Two Seattle men involved in a 30-month burglary and electronic hacking ring into were sentenced Thursday to more than six years of prison each, according to a news release from the U.S. Department of Justice.
Brad Eugene Lowe, 39, was sentenced to 78 months in prison and three years of supervised release, according to the U.S. Department of Justice. John Earl Griffin, 36, was sentenced to 95 months in prison and three years of supervised release.
Both men pleaded guilty to conspiracy to intentionally access a protected computer without authorization with intent to defraud, intentionally causing and attempting to cause damage to a protected computer and thereby causing loss in excess of $5,000, accessing a protected computer without authorization to further fraud, access device fraud, and aggravated identity theft, according to the U.S. Attorney's Office.
A third person, Joshuah Allen Witt pleaded guilty to federal charges last month and is scheduled to be sentenced in June, according to the news release.
In August 2012, U.S. District Judge Richard A. Jones will determine the amount of restitution the men owe, the U.S. Department of Justice said. The figure is expected to be in excess of $3 million, according to the release.
According to the U.S. Attorney's Office, the group stole equipment, credit card numbers and payroll information to steal money and to purchase goods.
The steps they took to hide their identities led to innocent third parties or company employees being suspected and interviewed by law enforcement, accoding to the office's press release and the group stole personal information of more than 50 employees at one Renton business.
According to the press release, one man whose firm had built the computer network for one of the victim companies said, “years of work and the building of trust were soiled beyond repair…. Because of the hacking we had no option but to essentially pour gasoline on years of work.”
in King County Superior Court earlier this year.
According to the earlier charges, the group stole servers, computers and electronics equipment from nine businesses in Bellevue, Woodinville, Redmond and Kirkland. The break-ins date back at least to early 2010, King County charging documents say.
Among the businesses hit in Bellevue:
•, BizXchange, Blinkx and , all located in the same Eastgate building at 3600 136th Place S.E., June 13-14. All had computer equipment stolen; BizXchange also had gift cards for various businesses stolen.
•Intava Corp. and Mind Tree, both in the same building at 2375 130th Ave. N.E., Dec. 3-5.
Bellevue police also detailed similar break-ins at other businesses, including Sony On-line Entertainment, but the men were not charged in those thefts, according to a report in Patch in May.
However, gift cards stolen from Bellevue’s BizXchange connect the Eastside burglaries to a federal investigation into sophisticated computer hacking, identity theft and fraud.
Seattle Police detective Chris Hansen, who serves on a federal Secret Service Electronic Crimes Task Force, described part of the suspected operation in an affidavit to support seizing a car last month.
Hansen had been investigating a series of computer network intrusions of small and medium-sized businesses around Puget Sound. The investigation found that suspects were believed to be driving around the region using a car with mobile hacking tools to get into businesses’ wireless networks and steal data for identity theft and fraud, techniques called“wardriving” and “piggybacking.”
A 35-year-old man who knew Witt and Lowe tried to use a stolen gift card at The Local Vine in Seattle in October, according to the affidavit.
The Capitol Hill wine bar notified Bellevue and Seattle police, and they questioned the man, who at first said he bought the cards on Craigslist but then said he knew they were stolen but couldn’t talk about it.
While police were at the bar, they impounded the man’s car, a 1988 Mercedes. When they later searched it, they found a laptop, a mount to hold a laptop stand for use while driving, and other equipment that could be used for mobile computer hacking.
In December, searches of several residences and storage lockers in Seattle turned up some of the equipment stolen in the Eastside burglaries.
Avoid being a victim
The U.S. Attorney and law enforcement urge businesses to take steps to avoid being a victim:
- Businesses should review their wireless encryption and confirm that they are using the appropriate level of encryption (WPA2 Personal or WPA Enterprise).
- Businesses should keep record of all laptop computers and ensure that any computers with remote access are encrypted. Any missing laptop computers should have passwords and credentials replaced immediately.
- Businesses should be aware of hacking that can occur from physical access to the server room as well as from external hacking.
- Employees should never click past security certificate warning screens and should notify I.T. immediately.
- Managers should be aware of "watercooler" talk among employees that may indicate a breach has occurred. This includes numerous employees complaining of fraud on personal accounts.
- Businesses should ensure that they have a security response plan prepared in the event that some kind of incident does occur.
- If you notice suspicious activity, contact your local law enforcement. You can make a referral to the U.S. Secret Service Electronic Crimes Task Force.