Michigan man pleads guilty to wireless hack into stores
Brian Salcedo could face up to 18 years in prison
IDG News Service - A Michigan man pleaded guilty on Friday to four counts of wire fraud and unauthorized access to a computer after he and two accomplices used a vulnerable wireless network at a Lowe's Companies Inc. store in Michigan to attempt to steal credit card numbers from the company's main computer systems in North Carolina and other Lowe's stores in the U.S.
Brian Salcedo could face up to 18 years in prison for the crime, which the government claims could have caused more than $2.5 million in damages. However, federal prosecutors will ask for a more lenient sentence in exchange for Salcedo's cooperation in other investigations stemming from the incident and full disclosure of details about the intrusions on Lowe's network, according to a copy of the plea agreement.
The case stems from a series of hacks in October and November 2003 in which Salcedo's two alleged accomplices, Adam Botbyl and Paul Timmins, discovered a loosely protected wireless LAN connection at a Lowe's store in Southfield, Mich., while scanning for open connections -- or "war driving" -- in the area.
The trio subsequently used the open access point to compromise the entire corporate network of the Mooresville, N.C.-based home improvement retail chain, hacking into stores in California, Kansas, South Dakota and other states in the weeks that followed. Among other things, the three attempted to install a modified version of a credit processing program called "tcpcredit" that skimmed credit account information for every transaction processed at a particular Lowe's store, according to the indictment filed with the U.S. District Court for the Western District of North Carolina.
In November, a grand jury indicted the three on 16 counts of wire fraud and unauthorized intrusion. In May, both Salcedo and Botbyl reached plea agreements, with Botbyl agreeing to plead guilty to one count of conspiracy to gain unauthorized access to a nationwide computer network.
The third member of the group, Paul Timmins, is scheduled to appear in court for arraignment on June 28.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts