Hacker in Lowe's case sentenced to nine years

Computerworld - Two 21-year-old Michigan men were sentenced -- one to nine years and one to 26 months in federal prison -- for conspiring to hack into the IT systems of national home center chain Lowe's Companies Inc. and steal customer credit card information.
In a Charlotte, N.C., courtroom on Wednesday, U.S. District Judge Lacy H. Thornburg sentenced Brian A. Salcedo to nine years in federal prison in what is believed to be the longest sentence handed down in a hacking case, according to the court. In a separate proceeding yesterday, Thornburg sentenced one of Salcedo's co-conspirators, Adam W. Botbyl, to 26 months in federal prison.
A third defendant, Paul G. Timmins, is still awaiting sentencing.
The three men pleaded guilty last August to various charges in connection with the computer hacking they did in North Wilkesboro, N.C.-based Lowe's IT systems.
A U.S. attorney involved in the case could not be reached today for comment on the sentencings.
Attorneys for the three defendants also could not be reached for comment at deadline.
In its indictment against the three defendants, the government charged that from October 2003 through Nov. 9, 2003, the trio conspired to electronically break into the nationwide computer system used by Lowe's to download and steal customer credit card numbers.
According to the government, the defendants secretly compromised the wireless network at a Lowe's retail store in Southfield, Mich., which gave them access to Lowe's central computer system in North Wilkesboro, N.C., and to other computer systems located in Lowe's stores around the country.
The defendants then installed a software program on the computer system of several Lowe's retail stores to capture the credit card information of customers who were making purchases.
The three men were indicted by a grand jury in November 2003 on 16 counts of conspiracy, wire fraud, computer fraud, unauthorized computer access, intentional transmission of computer code and attempted possession of unauthorized access devices.
The men faced maximum sentences of 170 years in prison if convicted on all counts.
Previously, the longest federal sentence in a hacking case is believed to be the 68-month sentence imposed on computer hacker Kevin Mitnick, the government said.

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Knowledge Center.