POS Hacking Attacks Suggest Need for IT Security
Even businesses that do not maintain an extensive online presence in the form of a website are still in need of IT security services. This is one of the lessons to be learned from the recent case of David Benjamin Schrooten, a hacker from Holland who made Romania his base of operations during a recent crime spree that affected at least two businesses in the state of Washington.
Schrooten has now been arrested and brought to the United States for his trial, which is scheduled to take place in late August. According to Jenny A. Durkan, a US Attorney, "This defendant has wrought havoc on victims and financial institutions around the world. This indictment alleges that in just one transaction he trafficked in as many as 44,000 stolen credit card numbers resulting in millions of dollars in losses to financial institutions. Cybercriminals need to know: We will find you and prosecute you." Durkan serves as the chair of the Advisory Committee on Cybercrime and Intellectual Property Enforcement, which is part of the Attorney General's Justice Department.
This Scheme Required an Accomplice
Details about the credit card theft scheme required Schrooten to work with an associate in the United States. The accomplice, a man named Schroebel, found institutions where the IT risk management procedures in place were relatively week. Schroebel's tactic was to gain unauthorized access to the POS (point of sale) systems at these businesses, which included both a restaurant and a store that supplies restaurant goods to local eateries.
Because the POS systems had been compromised, when customers swiped their credit cards through the machine, information about the cards was transmitted not only to the authorized companies, but also to the hacker. Schroebel then communicated this information to Schrooten, who had a marketing scheme to sell the credit card numbers to criminal elements. In all, nearly 5,000 numbers were collected by Schroebel, who has since pled guilty to charges including access device fraud and causing damage to a protected computer.
The incident demonstrates the importance of robust IT security, a realm that encompasses not just software as is often assumed, but also hardware as well. In order to address the full range of IT security issues fully, small and medium-sized businesses should consider having a professional technology assessments done at their site to help minimize liability.