Saturday, March 8, 2014
The largest consumer data breach in U.S. history started with an antenna hidden in a Pringle's can in a Minnesota parking lot.
Computers at The Works Bakery on Temple Street in Portland may have been infected by a malware program that was designed to gather information directly from credit and debit cards as they were swiped.
John Patriquin / Staff Photographer
TIPS TO PROTECT YOUR DATA
• Use secure passwords that include uppercase, lowercase, numbers, and special characters. Try to change passwords every few months.
• Use passwords to protect any wireless network.
• Use anti-virus software and keep it continually updated.
• Monitor financial statements for suspicious postings.
• Establish information security policies, train your employees and ensure that they follow the policies.
• Be aware of phishing emails that look like an email from a trusted entity or person but are actually from a hacker and include attached malware or request sensitive information.
• Encrypt as much data as possible, including data on laptops and smartphones.
• Keep secured networks or secured computers free from any connection to other networks, the Internet, or unauthorized removable data storage devices.
• Consider disabling USB and other forms of removable data storage devices from other computers as needed.
• Audit third-party data security firms to ensure they are legitimate and competent before allowing them into your networks.
Source: Identity Theft Resource Center
The criminals used the directional antenna and a laptop to detect and break into the wireless network at a Marshalls store, gaining access first to the manager's computer login details and then the parent company's entire computer system.
Over 18 months, the intruders quietly stole the personal data of 45.7 million customers, eventually costing Marshalls' owner, TJX Cos., nearly $2 billion in restitution. That breach, which began in 2005, hit customers nationwide, including shoppers in Maine.
So far this year, cybercrime has infiltrated targets in Maine, hitting the town of Cumberland, The Works Bakery cafe in Portland, and Agincourt Wallboard in Westbrook, putting at risk private information on customers or employees. These small-scale attacks occurred alongside high-profile attacks at major companies like Facebook and Apple, and publications such as The New York Times and The Washington Post.
TJX's weak point was its failure to follow basic security practices, such as protecting passwords and updating security software, said Liz Fraumann, executive director of Securing Our eCity Foundation, a San Diego-based organization that promotes safe business and consumer computer practices.
"Whether you are a large company like TJX or the local dry cleaner -- it's Computer 101. Follow the basic protections -- firewalls, passwords, updated security software," Fraumann said.
TJX did not immediately return calls seeking comment.
No company or organization -- no matter how big or small -- is immune from cyberthreats. As many as 92 percent of targets won't know they've suffered a computer breach until they are notified by an outside party, according to a Verizon report.
"There are only three types of companies out there: those that know they've had a breach and reported it; those who know they've had a breach and didn't report it; and companies that didn't know they've had a breach," said Eva Velasquez, chief executive of the Identity Theft Resource Center.
Cybercrime can involve full-scale criminal activity, warfare and cyberterrorism, data security experts said.
U.S. companies lose about $250 billion to intellectual property theft every year, according to Symantec, a security software maker. Internationally, $114 billion was lost to cybercrime, but that number could be as high as $388 billion if the value of time and business opportunities lost is included, Symantec said.
"The cyberthreat to our privacy, our economy and our national security is real and it is escalating," said Sari Greene, founder of Sage Data Security in Portland. "The motive can vary -- money, political statement, warfare -- but the fundamental tools and techniques used by cybercriminals, hactivists and nation states are fundamentally the same. We don't think of ourselves as being on a battlefield, but we are."
In the old days, worms and viruses were used to gain notoriety for the hacker. The impact of today's attacks has escalated to the point where hacking carries political and economic clout, as with "hacktivist" digital denial of service, or DDos, attacks, like those waged by the group Anonymous against targets ranging from major banks to celebrities. Today's malware can also be used to quietly gather critical information for monetary profit.
While there are many methods of breaching a computer system, one of the most common threats is malware, short for malicious software, which is used or programmed by attackers to disrupt computer operations, gather sensitive information, or gain access to private computer systems.
(Continued on page 2)