Michigan wardrivers await sentencing

'This has messed up my entire life,' laments wireless felon

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

In what prosecutors say is likely the first criminal conviction for wardriving in the US, a Michigan man plead guilty Wednesday to a federal misdemeanor for using the Internet through an open Wi-Fi access point at a Lowe's home improvement store in suburban Detroit.

Paul Timmins, 23, pleaded guilty to a single count of unauthorized access to a protected computer. He was cleared of more serious charges of participating in a scheme organized by his roommate and another man to later use the wireless network to hack into Lowe's computers and siphon credit card numbers.

Timmins, who works as a network engineer, and his then-roommate Adam Botbyl, now 21, initially stumbled across the unsecured wireless network at the Southfield, Michigan Lowe's in the spring of 2003, while driving around with laptop computers looking for wireless networks - the geek sport of "wardriving".

Timmins immediately used the network to check his email, not knowing that it wasn't intended for public access, he claimed in an a telephone interview with SecurityFocus on Thursday. Then when he tried to surf the Web, and found himself connected to a Lowe's corporate portal instead, he realized it was a private corporate network, and he disconnected, he says.

"Was it in violation of the law?" Timmins said. "Technically, yes... Did Adam seeing it help him decide to hack Lowe's? Definitely. But it's not like I said, 'Here's a good place to hack,' or anything. Had he not seen me do that, he would probably have chosen a different retail store."

Botbyl noted the network, and six months later returned with his friend Brian Salcedo, now 21, a young hacker on the last month of a three-year probation term from a juvenile computer crime conviction. From the parking lot of the Southfield Lowe's, Salcedo and Botbyl used the wireless network to route through the company's corporate data center in North Carolina and connect to the local networks at stores in Kansas, North Carolina, Kentucky, South Dakota, Florida, and two stores in California.

At two of the stores - in Long Beach, California and Gainseville, Florida - Botbyl and Salcedo modified a proprietary piece of software called "tcpcredit" that Lowe's uses to process credit card transactions, building in a virtual wiretap that would store customer's credit card numbers where the hackers could retrieve them later.

"I tried to discourage Adam several times," says Timmins. "He kept saying, 'They won't catch us.' I'm like, 'Whatever. Don't do it here.'"

Prison terms

At some point, Lowe's network administrators and security personnel detected and began monitoring the intrusions, and called in the FBI. In November, a Bureau surveillance team staked out the Southfield Lowe's parking lot, and spotted a white Pontiac Grand Prix with suspicious antennas and two young men sitting inside, one of them typing on a laptop from the passenger seat, according to court documents. The car was registered to Botbyl.

After 20 minutes, the pair quit for the night, and the FBI followed them to a Little Ceasar's pizza restaurant, then to a local multiplex. While the hackers took in a film, Lowe's network security team pored over log files and found the bugged program, which had collected only six credit card numbers.

FBI agents initially misidentified Timmins as the passenger in Botbyl's car, and both men were arrested on 10 November. Under questioning, Botbyl and Timmins pointed the finger at Salcedo.

All three men were slammed with a 16-count federal indictment in North Carolina, where Lowe's data center is based, charging them with computer intrusions, damage and fraud. Last June, Salcedo and Botbyl both entered guilty pleas in plea agreements with prosecutor Matthew Martens. Botbyl faces 41 to 51 months in prison under federal sentencing guidelines; Salcedo faces an unusually harsh 12 to 15 year prison term, based largely on a stipulation that the potential losses in the scheme exceeded $2.5 m. Both men are eligible for lower sentences if the government credits them with providing substantial assistance in prosecuting other suspects. No sentencing date has been set.

Salcedo is being held without bail, and could not be reached for comment.

In an interview Thursday, Botbyl, free on bail, unemployed, banned from computers and awaiting a certain prison term, expressed regret over the credit card scheme.

"I'm accepting responsibility for what I did, and the consequences" said Botbyl, who was a computer science student at the time of his arrest. "It's going to take a lot to start to get my reputation back. This has messed up my entire life for at least 10 or 15 years. It'll be at least 2010 before I can even touch a computer again."

Timmins' misdemeanor conviction will leave him better situated than Botbyl and Salcedo: his possible sentence ranges from probation, to a maximum of 12 months in custody. No sentencing date has been set.

Cyberlaw lawyer Jennifer Granick, director of Stanford Law School's Center for Internet and Society, agrees with the government that Timmins' is likely the first wardriving conviction. But she isn't convinced that he actually committed a crime.

"Using an open wireless access point isn't the same thing as using a computer illegally," says Granick. "Convictions for this type of thing are possible where it's part of a larger criminal case, but it shouldn't happen in the absence of some other criminal purpose, like stealing credit cards, or knowledge that the network is closed. Wardriving isn't criminal."

"All he did was check his email and try to browse the Internet," said Botbyl. "That's the only connectivity he had with their network. He didn't do anything at all... I think the only reason they charged him is because they arrested him."

Copyright © 2004, 0

Related stories

US wardriver pleads guilty to Wi-Fi hacks
Wi-Fi 'sniper rifle' debuts at DEFCON

Choosing a cloud hosting partner with confidence

More from The Register

next story
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights
Lobbies tetchy MPs 'to end indiscriminate online surveillance'
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
prev story


A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.