An American man pleaded guilty on Friday to four counts of wire fraud and unauthorized access to a computer after he and two accomplices used a vulnerable wireless network at a home improvement store in Michigan to attempt to steal credit card numbers from the company's main computer systems.
Brian Salcedo could face up to 18 years in prison for the crime, which the government claims could have caused more than US$2.5 million in damages. However, federal prosecutors will ask for a more lenient sentence in exchange for Salcedo's cooperation in other investigations stemming from the incident and full disclosure of details about the intrusions on Lowe's network, according to a copy of the plea agreement.
The case stems from a series of hacks in October and November 2003 in which Salcedo's two accomplices, Adam Botbyl and Paul Timmins, discovered a loosely protected wireless local area network connection at a Lowe's store in Michigan, while scanning for open connections, or "war driving" in the area.
The trio subsequently used the open access point to compromise the entire corporate network of the North Carolina-based home improvement store company, hacking into stores in California, Kansas, South Dakota and other states in the weeks that followed. Among other things, the three attempted to install a modified version of a credit processing program called "tcpcredit" that skimmed credit account information for every transaction processed at a particular Lowe's store, according to the indictment files with the U.S. District Court for the Western District of North Carolina.
In November, a grand jury indicted the three on sixteen counts of wire fraud and unauthorized intrusion. In May, both Salcedo and Botbyl reached plea agreements, with Botbyl agreeing to plead guilty to one count of conspiracy to gain unauthorized access to a nationwide computer network.
The third and final member of the group, Paul Timmins, is scheduled to appear in court for arraignment on June 28.