make it a criminal activity.

      Driving is not a privilege. It is a right, under the broad umbrella of the right to travel freely.
      If you want to compare it to something that is inarguably a right due to being explicitly enshrined in the Bill of Rights, look at guns.
      You need a license to own a gun.
      That license can be revoked as a criminal penalty.
      Driving is pretty much the same.

      --
      When information is power, privacy is freedom.
    12. Re:Seattle Police - Priorities Are Not Job One by petteyg359 · · Score: 1

      Paedophile was never a correct spelling. Pædophile might have been, though.

    13. Re:Seattle Police - Priorities Are Not Job One by rolfwind · · Score: 2

      While driving is a privilege,

      Driving is not a "privilege". The state cannot revoke your license because the governor or one of his officers just feels like it. It can only be taken under due process of law. That is the difference between a right and a privilege. Privileges can be revoked by the executive (doing what they feel like, not following any legislation.)

      "The Right of the Citizen to travel upon the public highways and to transport his property thereon, either by horse drawn carriage or by automobile, is not a mere privilege which a city can prohibit or permit at will, but a common Right which he has under the right to life, liberty, and the pursuit of happiness." - Thompson vs. Smith, 154 SE 579.

    14. Re:Seattle Police - Priorities Are Not Job One by artor3 · · Score: 1

      I, for one, am glad that the Seattle PD is finally going after actual criminals instead of beating the shit out of teenage girls and punching jaywalkers.

      To answer your question, you should fear going to Seattle only if you're a teenage girl. The Seattle cops aren't racist, they just prefer to beat on people who can't defend themselves.

    15. Re:Seattle Police - Priorities Are Not Job One by hedwards · · Score: 3

      Since when? Around here you don't need a license to own a firearm. In fact if you're a woman capable of claiming to be stalked, you can even get a handgun the same day.

    16. Re:Seattle Police - Priorities Are Not Job One by hedwards · · Score: 1

      Just out of curiosity, how do you think a reasonable police officer should handle being assaulted? That woman in the second video is damn lucky she was only punched, the officer could very easily have hit her with pepper spray or shot her under those circumstances.

    17. Re:Seattle Police - Priorities Are Not Job One by lee1 · · Score: 1

      Receiving openly broadcast radio signals is one of our rights in the United States. While driving is a privilege, combining these does not make it a criminal activity.

      Then how can states make radar detectors illegal?

    18. Re:Seattle Police - Priorities Are Not Job One by The+End+Of+Days · · Score: 1

      It's a bizarre little group of armchair anarchists we have around here.

    19. Re:Seattle Police - Priorities Are Not Job One by schwit1 · · Score: 2

      I never understood why did something become a privileged just because the state says it is. Rights can be limited or revoked if you break society's laws.

    20. Re:Seattle Police - Priorities Are Not Job One by element-o.p. · · Score: 1

      I'll stay where I'm at, then.

      I'm not a woman (nor do I play one on the Internet), I have never been -- nor have I ever claimed to have been -- stalked, but I was able to buy a handgun in a couple of hours recently.

      --
      MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
    21. Re:Seattle Police - Priorities Are Not Job One by cbiltcliffe · · Score: 1

      Cop had his hand around the neck of the first one when the video started, choking her. That's unreasonable force for someone that was not seriously resisting.

      In Canada, if you're arrested illegally, you have the right to resist arrest. So says the Supreme Court.

      If a cop tried some shit like this with me for jaywalking, of all things, I would not go peacefully. And if they ever, for any reason, put their hand on my neck like this cop did to the first girl, they'd find some parts of their body mysteriously broken.

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
    22. Re:Seattle Police - Priorities Are Not Job One by richlv · · Score: 1

      hmm. fuck. "disturbing" isn't the correct word for it (even disturbing is the though that this was way, way more common when cameras were not placed almost everywhere...)

      even more disturbing is the small amount of publicity any abuse of power actually gets.

      --
      Rich
    23. Re:Seattle Police - Priorities Are Not Job One by Jah-Wren+Ryel · · Score: 2

      Since when? Around here you don't need a license to own a firearm.

      Plenty of states do require you to have a license to own a firearm but yes, technically it is up to the individual state's laws. Just like requiring a driver's license is also technically up to the individual state's laws.

      --
      When information is power, privacy is freedom.
    24. Re:Seattle Police - Priorities Are Not Job One by artor3 · · Score: 1

      I think a reasonable police officer should respond with reasonable force. A seventeen year old girl grabbing the wrist of a trained adult man does not warrant a full-on punch to the face.

      And where's your defense of the first video? That girl, only fifteen years old, kicked her shoe off in the direction of the cop -- with an amount of force that a 90 year old cancer patient could shrug off -- and how does he respond? Throws her head first into a wall, grabs her by the hair and yanks her backwards onto the ground, sticks his knee in her back, and proceeds to beat the everloving shit out of her. Is that your idea of a reasonable response?

    25. Re:Seattle Police - Priorities Are Not Job One by dryeo · · Score: 1

      Most places you don't need a license to own a car or to drive it on private property. Requiring that you know how to drive (for using public roads) or use a firearm is quite reasonable. I've almost been killed by bad drivers and I've had too many bullets go by my head to think that any person should just be handed a dangerous tool without them having some knowledge about the tool.
      Guns and automobiles have one thing in common, a bit of stupidity can kill innocent bystanders very easily.

      --
      https://en.wikipedia.org/wiki/Inverted_totalitarianism
    26. Re:Seattle Police - Priorities Are Not Job One by Opportunist · · Score: 1

      Oh how I love answers like "Why do they prosecute $some_crime while there are still people doing $much_worse_crime at large?"

      The reason is simple: Crimes are not solved serially. You might notice that they are also hunting murderers and gangbangers. It's not like the whole police department dropped everything they were doing, released suspects of murder crimes and are single mindedly hunting down wardrivers now.

      What would you suggest? Let's ignore "minor" crimes for now 'til we got all the murderers, rapists and child molesters arrested? Ponder again. As a criminal, my immediate reaction would be "Hey! If I just rob that old lady's purse while not hurting her, they won't prosecute me. Soooo... as long as I don't hurt anyone and just steal their belongings, I have nothing to fear from the law".

      I doubt you'd really want that.

      And yes, wardriving by itself is not a crime (in most areas), but using that data to steal money is.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    27. Re:Seattle Police - Priorities Are Not Job One by Anonymous Coward · · Score: 1

      an archaic and no longer correct spelling

      I always find it amusing to see US linguistic pedantry - from a country where people call a liquid 'gas'

    28. Re:Seattle Police - Priorities Are Not Job One by Journe · · Score: 1

      It's a crime because they're using these credit card numbers to purchase things. It's a crime because, even though WEP is not that secure, it's still basic security. It's a crime because they're accessing data that they should not be accessing.

      They're not more important than the criminals you mention, they're not less important. They're criminals, period. Do you also think stopping murderers is more important than catching people who break into homes and steal things?

      I'd like to see you come home to a ransacked house and say "I'm going to miss my TV, and all my other nice things, but boy, am I glad the police were busy catching a murderer."

    29. Re:Seattle Police - Priorities Are Not Job One by flyneye · · Score: 1

      Sorry ,if officer O'Ryan has any testosterone at all he can handle a "female" suspect on his own or face ridicule in the locker room.
              Even sister-boy pork is expected to be able to handle basic stuff like a man. I can see some whiney low impact professions using any tech or method to make things easier, but there is an image to protect.
            But if that were my daughter in the first video, brat or not, both those officers would fall under deer rifle crosshairs in a very public way as an example to other cops nationwide. Those cops were just sister boy faggots and need prison raped.

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    30. Re:Seattle Police - Priorities Are Not Job One by Jawnn · · Score: 2

      I hope you get lots of dollars, but wardriving is NOT a criminal activity. It's not a misdemeanor either. It's not against the law.

      Receiving openly broadcast radio signals is one of our rights in the United States. While driving is a privilege, combining these does not make it a criminal activity.

      Did you read TFA, numbnutz? Breaking someone else's encryption, even if it's as lame as WEP, is a crime.

    31. Re:Seattle Police - Priorities Are Not Job One by Jawnn · · Score: 1

      Plenty of states do require you to have a license to own a firearm.

      Name one.

    32. Re:Seattle Police - Priorities Are Not Job One by ustolemyname · · Score: 1

      Sorry, I should have been more clear. I agree, third parties should be held accountable for poor security practices. However, if Bob broadcasts Bob's credit card information and Sally uses that information to make purchases without Bob's authorization, Sally is committing a crime. Don't get me wrong, Bob is an idiot, but just because Sally can lawfully receive the information doesn't mean she can lawfully pass it on (otherwise we'd have huge MITM issues with secretaries.)

    33. Re:Seattle Police - Priorities Are Not Job One by SydShamino · · Score: 1

      If driving is a right, and the ADA says you can't restrict rights based on a disability, why are the blind prevented from driving? Wouldn't the blind need to cause a few crashes (each) before their license could be revoked?

      --
      It doesn't hurt to be nice.
    34. Re:Seattle Police - Priorities Are Not Job One by d6 · · Score: 1

      Fighting with the cops is bad math.

      You can kick the shit out of a cop? way to go.
      Can you kick the shit out of 6 cops? Cuz that is what round two is going to be.

      Better to hold your temper while they are in control of your immediate destiny, remember names, remember faces and unload on them legally, after the fact if you feel compelled.

    35. Re:Seattle Police - Priorities Are Not Job One by KenSeymour · · Score: 2
      --
      "We can't solve problems by using the same kind of thinking we used when we created them." -- Albert Einstein
    36. Re:Seattle Police - Priorities Are Not Job One by hedwards · · Score: 1

      I see, so you're an expert on this? On what basis do you assert that it's not reasonable? The review on that incident has been completed and the conclusion was that he was well within both his rights and his training. The girl he hit apologized for assaulting him and has since been sentenced. Can't recall what the terms of it.

      As for the second one, that's a straw man argument, it's got precisely nothing to do with anything I said. I never said that officers never abuse their power or make mistakes. I also never said that it wasn't appropriate either.

    37. Re:Seattle Police - Priorities Are Not Job One by artor3 · · Score: 1

      What the hell do you mean, am I an expert in this? Since when do you need a PhD in knowing that beating up little girls isn't okay?

      The reviews of incidents like this are a joke. The cop gets a two week paid vacation while his buddies from work get to decide that, "nah, that bitch was asking for it". Meanwhile, they plant evidence or make up lies to charge the victim with some crime. The victim, desperate to get their life back and by now fully aware of just how corrupt the cops are, gives up and begs forgiveness, even though they've done nothing wrong. Not that their pleading matters... the inhuman bastards punish them for "assaulting a cop's knuckles" all the same.

    38. Re:Seattle Police - Priorities Are Not Job One by rhook · · Score: 1

      All I saw in the article was the police saying stolen gift card (not a credit card number) + wardriving setup in his car = he is stealing credit cards. I see no mention of any other evidence here. If the police had evidence that he was in fact stealing credit card numbers he would be in jail. It is pretty obvious that there is no other evidence since they were asking for permission to seize the car, something that would have been done already if they could obtain a warrant.

    39. Re:Seattle Police - Priorities Are Not Job One by rhook · · Score: 1

      Read the article, the police are trying to say that because he has a wardriving setup in the car that he is stealing credit card numbers. They offer no evidence to support their claim.

    40. Re:Seattle Police - Priorities Are Not Job One by rhook · · Score: 1

      Those should be going away soon since the US Supreme Court has ruled that the second amendment does in fact guarantee that individuals have the right to own a firearm. Lots of the draconian firearms laws will be going away in the next 10 years thanks to that ruling.

    41. Re:Seattle Police - Priorities Are Not Job One by WorBlux · · Score: 1

      A license is permission to do what would otherwise be illegal. If something really is a right, you don't need a license to do it, if you need a license to do it, it's not a right. Also the fact is that these licenses can be revoked by administrative rather than court procedures in certain situations. (Refusing a Breathalyzer test for instance)

      Also a lot of statutes read, whoever operates a motor vehicle on the highways of this state whose privilege to do so has been revoked, shall by guilty of... (Most states a misdemeanor, some states like Florida a felony) of such and such a degree.

      Another way of looking at licenses is as a privilege tax. If they believed it were a right, by their own rules they couldn't tax it.

      Also see senate resolution 62 of April 1933. The ultimate ownership of all property is in the State; individual so-called “ownership” is only by virtue of Government, i.e. law, amounting to mere user; and use must be in accordance with law, and subordinate to the necessities of the State.

      In fact this is the only thing that could be implied by the idea of legislation. "What, then, is legislation? It is an assumption by one man, or body of men, of absolute, irresponsible dominion over all other men whom they call subject to their power. It is the assumption by one man, or body of men, of a right to subject all other men to their will and their service. It is the assumption by one man, or body of men, of a right to abolish outright all the natural rights, all the natural liberty of all other men; to make all other men their slaves; to arbitrarily dictate to all other men what they may, and may not, do; what they may, and may not, have; what they may, and may not, be. It is, in short, the assumption of a right to banish the principle of human rights, the principle of justice itself, from off the earth, and set up their own personal will, pleasure, and interest in its place. All this, and nothing less, is involved in the very idea that there can be any such thing as human legislation that is obligatory upon those upon whom it is imposed. " -Lysander Spooner, Natural Law.

    42. Re:Seattle Police - Priorities Are Not Job One by flyneye · · Score: 1

      Well if being reasonable means letting corruption by those "meant" to protect the public go to proliferate as acceptable, in turn putting in danger every man, woman and child and falsely calling it ethics then you can join all the ethical dinosaurs and others with no will to survival for yourself or your progeny.
      This T-rex, who belives gays have the right to take themselves out of the gene pool while making a spectacle of themselves, will protect himself and his own to the death...candyass.

      No gays,trolls,ethnics,religious or upstanding citizens were harmed during the filming of this post.
      Further I salute the Military,Police and Firemen out there putting their ass on the line and doing what's RIGHT.
      You know, the opposite of the youtube seattle pogeybait in question.

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    43. Re:Seattle Police - Priorities Are Not Job One by oliverthered · · Score: 1

      I was going to call it benjfowler, 239527.

      thank God the internet isn't a human, right?.

      --
      thank God the internet isn't a human right.
    44. Re:Seattle Police - Priorities Are Not Job One by cbiltcliffe · · Score: 1

      Better to hold your temper while they are in control of your immediate destiny, remember names, remember faces and unload on them legally, after the fact if you feel compelled.

      Actually, that's exactly what I'm going to be doing, soon. There wasn't any violence involved in my contact with police abuse, but there were at least 6 of them in the first round. It's still ongoing, which is why I'm not going into any more detail, but suffice it to say, they'll regret it eventually...

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
  4. You know... by Anonymous Coward · · Score: 1

    If my coworkers and I shared your finacial information by tossing paper planes to one another, you'd think us nuts. Replace paper with electromagnetic waves and all is well.

    1. Re:You know... by geniice · · Score: 3, Informative

      Tossing paper planes would probably be fairly secure.

      1)data would remain within your line of sight so any attempt to directly intercept would be obvious
      2)with correct folding data could be hidden making remote interception impossible
      3)It's not standard enough for no one to have developed a standard attack

  5. Feed 'em false numbers by karl.auerbach · · Score: 4, Interesting

    It would be easy to set up a weakly protect access point that did nothing but generate bogus transactions with bad credit card numbers - that could pollute the crook's database, particularly if they don't do a good job of recording of which card number came from which network.

    And if the bogus numbers were timestamped and logged then when the bad card numbers are used (and bounced) one could use the bounced transactions to build a map of where the crooks were on any given day.

    1. Re:Feed 'em false numbers by clang_jangle · · Score: 4, Insightful

      I'm always amazed at shows like CSI and NCIS that make it look as though Law Enforcement is all about 1337 h4xx0rz using tech to prevail against evil, when reading between the lines of so many news articles reveals quite a different story.

      --
      Caveat Utilitor
    2. Re:Feed 'em false numbers by Anonymous Coward · · Score: 1

      That would require the cops to actually use a computer. or understand how to works

      /. doesn't require understand how edits, why cops should understand how to works?

    3. Re:Feed 'em false numbers by men0s · · Score: 1

      It would be easy to set up a weakly protect access point that did nothing but generate bogus transactions with bad credit card numbers - that could pollute the crook's database, particularly if they don't do a good job of recording of which card number came from which network.

      They could do that, yes, but I would hope that these war drivers understand that nearly all credit card numbers are generated according to the Luhn check. They would run those bad credit card numbers through an algorithm that returns a boolean value denoting whether the credit card is valid or not. If not, they would simply send it to the bit bucket in the sky.

  6. No surprise by im_thatoneguy · · Score: 4, Interesting

    We discovered that the company below us a few years back (here in Seattle) had not only an open wifi but also had all of their drives shared. We immediately went down stairs and warned them after one of us accidentally connected to their wifi and saw a whole bunch of computers (with official sounding names even) pop up in the file explorer.

    Their reaction? "Whatever." They never put a password on it. I was actually surprised by their disinterest in locking down when alerted. Even after we told them that people could just drive by and steal all their company records... so stupid.

    1. Re:No surprise by blair1q · · Score: 4, Funny

      Let me guess. It was these guys.

    2. Re:No surprise by actionbastard · · Score: 1

      That's the funniest comment I've seen here in month's. Brah, seriously; I LOLed.

      --
      Sig this!
    3. Re:No surprise by dissy · · Score: 4, Interesting

      That is unfortunately a very common reaction. I don't understand how people could not care either.

      Another unfortunately common reaction is, after trying to be nice and warn them about the problem, once someone else actually does exploit the problem, they likely will come back to blame you :/

      I do hope for your sake that doesn't happen, but I've had it happen to me before, and was shocked at the multiple layers of stupid their line of thinking was.

      These days I don't even bother unless I already know the person. Being accused of a serious crime for only trying to help just isn't worth the chance.

    4. Re:No surprise by PRMan · · Score: 4, Interesting

      A company I used to work for was next door to a lawyer and all her drives showed up on our phones using Bluetooth (it was annoying when trying to reconnect your headset because you had to scroll past her 7 drives).

      I told her about it and she didn't care! I told her that anyone could read her clients' confidential documents. She told me that she would sue them...<facepalm>

      --
      Peter predicted that you would "deliberately forget" creation 2000 years ago...
    5. Re:No surprise by Dabido · · Score: 1

      We used to have the same problem informing management about internal security problems. Their usual response was that we were to 'stop making holes' and no matter how many times we explained we weren't 'making holes' we were finding them and wanted resources to fix them, they'd just keep repeating that we were 'making holes'.

      --
      Sure enough, the cow costume was hanging up next to the superhero outfit and sailors uniform. (S,Spud)
  7. SMBs should stand up and take notice by mysidia · · Score: 1

    Wireless Security is no longer an academic problem; as we can see from the article, it's now going beyond miscreants merely stealing access/internet bandwidth, or possibly pirating/illegal activities using the internet connection.

    This goes to more serious crimes that more severely impact the operator of the network connected to the wireless AP.

    SMBs can no longer safely dismiss wireless security with excuses such as "only a real expert hacker could break in anyways; there's no harm anyone's actually going to do; etc".

    With money to be made breaching networks, practitioners of one of the oldest professions in the world, will be learning to breach insecure WiFi networks, to ply their trade of stealing....

    More so, the more credit card computers get plugged into LANs without at least isolation from the wireless segment.

    1. Re:SMBs should stand up and take notice by plover · · Score: 4, Funny

      With money to be made breaching networks, practitioners of one of the oldest professions in the world, will be learning to breach insecure WiFi networks

      Hookers are taking hacking classes now? Finally some slashdotters are going to meet some women!

      --
      John
    2. Re:SMBs should stand up and take notice by pspahn · · Score: 1

      Wireless Security is no longer an academic problem; as we can see from the article

      The medium may have changed, but the principles remain the same.

      --
      Someone flopped a steamer in the gene pool.
  8. PCI security compliance with WiFi by DigiShaman · · Score: 1

    I thought all business that deal with CC transactions must be within a secured network. In fact, there's even PCI guidelines on recommended settings to secure your WiFi access points. Unless business are using WPA/WPA2, shouldn't they be busted for not adhering to PCI security protocol? I've included a link to a PDF below for anyone interested.

    https://www.pcisecuritystandards.org/pdfs/PCI_DSS_Wireless_Guidelines.pdf

    --
    Life is not for the lazy.
    1. Re:PCI security compliance with WiFi by plover · · Score: 1

      "Supposed to" and "are" are two different words.

      Besides, it doesn't have to be PCI compliant if it's not customer data. They could be sniffing employees shopping on the web.

      --
      John
    2. Re:PCI security compliance with WiFi by DigiShaman · · Score: 1

      I'm willing to bet 99% of the Credit Card accounts on file with these businesses are from customers. If the look hard enough, they may find the corporate AMEX card.

      --
      Life is not for the lazy.
    3. Re:PCI security compliance with WiFi by TheRaven64 · · Score: 1

      They could be sniffing employees shopping on the web.

      Unlikely. When was the last time you saw a web store that didn't use SSL for submitting the credit card information (or a merchant bank that will do business with a company that doesn't)? If the site uses SSL, then a passive eavesdropper can't intercept the data, they need to perform some kind of MITM attack.

      And this is why securing the access point is largely irrelevant. You should be treating the network as insecure, whether it's wired, wireless with WPA2, or carrier pigeons. Encryption should be end-to-end, not just for the first hop.

      --
      I am TheRaven on Soylent News
    4. Re:PCI security compliance with WiFi by UncleTogie · · Score: 1

      The banks aren't where people get screwed on PCI compliance, it's the credit card companies. As part of your merchant agreement with them you agree to secure your network to PCI standards AND agree to potential audits by them. You're also supposed to get a quarterly PCI-compliance audit if you have an externally-facing IP address open.

      Securing wireless connections is PART of compliance. Check out more detail here:

      http://www.pcicomplianceguide.org/pcifaqs.php

      --
      Don't tell me to get a life. I'm a gamer; I have LOTS of lives!
  9. Great by CruelKnave · · Score: 2

    Now people are going to think that Wardriving is synonymous with stealing credit card numbers, when it's just the act of finding wi-fi from a car.

    1. Re:Great by Maow · · Score: 1

      Now people are going to think that Wardriving is synonymous with stealing credit card numbers, when it's just the act of finding wi-fi from a car.

      I think Google has found that what you say is true.

      They've faced a barrage of legal hassles for their "war-driving" whilst collecting Street View images. And it's never been shown, that I'm aware of, that they did anything remotely unethical with the data collected.

      In fact, they even refused to release the collected info to governments due to "privacy reasons", if I recall correctly.

  10. Wow, that's insanely silly by Psychotria · · Score: 1

    "a group of criminals who they say have been cruising around town in a black Mercedes stealing credit card data by tapping into wireless networks belonging to area businesses."

    If the criminals hadn't been wandering around blabbing about their exploits and saying it for everyone to hear then maybe the police wouldn't have even noticed them.

    1. Re:Wow, that's insanely silly by jd · · Score: 2

      Apparently it took five years of screaming at the top of their lungs for the police to notice them. Seattle apparently has rather more Lestrades' than Holmes'.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  11. Criminal negligience by ndogg · · Score: 3, Interesting

    Firstly, let's be clear, I want the people stealing the information caught, and locked up. They are criminals.

    The business should be fined though if they did nothing to protect their information. This is like leaving a toddler at home alone all day (though not to the same degree.)

    --
    // file: mice.h
    #include "frickin_lasers.h"
    1. Re:Criminal negligience by Beryllium+Sphere(tm) · · Score: 1

      They should be facing private-sector penalties. They're answerable to their banks for compliance with the Payment Card Industry Data Security Standard, under their merchant account contract. The standard emphatically does not permit sending card numbers over open wireless networks.

  12. Mix-a-lot by tee-rav · · Score: 1

    My money's on the Mix-a-Lot Posse.
    Benzo? check.
    Tinted windows? check.
    One member of the gang, Larry, an allegedly-funny 'white guy' and 'real estate investor' has struggled in recent years to make payments on his many properties.
    I predict the Benzo is an SEL, a 190 or an SEC, and that a search of the Benzo will reveal traces of buttermilk biscuits.

  13. If only we had listened... by jafo · · Score: 2

    When google gave us a wake-up call that someone in a van could drive around and gather all sorts of information we didn't realize we were broadcasting.

  14. Detective Chris Hansen by itsphilip · · Score: 2

    "Why don't you have a seat over there"

  15. Black Mercedes? by optymizer · · Score: 1

    This looks like the Russian Mafia.

  16. The real world by magamiako1 · · Score: 1

    In the real world most businesses really don't care about security, particularly SMBs. They are such easy targets it's ridiculous. They pay their tech dude to come in and do a little bit of work, fix things if they're broken, etc.

    "I have a virus on my system popping up stuff all the time and blocking my internet" is a case of calling a technician in.
    "I want you to audit my network for security" is a question they wouldn't even know how to ask and whether or not they should ask, and they really wouldn't know whether or not the auditor did a good job.

    Did I mention the technician might just be some local dude who has only ever set up basic linksys devices and worked at geeksquad?

    The cost of doing business in an insecure manner is cheaper than the cost of doing business otherwise. And this article obviously shows it. Instead of going after the businesses for doing things in this manner, they're going after the guys driving around pointing it out.

    They should charge each of these businesses for stolen credit card information until they get it through their heads they have to follow compliance rules.

  17. End-to-end encryption? by rfugger · · Score: 1

    Why aren't the connections with card processors encrypted end-to-end with SSL/TLS? Then the wifi security, which is outside the card processors' hands, would be irrelevant, and the card numbers would not be exposed to internet routers either. This is the responsibility of the card processors IMO. Everyone knows you don't send credit card numbers over the internet without TLS.

    1. Re:End-to-end encryption? by rfugger · · Score: 1

      Ah, I see it was probably stealing card numbers stored or entered into computers using keyloggers or other malware, so never mind the TLS.

  18. Black Mercedes by Grand+Facade · · Score: 1

    should be outlawed!

    --
    Rick B.
  19. Stealing information by Raenex · · Score: 1

    I want the people stealing the information caught, and locked up. They are criminals.

    If the suspects were actually breaking into the business and removing papers from filing cabinets, you could call that "stealing information". What's actually occurring is that these businesses are broadcasting their information in an insecure manner. In a free country, how can it be a crime to pick up on that information?

    Now, if they then use that information to commit fraud, that's where the true crime is taking place.

  20. Indeed: by Hartree · · Score: 1

    I only wardrive in a grey Ford.