Protect your family from ID theft and wireless intrusion

By Larry Magid

In August 2008, the Justice Department indicted 11 people for hacking into the networks of nine major U.S. retailers and stealing 40 million credit and debit card numbers.

If you or your family shopped at TJ Maxx, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 or DSW your information could have been included in this online heist.

The thieves broke into the stores’ wireless networks using a technique called “war driving” whereby they simply drive or walk by a store using special equipment to detect vulnerable wireless networks. Once in, they planted “sniffer” software which harvested credit and debit card numbers and sent them to the hacker’s own offshore servers. It was an international effort involving criminals in the U.S. and Eastern Europe.

As a consumer of these stores there is little you can do to protect yourself other than perhaps using only cash. But cash has an even greater risk of loss or theft, so I’m not suggesting you shred all of your plastic to protect yourself! Besides, federal law limits your liability if your credit card number is misused as long as you report the loss.

Check your credit report & bank statements

It’s kind of scary when you think of it. You do everything you can do to protect your own PC and your own information—and then you hand over your credit card to a store whose network inadvertently makes it vulnerable to thieves.

You can’t control other people’s networks but it is a good idea to check your credit card and bank statements regularly to see if there is any loss. You should also get your free annual reports from all three major credit bureaus. The only free credit service authorized by the Federal Trade Commission is AnnualCreditReport.com.

Protect Your Wireless Network

You can protect your own wireless network by using encryption such as WPA (Wi-Fi Protected Access) that requires users to enter a password before accessing your network. The older WEP (Wired Equivalent Privacy) is not as secure as WPA and its newest iteration, WPA2. The WiFi Alliance has a tip sheet on wireless security that recommends you use the WPA2 standard. You can also turn off the broadcast of your SSID network name to make it harder for thieves to find your network.

In a podcast I did for CBS News, TrendMicro security expert David Perry said that stores with highly sensitive customer data such as credit card information should avoid wireless networking completely and use a more secure wired network. Kaspersky Lab’s David Emm agreed: “I guess you would see wireless networking as almost inherently more promiscuous so to speak than regular networks.”