Michigan wardrivers await sentencing

'This has messed up my entire life,' laments wireless felon

  • alert
  • submit to reddit

Build a business case: developing custom apps

In what prosecutors say is likely the first criminal conviction for wardriving in the US, a Michigan man plead guilty Wednesday to a federal misdemeanor for using the Internet through an open Wi-Fi access point at a Lowe's home improvement store in suburban Detroit.

Paul Timmins, 23, pleaded guilty to a single count of unauthorized access to a protected computer. He was cleared of more serious charges of participating in a scheme organized by his roommate and another man to later use the wireless network to hack into Lowe's computers and siphon credit card numbers.

Timmins, who works as a network engineer, and his then-roommate Adam Botbyl, now 21, initially stumbled across the unsecured wireless network at the Southfield, Michigan Lowe's in the spring of 2003, while driving around with laptop computers looking for wireless networks - the geek sport of "wardriving".

Timmins immediately used the network to check his email, not knowing that it wasn't intended for public access, he claimed in an a telephone interview with SecurityFocus on Thursday. Then when he tried to surf the Web, and found himself connected to a Lowe's corporate portal instead, he realized it was a private corporate network, and he disconnected, he says.

"Was it in violation of the law?" Timmins said. "Technically, yes... Did Adam seeing it help him decide to hack Lowe's? Definitely. But it's not like I said, 'Here's a good place to hack,' or anything. Had he not seen me do that, he would probably have chosen a different retail store."

Botbyl noted the network, and six months later returned with his friend Brian Salcedo, now 21, a young hacker on the last month of a three-year probation term from a juvenile computer crime conviction. From the parking lot of the Southfield Lowe's, Salcedo and Botbyl used the wireless network to route through the company's corporate data center in North Carolina and connect to the local networks at stores in Kansas, North Carolina, Kentucky, South Dakota, Florida, and two stores in California.

At two of the stores - in Long Beach, California and Gainseville, Florida - Botbyl and Salcedo modified a proprietary piece of software called "tcpcredit" that Lowe's uses to process credit card transactions, building in a virtual wiretap that would store customer's credit card numbers where the hackers could retrieve them later.

"I tried to discourage Adam several times," says Timmins. "He kept saying, 'They won't catch us.' I'm like, 'Whatever. Don't do it here.'"

Prison terms

At some point, Lowe's network administrators and security personnel detected and began monitoring the intrusions, and called in the FBI. In November, a Bureau surveillance team staked out the Southfield Lowe's parking lot, and spotted a white Pontiac Grand Prix with suspicious antennas and two young men sitting inside, one of them typing on a laptop from the passenger seat, according to court documents. The car was registered to Botbyl.

After 20 minutes, the pair quit for the night, and the FBI followed them to a Little Ceasar's pizza restaurant, then to a local multiplex. While the hackers took in a film, Lowe's network security team pored over log files and found the bugged program, which had collected only six credit card numbers.

FBI agents initially misidentified Timmins as the passenger in Botbyl's car, and both men were arrested on 10 November. Under questioning, Botbyl and Timmins pointed the finger at Salcedo.

All three men were slammed with a 16-count federal indictment in North Carolina, where Lowe's data center is based, charging them with computer intrusions, damage and fraud. Last June, Salcedo and Botbyl both entered guilty pleas in plea agreements with prosecutor Matthew Martens. Botbyl faces 41 to 51 months in prison under federal sentencing guidelines; Salcedo faces an unusually harsh 12 to 15 year prison term, based largely on a stipulation that the potential losses in the scheme exceeded $2.5 m. Both men are eligible for lower sentences if the government credits them with providing substantial assistance in prosecuting other suspects. No sentencing date has been set.

Salcedo is being held without bail, and could not be reached for comment.

In an interview Thursday, Botbyl, free on bail, unemployed, banned from computers and awaiting a certain prison term, expressed regret over the credit card scheme.

"I'm accepting responsibility for what I did, and the consequences" said Botbyl, who was a computer science student at the time of his arrest. "It's going to take a lot to start to get my reputation back. This has messed up my entire life for at least 10 or 15 years. It'll be at least 2010 before I can even touch a computer again."

Timmins' misdemeanor conviction will leave him better situated than Botbyl and Salcedo: his possible sentence ranges from probation, to a maximum of 12 months in custody. No sentencing date has been set.

Cyberlaw lawyer Jennifer Granick, director of Stanford Law School's Center for Internet and Society, agrees with the government that Timmins' is likely the first wardriving conviction. But she isn't convinced that he actually committed a crime.

"Using an open wireless access point isn't the same thing as using a computer illegally," says Granick. "Convictions for this type of thing are possible where it's part of a larger criminal case, but it shouldn't happen in the absence of some other criminal purpose, like stealing credit cards, or knowledge that the network is closed. Wardriving isn't criminal."

"All he did was check his email and try to browse the Internet," said Botbyl. "That's the only connectivity he had with their network. He didn't do anything at all... I think the only reason they charged him is because they arrested him."

Copyright © 2004, 0

Related stories

US wardriver pleads guilty to Wi-Fi hacks
Wi-Fi 'sniper rifle' debuts at DEFCON

A new approach to endpoint data protection

More from The Register

next story
Amazon says Hachette should lower ebook prices, pay authors more
Oh yeah ... and a 30% cut for Amazon to seal the deal
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
Nintend-OH NO! Sorry, Mario – your profits are in another castle
Red-hatted mascot, red-colored logo, red-stained finance books
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
Feel free to BONK on the TUBE, says Transport for London
Plus: Almost NOBODY uses pay-by-bonk on buses - Visa
Twitch rich as Google flicks $1bn hitch switch, claims snitch
Gameplay streaming biz and search king refuse to deny fresh gobble rumors
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
prev story


7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?