23 October 2017
Paul Penrose

Finblog

Paul Penrose - Finextra

307Posts 1,341,179Views 246Comments

Waking up to wireless

14 May 2007  |  3609 views  |  2
The WSJ has reported that the hackers who made off with the credit and debit card details of 45 million shoppers at TJX, initially breached the firm’s perimeter defences through an insecure wireless network. TJX has yet to confirm the report, but according to the WSJ, opportunistic hackers used a laptop and an antenna to intercept data moving wirelessly between hand-held price checking units and store computers and cash registers at a Marshall’s clothing store in Minnesota. The data they got from this enabled them to crash the central database of parent company TJX.

It seems that the compromised wireless network was ‘protected’ using WEP (Wired Equivalent Privacy) encryption, one of the weakest forms of Wi-Fi security that can be cracked in as little as three seconds.

Given the proliferation of wireless access points to financial institutions, it might be an appropriate moment to dust off those old WiFi security policies and triple-check defences. A break-in on the TJX scale would be enough to finish off any bank.

TagsSecurityRetail banking

Comments: (2)

Peter Roberts
Peter Roberts - UCL - London | 15 May, 2007, 12:39 A scary item here on The Register about how WEP is hackable in around two minutes. Oh dear.
Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Elton Cane
Elton Cane - writer & tech geek - Brisbane | 15 May, 2007, 14:14 2 minutes or 3 seconds -- either way, it's a short enough time that someone could sit with their laptop within range of your network and compromise the security without raising suspicion. All security-conscious organisations with wireless networks should be using WPA encryption with a RADIUS server.
Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Paul

ANZ and Visa lose the plot

30 June 2011  |  6653 views  |  0 comments | recomends Recommends 0 TagsMobile & onlineRetail banking

Don't give up the day job...ever

20 May 2010  |  5874 views  |  0 comments | recomends Recommends 0 TagsTrade executionWholesale bankingGroupWhatever...

Now we are ten

19 April 2010  |  6261 views  |  3 comments | recomends Recommends 0 TagsRetail bankingWholesale banking

Finextra's Best of the Web

05 March 2010  |  5775 views  |  1 comments | recomends Recommends 0 TagsRetail bankingWholesale banking

The ATM was the last great financial innovation

25 February 2010  |  9857 views  |  8 comments | recomends Recommends 0 TagsRetail bankingWholesale bankingGroupFinance 2.0

Paul's profile

job title Head of Research
location London
member since 2007
Summary profile See full profile »
I'm responsible for editorial content and quality control across the full range of Finextra media.

Paul's expertise

Member since 2006
307 posts246 comments

Who's commenting on Paul's posts