OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[ISN] Waterford men hacked store files, FBI alleges

From: InfoSec News (isnc4i.org)
Date: Wed Nov 12 2003 - 06:17:06 CST

Forwarded from: William Knowles <wkc4i.org>

http://www.freep.com/news/locoak/nhack11_20031111.htm

BY DAVID ASHENFELTER
FREE PRESS STAFF WRITER
November 11, 2003

Two young men sitting in a car in the parking lot of a Lowe's home
improvement store in Southfield repeatedly hacked into the company's
national computer network over the past two weeks, gaining access to
credit card numbers and other information, federal prosecutors said
Monday.

It's unclear what the two men planned to do with the information.

They may have been engaged in the recent hacker craze known as
"wardriving" -- cruising around with a specially equipped laptop and
an antenna searching for unsecured wireless networks hooked to the
Internet. Assistant U.S. Attorney Karen Reynolds said the
investigation is under way.

Paul Timmins, 22, and Adam Botbyl, 20, both of Waterford, didn't
explain what they were up to when they appeared Monday in U.S.
District Court. Magistrate Virginia Morgan told them anything they
said could be used against them in court.

Timmins said he is a $38,000-a-year computer network and security
specialist for a Southfield software company. Botbyl said he's a
student at ITT Technical Institute in Troy. Morgan released both men
on $10,000 unsecured bonds.

FBI agent Denise Stemen said in an affidavit that Lowe's alerted the
FBI recently that intruders had broken into its computer at company
headquarters in North Carolina, altered its computer programs and
illegally intercepted credit card transactions.

Stemen said the company's computer system had been hacked repeatedly
from Oct. 25 through Nov. 7. She said that the intruders gained access
through the national network by logging onto a user account over the
wireless network of the Lowe's store in Southfield.

Once in the system, the intruders gained access to Lowe's stores in
six states plus the headquarters system, Stemen said.

She said hackers altered the software Lowe's uses to process credit
card purchases nationwide. On Nov. 5, the hackers installed a
malicious program that disabled several computers at the Long Beach,
Calif., store, she said.

Lowe's spokeswoman Chris Ahearn said the company has taken steps to
beef up security, but wouldn't elaborate.

In alerting the FBI, Lowe's security said the intruders probably were
operating within 1,000 feet of the Southfield store.

FBI agents set up surveillance Friday night and said they spotted the
two men sitting with laptops in a Pontiac Grand Prix equipped with
antennae. Agents followed the men and apparently arrested them
Saturday. Agents also searched their apartments in Waterford.

During their court appearance Monday, Morgan ordered both men not to
use computer equipment or access the Internet except at work or
school.

The men are charged with causing damage to a protected computer
system, which carries a maximum penalty of 10 years in prison and a
$250,000 fine, upon conviction. Reynolds told Morgan that the men, who
were arrested on a criminal complaint, are likely to be indicted
within a few weeks in Michigan or Charlotte, N.C.

"Wardriving" is named after the old hacker practice called wardialing,
the stunt that actor Matthew Broderick made famous in the 1983 film
"WarGames." Broderick's character hacked into a military computer and
nearly triggered a nuclear war with Russia.

Contact DAVID ASHENFELTER at 313-223-4490.

 
*==============================================================*
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.