[ISN] 3 Admit Hacking Into Lowe's Computer

From: InfoSec News (isn@private)
Date: Thu Aug 05 2004 - 03:10:02 PDT


http://www.philly.com/mld/philly/business/9320069.htm

Aug. 04, 2004 
Associated Press

CHARLOTTE, N.C. - Three Michigan men have pleaded guilty to charges
that they conspired to hack into the national computer system of the
Lowe's home improvement chain to steal credit card information,
federal authorities said Wednesday.

Under plea agreements, Brian Salcedo, Adam Botbyl and Paul Timmins
pleaded guilty to just handful of the 16 charges each man originally
faced, the U.S. Attorney's office said.

Under a plea agreement, Salcedo, of Whitmore Lake, Mich., pleaded
guilty to four counts: conspiracy; transmitting computer code to cause
damage to a computer; unauthorized computer access; and computer
fraud.

The charges carry a maximum penalty of 25 years in prison. Under terms
of the agreement, prosecutors will recommend that Salcedo serve about
half that, 12 years and seven months.

Botbyl, of Waterford, Mich., pleaded guilty to one count, conspiracy,
with a recommendation that he serve three years, five months. He could
have faced five years.

Charges against Timmins were dropped, and he pleaded guilty instead to
a new charge of unauthorized access to a protected computer.  
Prosecutors said that may be the first conviction in the nation for
"wardriving."

In wardriving, hackers search for vulnerable wireless Internet
connections. The original indictment charged that Botbyl and Timmins
drove around Southfield, Mich., in April 2003, searching for a
vulnerable connection, "using a laptop computer equipped with a
wireless card and a wireless antenna."

In an indictment handed up in Charlotte in November, federal
prosecutors said the trio accessed the wireless network of a
Southfield Lowe's store, using that connection to enter the chain's
central computer system in North Wilkesboro, N.C., and eventually to
reach computer systems in Lowe's stores across the country.

Once inside the central Lowe's system, the men installed a program in
the computer systems of several stores that was designed to capture
credit card information from customers, the indictment said.

Lowe's officials said the men did not gain access to the company's
national database and that they believed all customers' credit card
information was secure.



_________________________________________
Help InfoSec News with a donation: http://www.c4i.org/donation.html



This archive was generated by hypermail 2.1.3 : Thu Aug 05 2004 - 04:56:07 PDT