Follow us:

The Today File

Your guide to the latest news from around the Northwest

May 10, 2012 at 3:57 PM

Seattle men behind cyber-crime spree sentenced to prison

Two Seattle men at the heart of a cyber-crime spree that involved both high technology and broken glass and jimmied locks were given long prison terms today by a federal judge.

The men, John Earl Griffin, 36, and Brad Eugene Lowe, 39, used a technology called “wardriving” in which they cruised around in a vehicle equipped with a powerful wi-fi receiver to detect business wireless networks. They then would hack into the company’s network from outside, cracking the security code and accessing company computers and information.

In other cases, they would physically break into the company and install “malware” on a computer designed to “sniff out” passwords and security codes and relay that information back to the thieves.

They then would strike quickly by accessing company accounts with other businesses like Amazon.com or eBay and charging expensive items, or in some cases actually getting into a company’s payroll.

In more than one instance, they would divert automatic payroll deposits to newly created bank accounts, load it onto debit cards and buy items like Rolex watches or engines for their cars.

U.S. Attorney Jenny Durkan said the men hacked or burglarized more than 50 local businesses, resulting in losses of more than $3 million. The crime spree went on for nearly three years before it was cracked by Seattle police.

Griffin was sentenced to 95 months in prison by U.S. District Judge Richard A. Jones. Lowe received a 78-month sentence.

A third defendant, Joshua Allen Witt, pleaded guilty last month and is set for sentencing in June.

It took nearly three years, but Seattle police detectives say they’ve unraveled a theft ring that operated both in cyberspace and through old-fashioned burglaries with a technological twist — breaking into a company with the sole purpose of installing malicious software to enable future thefts.

Federal prosecutors have indicted three men — Joshua Allen Witt, 34; Brad Eugene Lowe, 36; and John Earl Griffin, 36 — on charges of conspiracy and eight other counts including accessing a protected computer to further fraud, access device fraud and aggravated identity theft.

The 20-page indictment lays out a scheme that U.S. Attorney Jenny Durkan on Wednesday said was “both sophisticated and rudimentary,” and combined high technology with broken glass and jimmied locks.

The trio is accused of targeting at least 53 companies, with losses expected to mount into the hundreds of thousands of dollars.

“In some cases, the victims were both burgled and cyber-burgled,” Durkan said at a news conference.

The indictment accused the men of “wardriving” — cruising in a vehicle outfitted with a powerful Wi-Fi receiver to detect business wireless networks. They then would hack into the company’s network from outside, cracking the security code and accessing company computers and information.

In other cases, they would physically break into the company and install “malware” on a computer designed to “sniff out” passwords and security codes and relay that information back to the thieves.

They then would strike quickly by accessing company accounts with other businesses like Amazon.com or eBay and charging expensive items, or in some cases actually getting into a company’s payroll.

In more than one instance, they would divert automatic payroll deposits to newly created bank accounts, load it onto debit cards and buy items like Rolex watches or engines for their cars.

“They were sophisticated in technology … and livin’ large,” Durkan said.

Durkan said the victims ranged from high-tech firms to storefront retailers.

Assistant U.S. Attorney Kathryn Warma said it was extremely difficult to pinpoint who was behind the intrusions. The first crimes occurred in 2008, she said, and while detectives pretty quickly figured out a single group was responsible, the suspects were only recently identified.

In the meantime, some innocent employees of the victim companies were suspected and questioned by police, Durkan said.

The arrests came after a string of burglaries in King County, in which all three men were charged in a lengthy state complaint filed in January that outlines the investigation and says that authorities have recovered stolen items during a series of searches of homes, cars and storage facilities in King County.

“Everything that makes it easy for us to do our business online makes it easy for them to commit crimes online,” Durkan said.

At Wednesday’s news conference, representatives from three of the victim businesses explained how they believed their networks were secure and how quickly the thefts occurred. All agreed to be named, but asked that their businesses not be identified.

Jeff Eby, the financial officer at a retail company, said two burglaries in 2008 seemed relatively routine enough and were reported to police. The only things taken, he said, were a couple of old laptops.

About a month later, he said, his company network suffered an intrusion that he learned about only when he came into work to find an unscheduled payroll printout on his printer. Suspicious, he reviewed the document to find that someone was attempting to add two new employees and divert their pay to bank accounts in North Dakota. The payroll was automatically printed as the program was being used.

Alec Fishburne said his software company, in a secure high rise, was likely hacked in 2008 by someone accessing the network from somewhere in the same building. Not only did they conduct transactions with other businesses, but they also changed the routing codes on some employees’ direct-deposit accounts and diverted their pay to other accounts.

Another businessman, Mark Houtchenn, said the thieves “took tens of thousands of dollars” and stole the identities of almost all of his 14 employees.

“It’s been a pain in the neck, if not quite a bit lower,” he said

0 Comments | More in General news, The Blotter | Topics: conspiracy, cybercrime, fraud

COMMENTS

No personal attacks or insults, no hate speech, no profanity. Please keep the conversation civil and help us moderate this thread by reporting any abuse. See our Commenting FAQ.



The opinions expressed in reader comments are those of the author only, and do not reflect the opinions of The Seattle Times.


Advertising
The Seattle Times

To keep reading, you need a subscription.

We hope you have enjoyed your complimentary access. Subscribe now for unlimited access!

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Subscriber login ►
The Seattle Times

To keep reading, you need a subscription upgrade.

We hope you have enjoyed your complimentary access. For unlimited seattletimes.com access, please upgrade your digital subscription.

Call customer service at 1.800.542.0820 for assistance with your upgrade or questions about your subscriber status.

The Seattle Times

To keep reading, you need a subscription.

We hope you have enjoyed your complimentary access. Subscribe now for unlimited access!

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Activate Subscriber Account ►