Revelations from the Justice Department’s “largest hacking bust ever” have a federally imprisoned Lowe’s hacker seeing red. Brian Salcedo, currently serving a “record-breaking” 9-year sentence at a federal prison camp in McKean, Pennsylvania, says he was coerced into action by the recently-busted group’s ringleader, 27-year-old Albert Gonzalez a.k.a. “SoupNazi”.
Salcedo was arrested in 2004 after an FBI stakeout caught him and a partner stealing credit card numbers from a Lowe’s retail store in Southfield, Michigan, via a compromised wireless network. A Department of Justice press release says Salcedo successfully accessed Lowe’s central computer system in North Carolina, and attempted to use that access to capture credit card transactions at stores throughout the United States.
Salcedo’s caper failed, however, as reports indicate it was highly unlikely that a single stolen card number passed his eye. Despite this, Salcedo says he lined up a buyer for his eventual haul that was none other than Gonzalez, who at the time was working as an informant for the U.S. Secret Service after his capture in 2003.
According to Salcedo, he and his partner developed cold feet after Lowe’s administrators had noticed his intrusion – but Gonzalez wouldn’t take no for an answer and “insinuated threats” against Salcedo should he decide to call it off. An independent source at Wired’s Threat Level confirmed that Gonzalez attempted to appear connected to organized crime, and demanded that Salcedo continue his attack.
With Gonzalez fully unmasked, both in his role as ringleader in the recently-busted TJX hacking ring and in his online handle SoupNazi, Salcedo says he is absolutely sure that “he was an informant during the time that he was dealing with us.”
This fact is significant because of Salcedo’s prison sentence – the longest ever given to a hacker – was handed to him based on the damages he could have caused, as opposed to what he actually did. Essentially, he was punished as if his attack was successful, when it was not. Salcedo says he would have aborted the attack against Lowe’s had he not been coerced by then-informant Gonzalez, thereby leading to his “crazy-long” punishment.
Previous attempts to appeal his sentence were unsuccessful, with a federal appeals court affirming the lower court’s decisions to punish Salcedo based on his “admitted intentions to harm 250 or more victims and … traffic the stolen information.”
Wired speculates that while the Secret Service most likely did not instruct Gonzalez to coerce Salcedo – in fact, it may not have even been aware of their interactions – Salcedo may be able to claim entrapment and appeal his sentence once more.
“His argument would basically be that ... Gonzales threatened him as a government agent in order to induce him to plant the sniffer,” said former DoJ cybercrime prosecutor Mark Rasch in an interview with Wired. “He would not have planted the sniffer but for the threat, and his sentence was based on that.”
Salcedo is currently not eligible for release until October, 2011.