The Detroit Free Press is reporting this week on the arrest by the FBI of two men on a criminal charge of causing damage to a protected computer system — a system they accessed using a Wi-Fi connection.
The two men are both from Waterford, Mich. Paul Timmins, 22, a computer security specialist, and Adam Botbyl, 20, a student at ITT Technical Institute, allegedly sat in the parking lot of a Lowe’s Home Improvement in Southfield, Mich. and used laptops and antenna systems to break into the company’s national computer network several times between October 25 to November 7. Federal prosecutors say they gained access to credit card numbers and other information. The men got access to computers in other Lowe’s stores in six other states, as well. The FBI says the men also altered the software Lowe’s uses to process credit cards and installed a program that disabled computers in a Long Beach, Calif. store.
Lowe’s found out about the intrusion in its North Carolina headquarters and called the FBI.The FBI started surveillance on the Lowe’s parking lot last Friday, spotted the men, followed them home and arrested them the next day.
Lowe’s says it has taken steps to improve its wireless security, but it’s unclear what security they had in the first place.
The two men face up to 10 years in prison and a fine of $250,000 if convicted. They are currently out on $10,000 bond and have not yet been indicted. They will likely face indictment soon in either Michigan or in Lowe’s home town of Charlotte, N.C.
The Wi-Fi community is a bit up in arms over the article’s linking of this crime to Wardriving, an activity the mainstream sees as a threat to security.
Technolgy Weblog techdirt wireless says “the press is going to eat this one up” and calls the Detroit Free Press article “amusing” as it talks about “the “hacker craze” known as wardriving, and making it sound like there are a bunch of roaming hackers out there viciously attacking networks – rather than a small group of folks marking down the locations of WiFi access points.”
Wardrivers say that they are simply trying to improve wireless security the world over by driving around documenting the large amount of open and unsecured access points available anywhere these days.
Previously, most cases of “hacking” a Wi-Fi network have involved users simply stealing some bandwidth to surf the Internet. However, earlier this month a North Carolina man was the first in the nation to be convicted of using wireless to get access to 2,000 patient medical records in what he says was an effort to prove that the records were, indeed, vulnerable. He received 18 months probation and has to pay a $10,000 fine.
