Credit card hacks and identity theft are becoming more and more common. Just recently over half a million credit card numbers were recorded and stolen at a local Australian business, using a simple key logger and Microsoft Remote Desktop Protocol. It’s said that the group responsible for the hack is the very same group that hacked hundreds of Subway stores.
The most shocking part about this hack is that there was no extensive coding or clever exploit needed to gain access to the network and workstations connected; the hackers simply checked for default passwords and got lucky. How a business of this size (one that processes millions of credit cards) could have security slips as rudimentary as this is just frankly hard to believe. The network was set up by armatures who knew virtually nothing about cyber security, and according to Detective Superintendent Marden, “It was a disaster waiting to happen.” My biggest concern is how this was allowed to happen. Despite high profile attacks that exploit the default passwords such as Garry McKinnon’s hack against the U.S. Military, organizations and businesses continue to leave default passwords or accounts active. Unfortunately this makes me question the security of all the purchases I have ever made with anything except cash. If this happened to a normal business in Australia what does this mean for all the places we use our credit cards? Can we ever be sure our credit cards are safe and secure?