Posted on 08/25/2008 6:04:33 AM PDT by kellynla
An unknown Indian hacker is being charged with the greatest cyber-heist in history for allegedly helping a criminal gang steal identities of an estimated eight million people in a hacking raid that could ultimately net more than Pound2.8 billion in illegal funds.
An investigation by Scotland's Sunday Herald newspaper has discovered that late on Thursday night a previously unknown Indian hacker successfully breached the IT defences of UK's Best Western Hotel group's online booking system and sold details of how to access it through an underground network operated by the Russian mafia.
There are no details yet on how the hacker was identified to be an Indian and if a probe is on to identify the person. It is also not known if the hotel chain has alerted the police about the heist.
The attack scooped up the personal details of every single customer that has booked into one of Best Western's 1312 continental hotels since 2007. Amounting to a complete identity-theft kit, the stolen data includes a range of private information including home addresses, telephone numbers, credit card details and place of employment.
'They've pulled off a masterstroke here,' said security expert Jacques Erasmus, an ex-hacker who now works for the computer security firm Prevx. 'There are plenty of hacked company databases for sale online but the sheer volume and quality of the information that's been stolen in the Best Western raid makes this particularly rare. The Russian gangs who specialise in this kind of work will have been exploiting the information from the moment it became available late on Thursday night. In the wrong hands, there's enough data there to spark a major European crime wave.'
(Excerpt) Read more at story.malaysiasun.com ...
horse...barn...
stinky reassurance
identity theft must be ended. Corporate greed has created this system, supported by enabling legislations all around the world. Ahh, lobbyists.
While the hacker and the Russian mafia must be brought to justice, the real issue is complete and utter reform to put this information out of reach and unusable. The FReeper braintrust needs to develop a checklist of reforms.
First, firewall schmirewall, whenever someone “breaks in”, nothing should be there. That’s for openers.
Second, VERY powerful encryption/decryption schemes must be built into to every step of every transaction. For example, ten steps to a transaction? Then ten different encryption schemes.
Those more knowledgable can point out other changes...
Will Best Western management have to return their price/schedule bonus checks?
Off the top of my head...just adding a pin code to all transactions would help a ton.
But then the pin code could be captured on the keypad, so it still has holes, but it’s better then the current system. At least with the pin code, you’d have to capture a live input as opposed to a database with info in it.
Things booked via phone will suck, so add the pin as a security option for people like me who only buy online or in person.
Encryption works well during a transaction. These people broke into the database that stores the information after it was encrypted and then decrypted to readable information and stored as such. Encryption protects during the transaction. The problem is the ASCII text in the fields in the database.
In case there is any confusion on the point, the precise definition of a “secure website” is:
>> one that has not been hacked yet <<
Identity theft is a problem because we have put up with universal identifiers that “establish” our identity across a broad spectrum of services. That would be your SSN, btw. The only way to make identity theft obsolete would be to
1) stop using a single identifier for everything
2) remove the secrecy from the SSN so that it can’t be used as a single identifier
3) start requiring physical tokens for everything (smart cards)
4) get rid of all of the “easy pay” crap (credit cards with RFIDs in them, SpeedPass, storing your credit card number in your hotel profile for easy booking, etc)
But the problem is that there are lots of people who would never let this happen because “smart cards are the mark of the beast” and they “help big brother keep track of us”.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.