Skip the navigation

Michigan man pleads guilty to wireless hack into stores

Brian Salcedo could face up to 18 years in prison

By Paul Roberts
June 7, 2004 12:00 PM ET

IDG News Service - A Michigan man pleaded guilty on Friday to four counts of wire fraud and unauthorized access to a computer after he and two accomplices used a vulnerable wireless network at a Lowe's Companies Inc. store in Michigan to attempt to steal credit card numbers from the company's main computer systems in North Carolina and other Lowe's stores in the U.S.
Brian Salcedo could face up to 18 years in prison for the crime, which the government claims could have caused more than $2.5 million in damages. However, federal prosecutors will ask for a more lenient sentence in exchange for Salcedo's cooperation in other investigations stemming from the incident and full disclosure of details about the intrusions on Lowe's network, according to a copy of the plea agreement.
The case stems from a series of hacks in October and November 2003 in which Salcedo's two alleged accomplices, Adam Botbyl and Paul Timmins, discovered a loosely protected wireless LAN connection at a Lowe's store in Southfield, Mich., while scanning for open connections -- or "war driving" -- in the area.
The trio subsequently used the open access point to compromise the entire corporate network of the Mooresville, N.C.-based home improvement retail chain, hacking into stores in California, Kansas, South Dakota and other states in the weeks that followed. Among other things, the three attempted to install a modified version of a credit processing program called "tcpcredit" that skimmed credit account information for every transaction processed at a particular Lowe's store, according to the indictment filed with the U.S. District Court for the Western District of North Carolina.
In November, a grand jury indicted the three on 16 counts of wire fraud and unauthorized intrusion. In May, both Salcedo and Botbyl reached plea agreements, with Botbyl agreeing to plead guilty to one count of conspiracy to gain unauthorized access to a nationwide computer network.
The third member of the group, Paul Timmins, is scheduled to appear in court for arraignment on June 28.

Reprinted with permission from IDG.net. Story copyright 2014 International Data Group. All rights reserved.
Our Commenting Policies