Hacker Sentenced To Longest US Sentence Yet

Iphtashu Fitz writes "The Associated Press is reporting that a Michigan man has been sentenced to 9 years in prison for his involvement in hacking into the corporate systems of Lowe's Home Improvement and attempting to steal customer credit card information. The sentence far exceeds the 5 1/2 years that hacker Kevin Mitnick spent behind bars. Two others are awaiting sentencing, including one of the first people to ever be convicted of wardriving. Prosecutors said the three men tapped into the wireless network of a Lowe's store in Southfield, Mich., used that connection to enter the chain's central computer system in North Wilkesboro, N.C., and installed a program to capture credit card information. No data was actually collected however."

Re:Good

[msmercenary]

Three down, thousands of skript kiddies to go.

Deserves what he got

[paanta]

Not mentioned yet, but he _is_ a repeat offender. He brought down a local bbs--insert obligatory plug for arbornet.org!--back in 2000 and was the first charged with hacking under michigan law. http://www.merit.edu/mail.archives/netsec/2000-09/ msg00009.html I dunno, but you'd think he'd have wised up by now.

Kevin didn't get out in three

[Safety Cap]

And you're confused. He was essentially held without trial or a bail hearing for 4 1/2 years.

Nomenclature (WAS:Great News)

[Lead Butthead]

Crackers, people. Not Hackers.

Release Date

[Anonymous Coward]

Hmmmm. I think not [securityfocus.com].

With credit for time served and good behavior, Salcedo will be eligible for release in the fall of 2011.

There is no federal parole.

Some facts on this case

[howardjp]

Salcedo was arrested in the last month of a 36-month probation sentence after he broke into Arbornet [arbornet.org] and many other sites in 2000. The original Slashdot story is here [slashdot.org].

Re:This is no different than embezzlement

[plover]

No, it was hacking.

They used the store's 802.11b network to access a computer on the inside. They studied that computer, found a program called "tcpauth", and wrote a program to sniff data from it, some of which was credit card information. That's real hacking.

Problem for these guys is that they were attempting to sniff data that could easily be used in the commission of theft. Had they tried to sniff the price database instead (perhaps to post to Froogle or whatever,) they probably would have ended up with a lesser sentence, because it would have been much more debatable if their intent was theft, fraud, or simple hacking. But going after credit card data is "special", so these guys get to spend some "special" time with some new "special" friends.

Mitnick wasn't sentanced to 5 1/2 years.

[nsanders]

Mitnick was held with out trial for 5 years and eventually was let go for "time served". That's why there was such an uprising behind him. Dispite his crimes, he was serverly miss treated.

Try researching the story before posting it!

[Anonymous Coward]

Who gets their news from a mickey mouse outfit like ABC anyway? If you're going to post some clueless banter about attempted credit card fraud, at least link to an article (or thread) with some relevant information about the case instead of an uninformed soundbite. You could start with one of the following:

http://reviews-zdnet.com.com/AnchorDesk/4520-7297_ 16-5511088.html [com.com]

http://www.theregister.co.uk/2003/11/22/michigan_w ifi_hackers_try/ [theregister.co.uk]

http://www.securityfocus.com/news/7438 [securityfocus.com]

http://www.securityfocus.com/news/8835 [securityfocus.com]

http://www.netstumbler.org/showthread.php?t=11115 [netstumbler.org]

Some of the more interesting quotes for those too lazy to click on the links:

"In 2000, as a juvenile, Salcedo was one of the first to be charged under Michigan's state computer crime law, for allegedly hacking a local ISP."

"It was six months later - Botbyl allegedly admitted to agents - that Botbyl and his friend Salcedo hatched a plan to use the network to steal credit card numbers from the hardware chain"

"At some point in their wardriving experience, Timmins and Botbyl came upon a Lowe's hardware store with an open wireless network. Timmins later admitted to Kevin Poulsen of Security Focus that what he did next was technically illegal: he used the Lowe's network to check his e-mail. When he realized it was Lowe's private network, however, he says, he disconnected."

"That in itself might have been the end of the story. However, Lowe's became aware of the breach and contacted the FBI, who, after its investigation, charged Timmins with one count of unauthorized computer access. And that by itself would have been a significant story: Timmins's plea has been reported as the first instance of a wardriving conviction. I think the claim is an exaggeration, however. The charge would have been the same had he used a wired connection."

"But here's where the story gets interesting. Several months later, Botbyl returned to the Southfield, Michigan, Lowe's with a new friend, Brian Salcedo, now 21. Salcedo, it turned out, was in the final weeks of a three-year probation for an earlier computer crime."

"According to the indictment, the hackers used the wireless network to route through Lowe's corporate data center in North Carolina and connect to the local networks at stores around the country. At two of the stores - in Long Beach, California and Gainseville, Florida - they modified a proprietary piece of software called "tcpcredit" that Lowe's uses to process credit card transactions, building in a virtual wiretap that would store customer's credit card numbers where the hackers could retrieve them later."

"Brian Salcedo, 21, faces an a unusually harsh 12 to 15 year prison term under federal sentencing guidelines, based largely on a stipulation that the potential losses in the scheme exceeded $2.5 million."

"As for how it was computed here's one probable way: Maximum number of cards in the system at the time they could have captured, multiplied times the maximum credit limit on each. (So say Lowe's does an average of 2500 credit cards transactions nationally in a night, and each has a $1000 Credit Limit. That is $2,500,000 right there.)"

"They were not able to access nationwide credit card files or get into corporate systems," says Lowe's spokesperson Gina Balaya. "They did access six credit card transactions from one store."

"My initial reaction when I heard the charges was one of skepticism," says Karl Mozurkewich, founder of the Michigan software company Utropicmedia, and a member of the group. "Eighty percent of the people in the 2600 group in Michigan are more the c

Re:This isn't like Mitnick, and prison doesn't wor

[T-Ranger]

Marshall was released in 1983, after a (new) witness came forward. This is about 10 years before DNA profiling was even thought about, 15 years before it became useful/accurate/cheap. In the inquiry into the actions of the police and crown prosecutors, it became clear that his case was not an accident, with the parties all acting in good faith. I don't think that they had any specific evidence to the contrary, but circumstantial evidence, combined with him being a Native American (to be fair, also well known to the police) was all the investigation they needed.

Excessive in comparison to Acxiom hacker...

[skweegee]

http://www.usdoj.gov/usao/ohs/Press/12-18-03.htm [usdoj.gov]

The total cost to Acxiom of Baas's intrusion and theft of data is more than $5.8 million. Baas faces a maximum penalty of five years in prison, a fine of $250,000 or twice the amount of gain or loss, and three years of supervised release.

Considering Dan actually did steal the data and only can get a maximum of 5 years, this seems excessive for intent.

DOUBLE BULLSHIT!!

[Anonymous Coward]

Here's the dealio from another ex-con.

First my cred:
I spent 4mnths in Juevy hall at 15, 1yr at 16 (released just before my 18th b-day). I spent overnights too often to count between 18-22ish. I spent a weekend in city lockup when I was 21. And finally, I spent 2.25 yrs of a possibly 6yrs in a federal prison from 23-26.

That was all back in the late 80s to mid-90s. I have never been back since and live a honest life, except for the occassional joint or jay walking. My offenses were mostly stupid kids stuff made only stupider by the fact that I did stupid stuff every weekend and got caught a lot. The stretch in my 20s is from something unrelated that I will not get into but did not involve sex or kids (2 worst type of offenses in prison).

Your jails must have been easier than mine. Juevy was a living hell for anyone not mature enough physically. There were numerous sexual assaults in both institutions (I was in different ones at 15 and 16). They mostly consisted of a small guy being punched and slapped around all the time until they gave in. Mostly it meant theyd have to give head somewhere (there are plenty of private places in juvy halls for 5min at a time). Once you give head you are marked and carry the reputation throughout your stay and maybe back outside if you knew anyone there. But I understand why some gave in because unlike oz it didn't make you a bitch but usually meant the bully would go pick on someone else and leave you to being called Mary. No, I never gave head. Lucky for me I was a chubby white boy, not a skinny one. Skinny white guys have bad times in Juvy, especially since blacks and latinos hit maturity faster. I never saw anal rape in Juvy but it was talked about and maybe happened in cells but I never witnessed it.

City jails are like you describe and absolutely a joke... you have to go out of your way to get in trouble, its the only jails where you can just ignore someone demanding something from you (not stand up - ignore) and they'll go away cause no one wants to get locked in longer.

Federal prison was NO FUCKING JOKE. I saw rapes there. The guys in the middle of ranges would hang up sheets and rent out their cells and keep watch and you'd see big badasses pushing skinny young guys into them. I saw people forced to give head including once in the lunchroom by a guy who held the boys head down on his dick even when a guard ran over and started shouting and hitting his shoulder. Every skinny/young/handsome guy had to prove their mettle at some point unless they knew people already, and that meant standing and shouting "fuck you" and getting ready to punch. You couldnt fake it cause if they saw you shaking they'd jab you in the gut and it would be all over unless you fought back. I was scared shitless and decided to punch first if anyone touched me but I got left alone.

Advice to anyone going to jail, especially skinny guys:
-learn to smoke, even if you can't its expected and currency where allowed
-work out, so even if your not buff the flesh on your girly arms is muscle and not fat
-if you have a big mouth, shut up; if youre meek then speak up. a happy medium is to be the strong silent type
-jokes work great as long as they're really funny and either dirty or aimed at authority figures... don't joke about other inmates
-if someone takes something from you, punch them, even if they're 10x your size and will kick your ass, a week in the clinic beats being known as a wimp on the range
-if your white no matter what the temptation do not join a WP (nazi) gang, and avoid face and hand tattoos unless your never getting out (in which case get them and you'll rarely have a problem w a tear-drop tattoo)
-if your really fucked and really need friends then volunteer as an imate counsellor (drug, sexual, religious, whatever). I saw a guy who was going to get jumped walk away because someone he counselled stepped up for him

I think child porn is probably the biggest problem of the computer geek crowd, and t

More information

[Kizzle]

This episode of the phreaking internet radio show Default Radio [defaultradio.com] covers this when it first started several months ago. The co-host on this episode knew these people so it makes for a good insider's point of view.

Default Radio episode 23 part 1 [pig-monkey.com]
Fast forward to 22:30