Downtown42

wwwTOPDJcom

if you read the bottom the one guy has a job as a
security specialist , this guy should be fired!

Three indicted for hacking Lowe's computer system

CHARLOTTE, N.C. — Three 20-year-old men from Michigan each face 16 federal criminal charges stemming from their alleged conspiracy to hack into the Lowe's home improvement chain's national computer system and attempt to steal credit card information.
Brian Salcedo, Adam Botbyl and Paul Timmins have been indicted on charges of conspiracy, wire fraud, computer fraud, unauthorized computer access, intentional transmission of computer code and attempted possession of unauthorized access devices, U.S. Attorney Bob Conrad Jr. said Thursday.

Under the indictment — which was handed up Wednesday in Charlotte — each man could face up to 170 years in prison if convicted on all counts.

The indictment alleges that the trio used a wireless computer card to access the wireless network of a Lowe's store in Southfield, Mich., more than 10 times between Oct. 21 and Nov. 5. The men allegedly used that connection to enter the chain's central computer system in North Wilkesboro, N.C., and to eventually reach computer systems in Lowe's stores across the country.

According to the indictment, Botbyl and Timmins discovered a weakness in the Lowe's system in April "while driving around Southfield ... in an automobile equipped for searching for vulnerable wireless Internet connections using a laptop computer equipped with a wireless card and a wireless antenna" — an activity known as "wardriving."

Once inside the central Lowe's system, the men installed a program in the computer systems of several stores that was designed to capture credit card information from customers, the indictment said.

Lowe's officials have said the alleged hackers did not gain access to the company's national database and that they believe all customers' credit card information is secure.

A company spokeswoman declined to comment Thursday on the indictments, citing the ongoing investigation into the case.

Timmins and Botbyl appeared Nov. 10 before a federal judge in Michigan. A warrant for Salcedo's arrest was issued two days later.

Salcedo, of Whitmore Lake, Mich., is being held without bond; Botbyl and Timmins, both of Waterford, Mich., have been released on $10,000 unsecured bonds.

According to a 2000 news release issued by then-Michigan Attorney General Jennifer Granholm, Brian Salcedo, then 17, faced state criminal charges for allegedly hacking into an Ann Arbor, Mich.-based nonprofit Internet service company.

Officials at the office of the state's current attorney general did not immediately return a call Thursday seeking details on how that case was resolved.

At a Nov. 10 court appearance in Michigan, Timmins said he is a $38,000-a-year computer network and security specialist for a Southfield software company. Botbyl said he is a student at ITT Technical Institute in Troy.

A telephone message left after-hours for the federal public defender who represented Timmins and Botbyl at the November hearing was not immediately returned.

No initial court hearing on the charges in North Carolina had been scheduled Thursday.

dyno

bummer

vonwolske

It is a paradox that such clever minds could waste away in prison when they should be used to dimantle the Al Qeada or other crooks that the government is trying to capture.
It is like the old saying that the best game wardens were once the best game thiefs and poachers.
Any suggestions?

PhantomChaos

Troutly wouldn't survive on that........$500 would only get something like 50 porn sites a month. We all know he subscribes to more than that.

Keith

Another good article on Phishing scams. Bottom line, be very careful giving out credit card info, it's no different than someone calling your home during dinner and requesting information. If you haven't initiated the transaction, ignore it or contact the legitimate vendor for confirmation.

Technology > Tech Tuesday > Identity Theft Gets Phishy
Exclusive from Yahoo!

Identity Theft Gets Phishy
Thu Mar 11, 3:00 AM ET

Author: Brad Grimes

Several months ago my credit card company called to ask about some suspicious charges on my account. It was a card I hadn't used in a while--and certainly not to purchase bus tickets in St. Louis. There were a handful of other charges to my account, none of which were mine, I told the helpful rep. She asked me if the card had ever been out of my possession. In the brief moment it took me to tell her it had not, I became alarmed that a person with no direct access to a relatively inactive credit card account could use my number to make charges half a country away.

I never found out how someone got my credit card number and went on a spending spree in our nation's heartland. I've been monitoring my other accounts, and I'm happy to report that it doesn't appear anyone is out there impersonating me, buying stuff in my name, and shredding my credit rating. But many others don't share my good fortune.

The Federal Trade Commission said it received 215,000 complaints of identity theft last year. That's up 33 percent from the year before. The commission says identify theft is the number-one scam reported. And those are just the complaints made to the FTC. Experts say millions of people are victims of identity theft each year--and the number keeps rising.

Today's identity thieves are increasingly exploiting a new tool: the Internet. The scam is called phishing, or spoofing, and it's been around longer than computers have. Crooked telemarketers used to do it to coax information out of people that they could use to clean out their checking accounts, among other things. Today's scam artists use spam and fake Web pages to do the same thing.

Soon after my credit card scare, an e-mail purporting to be from my bank was sent to the Yahoo account that I use to avoid being spammed at my primary e-mail account. The message asked for personal information, including my account number, for verification. It looked official, but the fact it was sent to my Yahoo account (not the one that the bank has on file) and included a few egregious misspellings led me to believe it was fake--which it was.

However, by some estimates, as many as 20 percent of people who receive this type of spam click the link in the message and enter their personal information at what looks like a legitimate Web site.

Last November, EBay customers received an e-mail that claimed their accounts had been compromised. When they clicked through to an authentic-looking EBay site, they were asked for credit and debit card information. And recently the Federal Deposit Insurance Corporation warned people of a particularly diabolical phishing scam: A bogus e-mail was circulating that claimed people's bank accounts had been denied insurance because of violations of the Patriot Act, the law the government put in place to protect citizens after September 11, 2001.

What makes the scams I've mentioned effective is that when people click the link in the e-mail, they're not only whisked to a legitimate-seeming site, but also their Internet Explorer address bar displays the appropriate address. For example, in the FDIC scam the link appeared as "www.fdic.gov"--but the phony site is actually hosted in Pakistan.

Another Microsoft Software Flaw

Phishers can make legitimate-looking sites appear in the IE status, address, and title bars thanks to a known flaw that took Microsoft more than a month to fix. Go to Microsoft's site to download the IE security patch and learn how to protect yourself from these scams.

Above all, remember the cardinal rule about using the Internet: Don't give out personal information unless you know exactly who's asking for it and why. In general, legitimate businesses do not request personal information via e-mail.

If you're unsure about an e-mail request you've received, wait, ask around, and find out if it's a scam. Do a search on the Web for news about the company that supposedly needs your data. And by all means, if you think it's a scam, report it to the FTC.

As for me, I'm reading my credit card statements more closely than I used to, and I'm making sure I don't help phishers in their chosen profession. I've downloaded the latest Internet Explorer fix and I'm assuming every e-mail that hits my in-box asking for info about me is a fraud--until I'm 100 percent sure it isn't.

Brad Grimes is a former executive editor for PC World. He lives near Washington, D.C.

Audiofn

If you are a memeber of BJ's thier Credit card info just got hacked last week.

It is a shame that these guys do not take the precautions required to block these guys out.

Most of the internet goes through Boston area. They are talking about making a second internet for large businesses due to crap like this.

Jon

Hi-Tech Marine

Appreciate the post.

I just got the renewal notice for the NORTAN this moring.

Nortan found 'Spyware' running on my computer.
Apparently, my son was on a internet interactive gaming site and that was the source. Was a real pain to get removed.

MitchStellin

I get the puter pack today. 176 spyware programs were running. The Norton Internet Security would not load and crashed Windows. I was able to save all my faorite videos The guy watched them and liked Now I am going with Norton AV, he said the Firewall was the problem and is a huge pain. I am also staying away from all the "bad" sites. I also have windows ME wich he said sucks so we are loading XP tonight. He did for $50 what a dude wanted 300 and a week to do.

Keith

Another little trick to help, use something like WebWasher when you go browsing and surfing unknown/unfamiliar sites. It will also help crunch up cookies, intentionally mis-identify you on the website, keep javascripts from running in your browser, eliminate popups, etc., etc., etc.

You just need to remember to shut it off when you hit a legitimate site like OSO. The best analogy is to consider something like WebWasher a condom for your browser, while browsing.