[SecurityRatty] tag: upscale

Minneapolis Find It's All about the Utility Poles

Wed, 24 Sep 2008 06:32:01 +0000

Those dang poles add $1m to Wi-Fi network expense: US Internet Wireless couldn't install service in a large remaining area of Minneapolis because the decorative utility poles in the upscale neighborhoods--paid through homeowner assessments--lack the strength to hold the Wi-Fi nodes. Minneapolis has opted to pick up the tab for replacing the 145 poles and putting in temporary wood poles to complete the network--a cool $1m. While unfortunate for the overall city cost savings, it doesn't seem out of line for which entity has the responsibility.

Without replacing these poles, the city would be unable to use the municipal services from which it still plans to save $3.5m over the 10-year contract life, and thus it would be pennywise and pound foolish to leave the status quo.

Card skimming at Lunardi's Supermarket

Tue, 06 May 2008 08:25:33 +0000

Technorati Tag: Security Breach

Date Reported:
4/29/08

Organization:
Lunardi's

Contractor/Consultant/Branch:
None

Victims:
Customers

Number Affected:
Unknown

Types of Data:
"bank card numbers and personal identification codes"*

*bank cards include credit cards and debit cards

Breach Description:
"About 150 people who used their bank debit cards at a Lunardi's Supermarket in Los Gatos have become victims of an identity theft scam. And that number is expected to grow, Los Gatos police Capt. Dave Gravel said."

Reference URL:
KPIX TV Channel 5
The Mercury News
The Mercury News (update)

Report Credit:
KPIX TV Channel 5

Response:
From the online sources cited above:

An ATM and credit card reader in a checkout aisle at the Los Gatos Lunardi's supermarket was recently switched, resulting in more than two dozen reported cases of identity theft, a Los Gatos/Monte Sereno Police Department spokesman said today.
[Evan] The number "two dozen" was used in the original report on April 29th.

About 150 people who used their bank debit cards at a Lunardi's Supermarket in Los Gatos have become victims of an identity theft scam.
[Evan] By the time of the May 2nd story, the number of reported cases grew to about 150.

And that number is expected to grow, Los Gatos police Capt. Dave Gravel said.

Police received the first reports from victims who said their credit or debit cards had been used fraudulently on Sunday night and additional victim reports continued on Monday and today, according to police spokesman Tam McCarty.

Police believe the victims all had their card numbers stolen at the Los Gatos Lunardi's, 720 Blossom Hill Road, after officials from Lunardi's contacted them about a problem with one of their card readers.

"It was a switched card reader at one of the aisles,'' McCarty said.

"What we have here is more than one person - they've been able to get in there (Lunardi's) and switch out the ATM card reader," said Los Gatos-Monte Sereno police Sgt. Tam McCarty. "Once they've done that they can read the card and PIN numbers and either make a temporary card or sell the numbers over the phone."
[Evan] Completely switch out the card reader? I have never been to the store so I don't know the layout, but how does a person switch out a card reader during business hours without anyone noticing? It seems very risky to make the switch during business hours. I suppose that a thief could pose as a repair or other support person that wouldn't look suspect. Was the switch done while the store was closed? If so, this seems to imply an insider. Just thoughts, I am sure that the investigators have already thought through these questions.

The thieves then transferred that bank information onto cloned cards - any card with a magnetic stripe can be used - and made cash withdrawals from ATMs in Southern California.
[Evan] Search Google for "Credit Card Encoder" and take your pick of various credit/debit card magnetic stripe readers/writers. Extreme Media has information on "Credit Card Hacking, ATM Hacking, Debit Card Hacking and more. From Identity Fraud to Off Shore Banking we have you covered." I have never used or read any of their wares, so I don't know how reliable it is. The point I am trying to make is that committing fraud with compromised credit/debit card information is easy and there are plenty of people willing to help the bad guys.

police are still trying to determine how much money was stolen.

Recent shoppers of the Los Gatos Lunardi's should check the status of their bank or credit card accounts for charges they did not make, according to police.
[Evan] If I were a customer of Lunardi's, I would contact my bank and close my credit/debit card account and open a new one (with new numbers).

Through an attorney, the Lunardi family, which owns the upscale grocery chain, also declined to discuss specifics about the technology used.

In a statement, the owners said the chain "in no way wants to compromise the ongoing investigation by law enforcement authorities or to reveal details of our security measures which could counteract their effectiveness."

George Silvestri, an attorney for Lunardi's, said the chain has replaced the payment devices at all seven of its Bay Area locations with machines that are locked onto the checkout stands.

Lunardi's employees with access to these devices have been trained in security procedures recommended by law enforcement and banking authorities.

Anyone who finds fraudulent charges on an account should contact the local police department or the Los Gatos/Monte Sereno Police Department at (408) 354-8600.

The thefts at Lunardi's in Los Gatos comes about three weeks after police uncovered a similar scam at an Arco AM/PM in Los Altos.
[Evan] I missed this specific breach, but I did report an ARCO "skimming" related breach in December, 2007. The December breach occurred at the El Monte station.

Commentary:
Card skimming is nothing new, but the methods have been refined and the technology has gotten better. The devices used by the criminals used to be pretty easy to identify, but now some of the devices are so small and well made that it can be difficult to notice, even to a trained eye.

A video or two might be helpful to readers (good information, but nothing earth shattering)

An NBC 10 News report:

From the UK, "The Real Hustle - ATM Scam"

Past Breaches:
Unknown

My new favorite hotel chain - Hyatt Place

Mon, 24 Mar 2008 21:24:10 +0000

As most road warriors will tell you, generally we pick a hotel chain and try to stay there as much as possible. Whether it be Marriott or Hilton, Choice or Priority Club, Hyatt or Starwood, we all have a favorite that if available we will choose. Generally, I try to stay at reasonably priced hotels and don't stay at anthing over a Courtyard very often. However, I have a new favorite chan. Hyatt Place by Hyatt is cool! Not too expensive, they offer 42 inch HD TVs, spacious rooms with bedrooms and sitting areas, wet bars, work desk and upscale decor. Wireless phones and Internet included. They also have a very nice lobby, with a 24 hour kitchen and a very different check in process. Your Hyatt Gold Points are good here as well.

They are just getting rolled out in some parts of the country. But next time you are on the road and there is one conveniently located for you, I highly recommend you check it out for yourself.

My new favorite hotel chain - Hyatt Place

Mon, 24 Mar 2008 20:24:10 +0000

They are just getting rolled out in some parts of the country. But next time you are on the road and there is one conveniently located for you, I highly recommend you check it out for yourself.