Wardriving Scammers Off To Jail
By Mike Masnick, Fri Jun 04 23:15:00 GMT 2004
Some wardriving scammers who used an open network to access Lowe's to steal credit cards have admitted their guilt, but the real crime may have been committed by the Lowe's IT staff for setting up such a weak network.
Back in November, three men were arrested for hacking into the credit card system that was used by the Lowe's home improvement stores. The press immediately picked up on the wardriving angle of the story, even if that only had a small part to do with it. The scam worked by accessing the Wi-Fi network at one store, giving the men access to the chain's network and let them install some modified software that let them record credit card numbers used in certain stores.
While it is true that wardriving was a part of this scam, it wasn't the "wardriving" part that got them in trouble. The fact is that they were stealing credit cards. What's really disturbing is that the Lowe's IT staff set up their Wi-Fi networks to be so insecure.
Somewhat amazingly (considering how previous wardriving legal cases have gone) it looks like they're not defending their actions by trotting out the usual "we were just poking around and going to let them know" excuse. In fact, with the software modifications and the stolen credit cards, the case was pretty clear against these guys -- so it's not a huge surprise to see they've decided to plead guilty to the charges, and are now likely to face quite a lot of time in jail. Apparently, the sentences are based on the "potential losses" of $2.5 million - despite the fact that the article suggests only 6 credit card numbers were actually stolen.
Either way, it may make you wonder if you need to be concerned about Wi-Fi security in places you never expected to be a problem. You could be excessively careful in how you use Wi-Fi when you're out and about, and never realize that the next store you buy something in may be exposing your credit cards to someone in the parking lot. Maybe people are going to need to start doing some investigative wardriving themselves, just to make sure they're safe. Though, be careful not to set up a credit card logger, or you may face 12 to 15 years in jail.