Cyber Wars by Charles Arthur

Author:Charles Arthur [Charles Arthur]
Language: eng
Format: epub
Publisher: Kogan Page
Published: 2018-04-12T16:22:28+00:00

Tying up the threads

On 7 May 2008, two months after Suvorov had vanished from the online world, and 10 months after Yastremskiy’s disappearance, the Secret Service arrested Gonzalez for hacking into the corporate network of a restaurant chain called Dave & Buster’s and planting a version of Watt’s ‘blablabla’ program on the point-of-sale systems to capture credit and debit card details.

There had been one problem with that version of ‘blablabla’: whenever the point-of-sale systems shut down, so did the program – and it wouldn’t restart with the rest of the systems. So Gonzalez’s team had to drive down to the store, hack into the Wi-Fi, restart the sniffer program, siphon off the collected data, and head out.

If you keep going to a restaurant car park but never buy anything, and you’re known to the Secret Service, eventually someone will join the dots.

In August 2008, Gonzalez was charged with the TJX hack, and the Dave & Buster’s hack. In January 2009 Heartland Payment Systems, a card processing company, detected a huge intrusion, and realized that more than 130 million credit card details had been stolen. Gonzalez had helped enable the theft.

Gonzalez had called his wardriving scheme ‘Get Rich Or Die Tryin’’. Neither happened. In January 2009 Yastremskiy, the Ukrainian whose arrest had set the dominoes falling, received a 30-year sentence from a Turkish court. Suvorov pleaded guilty in May 2009, and was sentenced to seven years’ jail; he was released in April 2014. In March 2010, Gonzalez took what he thought was a plea bargain, expecting the Secret Service to quash the charges; instead to his surprise he was sentenced to two 20-year prison terms, to be served concurrently – at that time, the longest ever for identity theft or cybercrime. The TJX hack became the first major disclosed commercial hack, and remains one of the biggest ever.

But Gonzalez hadn’t done badly on the riches. The indictment against him noted that he had $1.65 million in cash (about $1.1 million of it buried in bags in a backyard), a condominium in Miami (though its boarded-up windows belied its inhabitant’s wealth), a new BMW 330i, a machine for counting cash, and three different PCs.24 Scott had about $400,000, a Rolex watch and nine PCs.25 Toey had just $9,500, three Sony Vaio computers, an iPod nano and an XBox 360.26

In September 2008, TJX’s vice-chairman reflected that if the US had implemented chip-and-PIN (also known as EMV) for payments, the intrusion could have been avoided.27 EMV, which had already been implemented by the UK and many European countries by 2006, validates the card and its associated PIN at the terminal, and then encrypts the card details before transmission for authentication. The US didn’t make it compulsory for retailers (at pain of paying any fraud costs) until the end of 2016, and even then, American Express gave fuel stations until October 2020 to implement full EMV. Chip-and-PIN might have helped reduce card theft, but the US has been in no hurry to implement it.

Guesses at the potential total cost of the TJX breach ranged widely.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.