Wireless hacker gets nine-year jail sentence

20 Dec 2004

The longest ever prison sentence for hacking was handed down in the US last week as a court passed sentence on a 21-year-old man for breaking into a hardware store’s computer network.

The man, named as Brian Salcedo, received a nine-year jail term for attempting to access the Lowe’s chain of hardware outlets by ‘wardriving’ – a hacking technique that involves travelling around with detection equipment to find and break into unsecured wireless networks.

The prosecution had alleged that Salcedo intended to obtain customers’ credit card information. He and two accomplices, who have yet to be sentenced, had installed a modified credit-processing program on Lowe’s central network and individual stores’ systems in order to capture shoppers’ financial details. They were discovered when point-of-sale systems in the stores crashed as a result of the tampering.

Salcedo pleaded guilty to the charges and his sentence would have been greater had he not subsequently agreed to help Lowe’s bolster its IT security infrastructure. At nine years’ jail time, his stretch beats the previous record for hacking crimes. In 1999 the notorious hacker Kevin Mitnick was sent to prison for five and a half years.

The stringent sentence was in part due to the amount of money at stake. The authorities alleged that Salcedo and his accomplices could have made off with US$2.5m if they had been successful. The likelihood is that the jail time could also help to discourage other potential hackers.

Allan Brennan, managing director of Dublin-based Wireless Projects, said the case highlighted the basic security issues involving wireless networks that are installed in an ad hoc manner. “It’s now so cheap to go along on a bike or in a car and hack into a wireless network if it’s not secured,” he said. “I hope it deters anybody from using wardriving for illegal activities.”

He said, however, that Lowe’s deserved to shoulder some responsibility because it had made sensitive information easily accessible on its wireless network. “There should be some sort of onus on the shop to protect customer data. If I was a customer, I wouldn’t be happy with that.”

By Gordon Smith