The TRW Hack

TRW Information services is/was a credit bureau that transmits over telephone lines such information as Credit histories, employment records, bankruptcies, loan delinquencies and Social Security Numbers. These services were used by more than 24,000 subscribers, including bank and department stores and can be reached from more than 35,000 locations.

Way back in July 1984, a is a global credit information group, TRW (now Experian); was hacked into. A total of 90 million records were hacked into. All of this was possible due to a secret password that got leaked out along with manual on the systems operation.

Computer buffs (as they were known in those days) using home terminals broke into TRW Information Services computers holding credit histories of 90 million people.

TRW Information services is/was a credit bureau that transmits over telephone lines such information as Credit histories, employment records, bankruptcies, loan delinquencies and Social Security Numbers. These services were used by more than 24,000 subscribers, including bank and department stores and can be reached from more than 35,000 locations.

The TRW systems were hacked into after hackers got hold of a secret password and a manual on the systems operation. The password was leaked out way in 1983 but TRW officials were not notified until July 1984. TRW officials admitted that although the break-in allowed users to read confidential files, those users would not be able to change the files. Changes were submitted monthly on tape and the files are not altered through the on-line computer systems.

TRW Officials said that the password and the manual were obtained from a Sears Roebuck store in Sacramneto that subscribes to the TRW system. Hackers eventually posted the code number on an “electronic Bulletin Board” which many computer users with the right equipment can read by using a telephone. It has been a common knowledge for months among many computer community that the TRW files could be entered easily and credit records read.

The breach was first reported by Newsday, which quoted unnamed computer hacker as saying the TRW system was hacked not only to read credit records, but also to  “expedite credit card fraud” by finding out whether a person whose credit card was stolen had a large card limit. TRW said the leaked password was changed and that no other codes were believed to be available to hackers. The Newsday story, however, quoted sources who said that other code that provide access to other TRW files are still circulating.

A snapshot from Rome News Tribune News paper.

The TRW system used two codes, a seven-digit code to identify the user and a shorter “secret password”. The first code is less guarded and relatively easy to obtain and the shorter,  “secret” code, is “far too easy” to crack.

Simple monitoring techniques should pick up that kind of security breach relatively early. Company officials said it is possible that unauthorized access could have been obtained through a department store line or a similar line on which many requests for credit information are placed daily. On such a line, they said, a few extra requests might not be noticed.

Among the security measures TRW could have taken are requiring the user to be called back at a certain phone number before information is sent; changing secret codes more often, and installing devices on the system telephone that trade recognition signals with the central computer before information is sent.

TRW Information Systems & Services, (or simply “TRW”) in now known as Experian and was owned by aerospace manufacturer TRW. It changed hands and names, and is now owned by retailer Great Universal Stores, PLC, of Great Britain.

Resources:-
identitybreach.com
flowingdata.com