An international criminal gang has pulled off one of the most audacious cyber-crimes ever and stolen the identities of an estimated eight million people in a hacking raid that could ultimately net more than $5.6 billion in illegal funds.

A Sunday Herald investigation has discovered that late on Thursday night, a previously unknown Indian hacker successfully breached the IT defences of the Best Western Hotel group’s online booking system and sold details of how to access it through an underground network operated by the Russian mafia.

It is a move that has been dubbed the greatest cyber-heist in world history. The attack scooped up the personal details of every single customer that has booked into one of Best Western’s 1312 continental hotels since 2007.

Amounting to a complete identity-theft kit, the stolen data includes a range of private information including home addresses, telephone numbers, credit card details and place of employment…

Although the security breach was closed on Friday after Best Western was alerted by the Sunday Herald, experts fear that information seized in the raid is already being used to pursue a range of criminal strategies.

If the basics of security practices aren’t in play 24/7, sooner or later the gate yawns open and crooks drive a truck into the vault!




  1. Uncle Patso says:

    When I saw this I thought “Holy Crap!” because my wife and I stayed in a Best Western in May. Then I read the whole article and realized the Herald is a newspaper in Scotland and when the article mentioned “Best Western’s 1312 continental hotels” the continent they mean is Europe.

    What was that electronic credit card I heard about a few years ago, with a different number for every transaction? That’s sounding like a better idea all the time…

  2. Gareth Thomas says:

    #1

    Likely based on a random number generator where each card has a seed known by the card and the bank. Just transfers the security threat from these places to banks. While its sounds good to have the bank protect it, less places to steal information mean more people working on those places. Eventually they will find a crack and it will be this situation all over again, but much much much worse.

    While I agree something must be done, and this is a good idea as it would stop critical information leaking through retarded companies lots of thought needs to be put into the implementation.

  3. it's just an expression says:

    One of the disadvantages of a paperless office they didn’t warn you about.

  4. Miss_X2b says:

    The random generated credit card numbers are effective. You not only get a one-time use credit card number for a transaction, but you also enter a maximum dollar amount, usually equal to the purchase price, so IF the random credit card number is stolen, it can’t be further used. I believe CitiBank uses this system. Discover card also has a similar system but it doesn’t seem to work at every website you might shop at while the CitiBank version does seem to work at every website.

  5. admfubar says:

    and just think you pay an extra few percent as the credit card companies charge the establishment for use of the card…
    aint that kick in head!!!??
    😛

  6. chris says:

    The real story is that businesses should see potential liability for gathering and storing unnecessary customer information.

    I’m sure there will be class action lawsuits, and the larger the better.

  7. Bob says:

    You know this kind of thing is getting a bit old. As much as I hate adding extra government regular to the market, I think it might be called for in this case. Any time a company(or government) stores personal information, they should be legally responsible for the safekeeping of such information.

    If that information is breached the penalties should be draconian. It seems, these days that companies want every piece of information on you, when most times they just don’t need it, and if they do need it their is usually no reason to store that information.

    Maybe some companies need to hit hit with multi-million dollar fines to let the message sink in, but playing fast and loose with peoples data is not acceptable.

  8. geofgibson says:

    #7 – Bob,
    We don’t need more government to solve these kinds of problems, then we’ll just have government stooges losing our data.

    We already have a solution. It is in the courts. When one of these companies goes out of business over this kind of carelessness, the others will take notice.

    When you get the government involved, they just buy off the regulators.

  9. B. Dog says:

    In other cybernews, did you know that as many people are employed mining virtual gold as are employed by outsourcing in India?

  10. B. Dog says:

    I’m sorry, I put the wrong hilarious link in the last post. This is the right one:

    In other cybernews, did you know that as many people are employed mining virtual gold as are employed by outsourcing in India?

  11. Bob says:

    #8 I see your point, though I would like to see government have the same sort of penalties as companies, but then again that sort of defeats the point since all you are doing is penalizing yourself.

    Perhaps some sort of high dollar amount per piece of information lost (100 grand each maybe).

    It just seems, whenever the government or a company loses our information, their solution is, “1 year of free credit checks”. Which is chump change, when you compare the cost of information lost, or the hassle the individual has to go through to correct the effects of a lost identity.

  12. soundwash says:

    my knee jerk reaction:

    i see “Indian hacker” & “Russian Mafia” in the article, and i think…hmm the current generation of “kids” really have not been taught/brainwashed to hate any country in particular. -like many generation prior..

    i see article this more as much less to do to do with cyber crime and everything to do with planting new(old?) seeds of hate against russia/india (maybe Indochina?) (us Americans love to bitch about the outsourcing of phone support to inda, if nothing else)

    the recent mediaSPAM pointing a finger at russia as the boogie man in georgia is definitely an attempt to re-establish russia as the big bad bear it once was and get a new cold war (or maybe hot/real war) going again.

    as for the cyber aspect…just another nail pulled *out* of the coffin to unleash the death of the internet via the i-patriot act that is chomping at the bit to do its part in squelching the last of the free speech/enterprise the “common man” has easy access to..

    maybe they’ll figure a way to blame russia for the upcoming market crash…

    *shrug* -like a said, just a knee jerk thought on the matter..

    -s

    (ps, the olympics are over, get ready for political/financial/world madness to resume, -full steam front and center.)

    -gratz to usa on the medal count and hats off to china on taking the gold.

  13. GregAllen says:

    I blame the corporate-serving, obstructionist Republicans for not doing anything about identity theft, even though we saw this problem coming YEARS ago.

    A overwhelming sweep in power by Democrats is our only hope that the government might actually start doing its job again and pass laws that protect consumers — not screw us like the GOP has done.

  14. KwadGuy says:

    I would laugh at idiotic comments placing the blame for something like this on the Republicans and suggesting that a vote for Hope Obama will save us, if they weren’t so sad and pathetic. The Dems controlled the House and Senate AND had the Presidency for four years in the nascent years of the Web (1992-1996). Did they do anything? They also control the House and Senate now. Have they done anything? You really think the problem is that they don’t have a new hope messiah in the White House?

    Sheesh…

  15. TomB says:

    Instead of whining to the gov to do something about it, perhaps everybody should choose to stay at a hotel other than Best Western for one year.

    That would put a dent in their profits.


0

Bad Behavior has blocked 5495 access attempts in the last 7 days.