botnet

The TJX case, one of the largest ID- and CC-theft cases so far, has finally gone to court.

The Feds rolled up a large, international circle of criminals who are charged for hacking their way to access a wide array of personal data. According to Attorney General Michael Mukasey, this is the single largest and most complex identity theft case that's ever been charged in the US.

Companies that got hacked include major brands like the OfficeMax, Barnes & Noble, Boston Market, Sports Authority, Forever 21, DSW, BJ's Wholesale Club and TJX Companies.

"They used sophisticated computer hacking techniques that would allow them to breach security systems and then install computer programs that gathered enormous quantities of personal financial data, which they then allegedly either sold to others or used themselves," Mukasey said. "They caused widespread losses by banks, retailers and customers."

The TJX Senior Vice President Sherry Lang ensures that TJX has gone a long way in order to assist the investigation:

"With our customers always being our primary focus, TJX has gone to great lengths to secure its customers' data," Lang said. "However, broader action beyond retailers alone is required to protect consumer data. Banks and the U.S. payment card industry must join retailers and work together, including installing the proven card security measures in the U.S. that are already in use throughout much of the rest of the world."

I like Lang's request - there is no doubt in my mind that the more we integrate and consolidate technology, solutions and tools - into what we consider efficient communication - the easier it is to exploit those tools. Remember - a few years back, you had to hack into each shop. A little later, you could reach the HQ, as the shops started to interconnect. Today, you can reach almost anything, anywhere - just using your brains and a computer.

Compliance is one thing that may help, better understanding of the technology and it's potential is equally important. From a business point of view, I think it is very important to consider the upside of adopting new (young) technology against the potential damage the new technology may inflict.

I am looking forward to following this case!

Other TJX related information

• TJX – you have done a great job!

• TJX gives CC advice to their customers!!!

• TJX update and "How it was done"
  

• TJX economics - the price it is easy to calculate
  

• TJX - the Wall Street Journal article
  

• All posts tagged: TJX

Dark Reading has a good writeup on BotNets today - very descriptive, and written without all the technical blah-blah. If you ever wanted to understand the hows and the whys of BotNets, this is a very good place to start!

Imagine you are a well know, global brand. Your brand includes several high value products with brands that are recognized by anyone. 

Would you protect your brands? Like trademarking them? Patenting the technology? Building public awareness? Promote and market them?

Sure you would.

What if someone then contacts you and tell you that your computers are spewing out spam. Covering your own products, your competitors products as well as any other kind of products we all receive in our inboxes. 

What would you do now?

I bet you would not dig your big, fat head into the sandbox and pretend that the spamming is not happening. I am sure you would instantly recognize the problem, and start investigating, and then clean out your closet. 

There is no way you would do as Pfizer does.

You see, many of the Viagra, Cialis and penis enlargment pill spams you get in your mailbox originate from within the Pfizer network, and Pfizer does nothing about it.  

Pfizer, it is time to realize you need to clean out your closet. if you are not sure how to do it yourself, I know of many who would love to offer a helping hand!

According to Fortinet, a new dialer malware is on the spread. Their researchers claim that the threat was mainly reported in Mexico and the US, and that the malware uses the analogue modem to call long-distance calls.

In their newsletter, they make this comment: