Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter Introduction & Chapter 2 - Coggle Diagram
Chapter Introduction & Chapter 2
We need to learn tactics from previous attacks to better combat future ones.
In July 2005, Albert Gonzalez, Damon Patrick Toey, and Christopher Scott intercepted packets from a Marshall's store (owned by TJX) using a laptop and antenna to get the credit card numbers and identities to commit identity fraud. It was the biggest breach of its time.
Wi-Fi Vulnerabilities
Open System Authentication
instead of
Shared Key Authentication
.
They used a packet sniffer to gain store employee's logins to further do damage.
They used Track 2 Data to gain access to Credit & Debit information by using the magnetic strips on the cards.
Three Gains
espionage
public humiliation
financial gain
Other reasons for attacking
curiosity
personal entertainment
political activism
Spend more resources / time catching perpetrators instead of only focusing on defenses.
Gonzalez used Watt's packet sniffer to steal card info during the transaction so it could not be encrypted.
Credit card info was encrypted well but not communication between devices on store network.
TJX was to blame because they had little defense and missed opportunities to stop Gonzalez.
Gonzalez only wanted money to buy a yacht, then he would not do anything illegal.
Gonzalez knew that his biggest enemy was evading payment networks, not TJX.
Security breaches overrode the costs of switching to microchips so we could be more secure.
Banks like VISA and MasterCard cheaped out and went signature instead of PIN.