[ISN] 3 Admit Hacking Into Lowe's Computer

InfoSec News isn at c4i.org
Thu Aug 5 06:10:02 EDT 2004


Aug. 04, 2004 
Associated Press

CHARLOTTE, N.C. - Three Michigan men have pleaded guilty to charges
that they conspired to hack into the national computer system of the
Lowe's home improvement chain to steal credit card information,
federal authorities said Wednesday.

Under plea agreements, Brian Salcedo, Adam Botbyl and Paul Timmins
pleaded guilty to just handful of the 16 charges each man originally
faced, the U.S. Attorney's office said.

Under a plea agreement, Salcedo, of Whitmore Lake, Mich., pleaded
guilty to four counts: conspiracy; transmitting computer code to cause
damage to a computer; unauthorized computer access; and computer

The charges carry a maximum penalty of 25 years in prison. Under terms
of the agreement, prosecutors will recommend that Salcedo serve about
half that, 12 years and seven months.

Botbyl, of Waterford, Mich., pleaded guilty to one count, conspiracy,
with a recommendation that he serve three years, five months. He could
have faced five years.

Charges against Timmins were dropped, and he pleaded guilty instead to
a new charge of unauthorized access to a protected computer.  
Prosecutors said that may be the first conviction in the nation for

In wardriving, hackers search for vulnerable wireless Internet
connections. The original indictment charged that Botbyl and Timmins
drove around Southfield, Mich., in April 2003, searching for a
vulnerable connection, "using a laptop computer equipped with a
wireless card and a wireless antenna."

In an indictment handed up in Charlotte in November, federal
prosecutors said the trio accessed the wireless network of a
Southfield Lowe's store, using that connection to enter the chain's
central computer system in North Wilkesboro, N.C., and eventually to
reach computer systems in Lowe's stores across the country.

Once inside the central Lowe's system, the men installed a program in
the computer systems of several stores that was designed to capture
credit card information from customers, the indictment said.

Lowe's officials said the men did not gain access to the company's
national database and that they believed all customers' credit card
information was secure.

More information about the ISN mailing list