Goddammit New Jersey. Stop sucking.

I need to move. :(

@Eldritch:
Leela: "Who knew that there was an actual, factual hell? And that it was located in New Jersey?"

Fry: "Well..."

I think my slurpie was worth it.

@Eldritch: What's a New Jersey?

So what sort of punitive actions are being explored for this anyway? We do get to add extra years for deliberate malevolence right?

This on top of what the card co.s are doing to us. My bank used the Heartland and the only way I knew anything is my card didn't work after dinner!

My credit card number was among those stolen. I don't believe this guy and the unnamed co-conspirators are any more culpable than the merchants who allowed this data breach to happen.

SQL Injection is one of the most common attacks (and doesn't really constitute hacking). But, it is 100% preventable. The vulnerabilities exist when programmers stick user input directly into their database queries (which is executed by the database software). Example: [xkcd.com] .

The protection these software developers give your personal information is about equivalent to storing it in an unlocked location with an "employees only" sign on the door. It's available to anyone curious enough to look inside.

Of all possible locations, I would not have guessed Russia.

These are not HACKERS. They are criminals. Don't confuse the two.

If an attack was made to a computer system that penetrated the system security, that is called a "CRACK." not a hack. A hack is when you use duct tape to re-attach your bumper when it falls off.

Both the original article and the consumerist headline are using the terms incorrectly.

[en.wikipedia.org]

@merist: If you'll excuse me, I'm off to LifeCracker.

@WraithSama: Hahahaha I love the other episode too:

*Fry Leela and Bender looking at apartments all day, finally come across an awesome big apartment with a great view*

Fry: Wow this is perfect! Whats the catch?

Agent: Well... technically, the apartment is in New Jersey.

*Cut back to the Planet Express office*
Damn! not a single half way decent place.

@saltyoak: I had this happen to me after the TJX breach. My bank had sent me a new card but it was in an envelope that looked like a bank statement envelope so I tossed it in the incoming mail pile to deal with later. I found out when my card got declined at Target, good thing Target still takes checks.
I got nailed in the Heartland incident too, our local food coop used to use Heartland. They promptly removed the Heartland sticker from the front door after the Heartland breach.
What concerns me even more would be to have something like this happen again while I am out of town.

@merist: No, breaking in counts as hacking too. What makes it cracking, is when they break something or steal something.

Hackers are like nonviolent ninjas. They come in, look around, dont touch anything, and leave. Without people finding out.

@darkforcesjedi: You don't want to know how many companies store full credit card information in databases and never purge it.
We found one once on an Access database on their web server. We still had a hard time convincing the CEO that this was a huge risk. Facepalm.

@GitEmSteveDave_PorchMonkey4Life:
You'll notice that there nothing on the LifeHacker web site on how to break into computer systems and steal credit cards. A quick search brings up 87 articles on Duct Tape.

[lifehacker.com]

@zibby:

A new generation of Russian hacker is behind America's latest criminal scourge. Young, intelligent and wealthy enough to zip down Moscow's boulevards in shiny BMWs, they make their money in cyber-cubbyholes that police have found impossible to ferret out.

"Why should I take a regular job after graduating and exert myself to earn just $2,000 a month, rather than grab this chance to make money?" says a Russian hacker on a cyber-crime forum that specializes in credit card fraud.

Cyber-crime gangs approach computer programming graduates from Moscow's technical universities with offers of making sums of $5,000 to $7,000 a month, a far cry from Russia's average monthly salary of $640, says Nikita Kislitsyn, editor of Hacker, a glossy Russian magazine with how-to information for budding hackers.

@merist:

Actually, a "Hack" is when you cut the bumper off either because you have no duct tape or it's too expensive.

@merist: Really? You want to play that?

How to pick locks: [lifehacker.com]

How to "crack" Wifi passwords: [lifehacker.com]

How to get free airport Wifi: [lifehacker.com]

I was just kidding, but you had to get all serious.

Its amazing how many servers are still vulnerable to SQL injection. Porn sites used to be (and still are) the place that 'those kind of people' would crack to get ID's. The server is only as strong as the commerce software that is running on it, and many dont bother updating their commerce software.

@GitEmSteveDave_RunsFromBestBuy: With those links, I think you made my point for me.

@merist: I take your point, but I can't have a headline that says "Crackers do such and such." I'll leave you to figure out why.

@bohemian: I got my new card last night--fortunately, I recognized the envelope as the usual careful neutrality of a card shipment. Sure enough. Interestingly, Discover's statement makes a point of saying "this isn't the merchant's fault, don't go bugging them about this."

@saltyoak: I think that the DOJ is saying 2006 to 2008 but some tech forums and blogs say maybe even 2005, 2004, even 2003 for the TJX exploits.

I had a debit card on a joint account by my former spouse go down in February 2005. It was used on a cloned card that blew out my bank account over Superbowl weekend when the criminal when for a huge shopping spree in NYC- both me and the ex were in TN. Funny thing was that it was on the edge of all the info about these huge blowout id thefts getting out. At the time only the San Francisco Gate had an article about "a major US retailer" being subject to an ID theft deal. When I called the banks security (then Amsouth) I had to educate the guy I spoke to about "cloned" cards since he didn't believe me as "you had to physically have a card to make these transactions". I was able to school him by telling him that I had the card in my hand from pulling it out of the filing cabinet since my ex-had not used it in 6 to 8 months as we had been separated. She had to sign affidavits etc about it. We eventually figured it probably was TJX when the story broke as the ex had shopped at TJMaxx often.

Now when cards are compromised- my 2nd wife and I had a weird airline ticket charge on a debit card about 6 months ago- the bank takes the info over the phone, refunds you the money, and just sends you a new card without accusing you of the fraud.

@floraposte: Most likely this wasn't the merchant's fault. Once the merchant sends the credit card info to the processor and then the processor gets hacked, it's no longer in the merchant's control

@zibby: Haven't you ever seen Goldeneye?

@MostlyHarmless: Great analogy!

@Meg Marco: lol awwww why you'd have to go and bring race into it?

@Meg Marco: Its just as someone who considers himself a hacker, I resent being grouped in with these criminals.

@Meg Marco: That could get very bad.

But also entirely funny.

@merist: Now the self-proclaimed "hackers" can claim victimhood. Resent away.

@merist: As a white guy, I resent being grouped in with the guys that crack computer systems.

Here's what I don't get...are they just capturing a days worth of transactions from 7-11 when they're in there? Or if I bought a Big Gulp six months ago and paid with credit card (it's all about the miles) is my number still in there? I can see an Amazon keeping a number on file but why should 7-11 have so many numbers laying around?

@Meg Marco: You may want to revisit the "anti-consumerist" mayoral candidate post then, given the use of the term "theater fag" in it.

When I saw that they had hacked/cracked 7-11, I took a Big Gulp.

@formergr: No, it's okay. I was in theater, so I'm taking it back.

@golddog:

What these folks did was gain access into retail computer systems and install a sniffer program which would harvest and store credit card data. The hackers would then go back in, download that data and sell it through various sources.

The best thing you can do is monitor your credit card and bank accounts for any suspicious activity. Sticking with credit cards instead of using debit cards is useful too since your liability is generally limited when you use a credit card vs. a debit card.

In the end, no computer system is 100% safe and you must remain vigilant.

@merist: Get over the wiki.......all the terms can be used interchangebly.

Got my fourth piece of unordered merchandise in the past week today, some herbal supplements shipped to me from China because of this or a similar theft.

According to the fraud department at the bank, apparently to test the vaildity of the card numbers they have, they order small items, mostly vitamins and supplements, use a throwaway email address with the order, and watch to see if they get an email message back that the card was declined. If not, they step up to the bigger ticket items. My card issuer told me they switched from vitamins to airline tickets just about the time the card was shut off by the bank.

Obviously they've got addresses with the card numbers, and that makes me nervous. The bank said they'd be placing an advisory for me with all three credit reporting agencies just in case.

@zibby: They take turns sharing that crappy computer the whole country got as a birthday present in 1986. 26K modem upgrade! Da, comrade!

@darkforcesjedi: WEll there are more sophisticated versions that are harder to prevent because they involve 3 or 4 levels of interpretation before they are executable, but the vast majority can be handled by general security constraints, regardless of how esoteric the input is.