Hacker Sentenced To Longest US Sentence Yet

Iphtashu Fitz writes "The Associated Press is reporting that a Michigan man has been sentenced to 9 years in prison for his involvement in hacking into the corporate systems of Lowe's Home Improvement and attempting to steal customer credit card information. The sentence far exceeds the 5 1/2 years that hacker Kevin Mitnick spent behind bars. Two others are awaiting sentencing, including one of the first people to ever be convicted of wardriving. Prosecutors said the three men tapped into the wireless network of a Lowe's store in Southfield, Mich., used that connection to enter the chain's central computer system in North Wilkesboro, N.C., and installed a program to capture credit card information. No data was actually collected however."

Re:Good

[msmercenary]

Three down, thousands of skript kiddies to go.

Deserves what he got

[paanta]

Not mentioned yet, but he _is_ a repeat offender. He brought down a local bbs--insert obligatory plug for arbornet.org!--back in 2000 and was the first charged with hacking under michigan law. http://www.merit.edu/mail.archives/netsec/2000-09/ msg00009.html I dunno, but you'd think he'd have wised up by now.

Nomenclature (WAS:Great News)

[Lead+Butthead]

Crackers, people. Not Hackers.

Try researching the story before posting it!

Who gets their news from a mickey mouse outfit like ABC anyway? If you're going to post some clueless banter about attempted credit card fraud, at least link to an article (or thread) with some relevant information about the case instead of an uninformed soundbite. You could start with one of the following:

http://reviews-zdnet.com.com/AnchorDesk/4520-7297_ 16-5511088.html

http://www.theregister.co.uk/2003/11/22/michigan_w ifi_hackers_try/

http://www.securityfocus.com/news/7438

http://www.securityfocus.com/news/8835

http://www.netstumbler.org/showthread.php?t=11115

Some of the more interesting quotes for those too lazy to click on the links:

"In 2000, as a juvenile, Salcedo was one of the first to be charged under Michigan's state computer crime law, for allegedly hacking a local ISP."

"It was six months later - Botbyl allegedly admitted to agents - that Botbyl and his friend Salcedo hatched a plan to use the network to steal credit card numbers from the hardware chain"

"At some point in their wardriving experience, Timmins and Botbyl came upon a Lowe's hardware store with an open wireless network. Timmins later admitted to Kevin Poulsen of Security Focus that what he did next was technically illegal: he used the Lowe's network to check his e-mail. When he realized it was Lowe's private network, however, he says, he disconnected."

"That in itself might have been the end of the story. However, Lowe's became aware of the breach and contacted the FBI, who, after its investigation, charged Timmins with one count of unauthorized computer access. And that by itself would have been a significant story: Timmins's plea has been reported as the first instance of a wardriving conviction. I think the claim is an exaggeration, however. The charge would have been the same had he used a wired connection."

"But here's where the story gets interesting. Several months later, Botbyl returned to the Southfield, Michigan, Lowe's with a new friend, Brian Salcedo, now 21. Salcedo, it turned out, was in the final weeks of a three-year probation for an earlier computer crime."

"According to the indictment, the hackers used the wireless network to route through Lowe's corporate data center in North Carolina and connect to the local networks at stores around the country. At two of the stores - in Long Beach, California and Gainseville, Florida - they modified a proprietary piece of software called "tcpcredit" that Lowe's uses to process credit card transactions, building in a virtual wiretap that would store customer's credit card numbers where the hackers could retrieve them later."

"Brian Salcedo, 21, faces an a unusually harsh 12 to 15 year prison term under federal sentencing guidelines, based largely on a stipulation that the potential losses in the scheme exceeded $2.5 million."

"As for how it was computed here's one probable way: Maximum number of cards in the system at the time they could have captured, multiplied times the maximum credit limit on each. (So say Lowe's does an average of 2500 credit cards transactions nationally in a night, and each has a $1000 Credit Limit. That is $2,500,000 right there.)"

"They were not able to access nationwide credit card files or get into corporate systems," says Lowe's spokesperson Gina Balaya. "They did access six credit card transactions from one store."

"My initial reaction when I heard the charges was one of skepticism," says Karl Mozurkewich, founder of the Michigan software company Utropicmedia, and a member of the group. "Eighty percent of the people in the 2600 group in Michigan are more the c

More information

[Kizzle]

This episode of the phreaking internet radio show Default Radio covers this when it first started several months ago. The co-host on this episode knew these people so it makes for a good insider's point of view.

Default Radio episode 23 part 1
Fast forward to 22:30