Announcement

Collapse
No announcement yet.

Waterford men hacked store files, FBI alleges

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Waterford men hacked store files, FBI alleges

    http://www.freep.com/news/locoak/nhack11_20031111.htm

    Waterford men hacked store files, FBI alleges
    BY DAVID ASHENFELTER
    FREE PRESS STAFF WRITER

    November 11, 2003



    Two young men sitting in a car in the parking lot of a Lowe's home improvement store in Southfield repeatedly hacked into the company's national computer network over the past two weeks, gaining access to credit card numbers and other information, federal prosecutors said Monday.

    It's unclear what the two men planned to do with the information.

    They may have been engaged in the recent hacker craze known as "wardriving" -- cruising around with a specially equipped laptop and an antenna searching for unsecured wireless networks hooked to the Internet. Assistant U.S. Attorney Karen Reynolds said the investigation is under way.

    Paul Timmins, 22, and Adam Botbyl, 20, both of Waterford, didn't explain what they were up to when they appeared Monday in U.S. District Court. Magistrate Virginia Morgan told them anything they said could be used against them in court.

    Timmins said he is a $38,000-a-year computer network and security specialist for a Southfield software company. Botbyl said he's a student at ITT Technical Institute in Troy. Morgan released both men on $10,000 unsecured bonds.

    FBI agent Denise Stemen said in an affidavit that Lowe's alerted the FBI recently that intruders had broken into its computer at company headquarters in North Carolina, altered its computer programs and illegally intercepted credit card transactions.

    Stemen said the company's computer system had been hacked repeatedly from Oct. 25 through Nov. 7. She said that the intruders gained access through the national network by logging onto a user account over the wireless network of the Lowe's store in Southfield.

    Once in the system, the intruders gained access to Lowe's stores in six states plus the headquarters system, Stemen said.

    She said hackers altered the software Lowe's uses to process credit card purchases nationwide. On Nov. 5, the hackers installed a malicious program that disabled several computers at the Long Beach, Calif., store, she said.

    Lowe's spokeswoman Chris Ahearn said the company has taken steps to beef up security, but wouldn't elaborate.

    In alerting the FBI, Lowe's security said the intruders probably were operating within 1,000 feet of the Southfield store.

    FBI agents set up surveillance Friday night and said they spotted the two men sitting with laptops in a Pontiac Grand Prix equipped with antennae. Agents followed the men and apparently arrested them Saturday. Agents also searched their apartments in Waterford.

    During their court appearance Monday, Morgan ordered both men not to use computer equipment or access the Internet except at work or school.

    The men are charged with causing damage to a protected computer system, which carries a maximum penalty of 10 years in prison and a $250,000 fine, upon conviction. Reynolds told Morgan that the men, who were arrested on a criminal complaint, are likely to be indicted within a few weeks in Michigan or Charlotte, N.C.

    "Wardriving" is named after the old hacker practice called wardialing, the stunt that actor Matthew Broderick made famous in the 1983 film "WarGames." Broderick's character hacked into a military computer and nearly triggered a nuclear war with Russia.



    Contact DAVID ASHENFELTER at 313-223-4490.

  • #2
    Originally posted by 0versight
    50 bucks that Wardriving will be "illegal"....... Better store those Wardriving is not a crime shirts in plastic.....they'll be worth some money when they ban it.
    Having unprotected 802.11 in a commercial use should be a crime.

    Want to see how fast companies lock their shit up?


    "Wardrivers: Discover open AP's in business use and get a $5000 reward (paid for by offending merchant)"

    Watch how fast they get locked up or turned off.
    --Shatter

    "People demand freedom of speech to make up for the freedom of thought which they avoid."
    - Soren Aabye Kierkegaard (1813-1855)

    Comment


    • #3
      They may have been engaged in the recent hacker craze known as "wardriving" -- cruising around with a specially equipped laptop and an antenna searching for unsecured wireless networks hooked to the Internet. Assistant
      the words hacker craze make me annoyed at how much these people do not understand what they are reporting on. This "specially equipped laptop" ummm....a wifi card? The deffinition of wardriving used is also false, someone needs to bitchslap some media.
      ~:CK:~
      I would like to meet a 1 to keep my 0 company.

      Comment


      • #4
        "WarGames." Broderick's character hacked into a military computer and nearly triggered a nuclear war with Russia.

        I think I like this part the best.........
        When you draw first blood you can't stop this fight
        For my own piece of mind - I'm going to
        Tear your fucking eyes out
        Rip your fucking flesh off
        Beat you till you're just a fucking lifeless carcass
        Fuck you and your progress
        Watch me fucking regress
        You were meant to take the fall - now you're nothing
        Payback's a bitch motherfucker!

        Slayer - Payback

        Comment


        • #5
          Originally posted by IcEbLAze
          "WarGames." Broderick's character hacked into a military computer and nearly triggered a nuclear war with Russia.

          I think I like this part the best.........
          and now we are going to start a war with iraq thru the 802.11, wait, a little to late on that one.
          ~:CK:~
          I would like to meet a 1 to keep my 0 company.

          Comment


          • #6
            Just reading this morning's updated story on SF:
            http://www.securityfocus.com/news/7438

            Timmins and Botbyl, known online as "noweb4u" and "itszer0" respectively, are also part of the Michigan 2600 scene -- an informal collection of technology geeks that meet, blog, eat pizza and attend hacker conventions together, but generally balk at penetrating systems or otherwise committing felonies.

            "My initial reaction when I heard the charges was one of skepticism," says Karl Mozurkewich, founder of the Michigan software company Utropicmedia, and a member of the group. "Eighty percent of the people in the 2600 group in Michigan are more the curious type. There's probably 20 percent that actually want to go out and see what they can get away with."
            which certainly does not bode well for "hacker-groups" in general... especially since 2600 isn't the only group that can be defined as "an informal collection of technology geeks that meet, blog, eat pizza and attend hacker conventions together, but generally balk at penetrating systems or otherwise committing felonies."

            One definition stated in the same article
            a war driving exercise -- a legal pastime in which hackers search out and map wireless access points.
            is pretty decent, although it does imply that wardriving is a hacker-only activity, which it isn't... anyone can wardrive.
            /* Better Dead than Alien */

            Comment


            • #7
              What bothers me most is that the news is reporting on something that is obviously unresearched and something they dont understand. If it doesnt come on their dell it must be some sort of "specially equipped" computer. Then articles like this scare the populus that dont understand wardriving, which causes this concensus gentium that wardriving is driving around "stealing" wireless internet. I dont know how many times I have worn my "wardriving is not a crime" shirt and people have said "Hey! Isn't that stealing wireless internet?"
              The penguin is watching.
              "The DefCon forums dont reward knowledge, but punish iggnorance." -Noid

              Comment


              • #8
                Originally posted by highwizard
                I was very well aware of it being in the article. For those of us with brain cells, that is just a stupid comment. So I will rephrase the statement, making it easy for people like you, bascule to understand.

                Rephrased Comment to IceBlaze:

                What was the point of you posting that?
                I understand what he's getting at, and I think it's utterly hysterical as well.

                It's for the benefit of somebody who migt be reading this article, and have never heard f this new fangled thing called wireless, let alone computers. So it's good to give the historical refence that in a ficticious movie a nuclear war was almost started, with a computer.

                It's media sensationalism at it's finest. It's like everytime there's some sort of murder, or better yet, cannibalism or such, that Jeffery Dahlmer, seriel killer and cannibal, was gay.

                Its' like... and this is relevent HOW?

                Ahhh.... the media.
                --Shatter

                "People demand freedom of speech to make up for the freedom of thought which they avoid."
                - Soren Aabye Kierkegaard (1813-1855)

                Comment


                • #9
                  Originally posted by Shatter
                  I understand what he's getting at, and I think it's utterly hysterical as well.

                  It's for the benefit of somebody who migt be reading this article, and have never heard f this new fangled thing called wireless, let alone computers. So it's good to give the historical refence that in a ficticious movie a nuclear war was almost started, with a computer.

                  It's media sensationalism at it's finest. It's like everytime there's some sort of murder, or better yet, cannibalism or such, that Jeffery Dahlmer, seriel killer and cannibal, was gay.

                  Its' like... and this is relevent HOW?

                  Ahhh.... the media.

                  My comment on that exact same line on the NS forums (which I still stand behind) is that it could well be the FUD-iest thing I have ever seen in a news story.

                  It is the subtle kind of FUD, without coming right out and saying it, the implication is there that WarDriving can cause nuclear war.


                  One other thing, anyone that came to my DC 11 presentation knows my feelings on this already..but for those that missed it...WarDriving takes ZERO skill. It is fun, and I dig it and all, but seriously folks...hacking takes skill and ingenuity...WarDriving is the easiest activity known to man...if you can afford the equipment you can do it...no skill involved.
                  perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'

                  Comment


                  • #10
                    Chris,

                    I agree with you and when I spoke with the reporter, I imformed him of all the mistakes that he made. As I posted yesterday to the wardriving mail list, the reporter got his information from another reporter that does tech articles for the newspaper.

                    We've been talking about these guys in the michiganwireless mail list the past couple days and it get's more interesting by the day.

                    audit

                    <snip of mail from the list>

                    --

                    To: <Stumblers@mail.michiganwireless.org>
                    Subject: RE: [Stumblers] Waterford men hacked store files, FBI alleges


                    Sad to admit that I know both of those fools....Timmins is actually a close friend of mine. His email would be anything from timmins.net, only thing I have for Botbyl is
                    adam @ 0wnzed.us


                    I'm pretty sure that neither of them were subscribed. Neither of them have said anything to anyone about what happened (most likely a good idea). Until the total truth comes out, I don't want to pass judgement. Don't bother spreading their emails around the net (Timmins is really easy to find anyway), as Timmins ran his own servers for web and mail, all of which was consficated by the FBI. While I certainly don't condone what they did, I do fear that they are going be made an example of, and end up being deep-fryed in the legal system, in light of the current crop of computer crime and anti-terroism laws. While I don't have the story on what happened, knowing them both I feel that they probably did no more than changed a config file or two thinking it was just going to screw with the admins for a little while. In reality, it got blown way out of proportion, just like the Mitnick case. But again, this is merely my guess. Either way, they're most likely getting an all expenses paid vacation from the federal government, and regardless of the outcome, they're screwed for the rest of their lives.

                    Comment


                    • #11
                      For the record, my speech on accessing credit card networks was for information purposes only, I have not spoken directly to these people. I have suggested that if a network has wireless, and it is unsecure, getting credit card information can be attchived. This is for the admin's to resolve, and I explained how this is possible. Never did I condone ANY of this

                      Hopefully they didn't mentioned my speech when being interogated (don't even know if they were in Las Vegas durning Con, so I don't know either way)

                      EDIT: Just for the record, Lowe's is NOT one of my companies clients
                      Last edited by hackajar; November 14, 2003, 01:11.
                      "Never Underestimate the Power of Stupid People in Large Groups"

                      Comment


                      • #12
                        Found this to be of interest as well:

                        http://www.channel3000.com/technolog...65/detail.html
                        "Never Underestimate the Power of Stupid People in Large Groups"

                        Comment


                        • #13
                          A slight technicality...

                          "The men are charged with causing damage to a protected computer system..."

                          How about an UNprotected system?

                          Comment

                          Working...
                          X