Print 22 comment(s) - last by domg.. on Aug 16 at 8:52 PM

Lowe's hacker points fingers at the Secret Service

Revelations from the Justice Department’s “largest hacking bust ever” have a federally imprisoned Lowe’s hacker seeing red. Brian Salcedo, currently serving a “record-breaking” 9-year sentence at a federal prison camp in McKean, Pennsylvania, says he was coerced into action by the recently-busted group’s ringleader, 27-year-old Albert Gonzalez a.k.a. “SoupNazi”.

Salcedo was arrested in 2004 after an FBI stakeout caught him and a partner stealing credit card numbers from a Lowe’s retail store in Southfield, Michigan, via a compromised wireless network. A Department of Justice press release says Salcedo successfully accessed Lowe’s central computer system in North Carolina, and attempted to use that access to capture credit card transactions at stores throughout the United States.

Salcedo’s caper failed, however, as reports indicate it was highly unlikely that a single stolen card number passed his eye. Despite this, Salcedo says he lined up a buyer for his eventual haul that was none other than Gonzalez, who at the time was working as an informant for the U.S. Secret Service after his capture in 2003.

According to Salcedo, he and his partner developed cold feet after Lowe’s administrators had noticed his intrusion – but Gonzalez wouldn’t take no for an answer and “insinuated threats” against Salcedo should he decide to call it off. An independent source at Wired’s Threat Level confirmed that Gonzalez attempted to appear connected to organized crime, and demanded that Salcedo continue his attack.

With Gonzalez fully unmasked, both in his role as ringleader in the recently-busted TJX hacking ring and in his online handle SoupNazi, Salcedo says he is absolutely sure that “he was an informant during the time that he was dealing with us.”

This fact is significant because of Salcedo’s prison sentence – the longest ever given to a hacker – was handed to him based on the damages he could have caused, as opposed to what he actually did. Essentially, he was punished as if his attack was successful, when it was not. Salcedo says he would have aborted the attack against Lowe’s had he not been coerced by then-informant Gonzalez, thereby leading to his “crazy-long” punishment.

Previous attempts to appeal his sentence were unsuccessful, with a federal appeals court affirming the lower court’s decisions to punish Salcedo based on his “admitted intentions to harm 250 or more victims and … traffic the stolen information.”

Wired speculates that while the Secret Service most likely did not instruct Gonzalez to coerce Salcedo – in fact, it may not have even been aware of their interactions – Salcedo may be able to claim entrapment and appeal his sentence once more.

“His argument would basically be that ... Gonzales threatened him as a government agent in order to induce him to plant the sniffer,” said former DoJ cybercrime prosecutor Mark Rasch in an interview with Wired. “He would not have planted the sniffer but for the threat, and his sentence was based on that.”

Salcedo is currently not eligible for release until October, 2011.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By JasonMick on 8/13/2008 9:42:32 AM , Rating: 2
On the one hand I feel bad for the guy because it does seem like it was entrapment and the sentence is ridiculously long compared to what he did.

On the other hand he's pretty stupid and culpable to blindly follow advice to commit such a major crime. If he agreed to deliberately target SPECIFICALLY credit card traffic and not traffic in general, ie. filtering for credit card numbers or something like that, he's pretty stupid. Just because someone tells you to murder someone doesn't mean you do, and just because someone tells you steal credit cards doesn't mean you do.

RE: Hmm
By NaughtyGeek on 8/13/2008 9:57:31 AM , Rating: 4
Well, that is of course true when someone isn't insinuating you'll be wearing cement shoes at the bottom of a lake somewhere. The threat of death/physical harm can be rather compelling when one wants something done. This hacker was an imbecile for trying to traffic the data to begin with, but being as he tried to back out, his sentence is ludicrous.

RE: Hmm
By JasonMick on 8/13/2008 10:35:30 AM , Rating: 1
Okay, but he was specifically trying to sell this guy credit card info, before he ever had any second thoughts. If he didn't do that in the first place he would never have put himself in a situation to be threatened.

I mean he thought he was was dealing with organized crime -- how does he NOT expect to be threatened if backing out?

Also, he would have nothing to fear unless he was stupid and gave the guy some sort of personal information that could lead them to him.

RE: Hmm
By threepac3 on 8/13/2008 1:14:05 PM , Rating: 2
...But isn't the Secret Services case based on SoapNazi's testimony? It doesn't matter whether he committed the crime or not he still was convicted on false or or improperly gathered evidence.

RE: Hmm
By JustTom on 8/13/2008 2:23:04 PM , Rating: 2
The case the Gonzalez gave information about is not this one. Lowe's noticed someone snooping its network, contacted the FBI.

RE: Hmm
By feraltoad on 8/14/2008 1:51:50 AM , Rating: 2

No soup for you!

RE: Hmm
By mindless1 on 8/13/2008 3:40:11 PM , Rating: 2
If we imprisoned everyone who was stupid or who thought about doing something wrong but then changed their minds, where would it end?

He thus far may not have proven what he claims, but everyone should be entitled to choose not to do the wrong thing and only be punished for their own choices, not choices made in fear of one's life.

Did he know he was dealing with organized crime at first, that it would come down to being forced to do it? Very unlikely, if it were the case then he wouldn't have bothered trying to back out of it later (if what he claims is true).

He'd have nothing to fear unless he gave them info? Hardly. Don't you think that he'd expect they already knew a fair bit about it, perhaps by following him or taking down his license plate number, telephone contact or who-knows-what else? If someone wants to get to you they will if you're dealing with them in real life instead of only anonymously online.

RE: Hmm
By JustTom on 8/13/2008 11:19:03 AM , Rating: 2
He claims he tried to back out. Why wouldn't he? This is corroborated by nothing in this story. Gonzalez was an informant; he also allegedly tipped off the ring that it was under-investigation.

From a NY Newsday artice:
Gonzalez allegedly worked as an informant while also tipping the alleged ring, a source familiar with the case said,0,10...

Gonzalez has been indicted on numerous charges; if he was double dealing the Feds he had zero reason to pressure Salcedo into a situation where they were bound to get caught.

To me Salcedo is nothing more than a punk criminal crying cause he got caught.

RE: Hmm
By mindless1 on 8/13/2008 3:59:33 PM , Rating: 2
False. Gonzalez was (by your linked article) being paid fairly well as an informant, considering only a high school education and living with his parents, presumably spending all his time hacking before caught then entrapping people to save his own ass.

Gonzalez has been indicted but don't you see? Of course he would be, now that his cover is blown he is useless to them as an informant and they can't very well selectively prosecute if there is plausible deniability. Gonzalez probably feels burned too.

I'm not suggesting either of them shouldn't face the consequences for their actions but when someone makes a claim it has to be investigated when it bears so strongly on the situation. I agree he's crying because he got caught but if he was coerced then it unfortunately puts into question whether he'd have actually gone through with the crime. Thinking about doing something wrong, even doing some prerequisite work towards that end, isn't the same as actually committing the crime.

If someone is known to be prone to fits of rage, and they put a gun in their car, are they already guilty of using that gun? No, they still have the choice not to do something more substantially wrong even if they were premeditating criminal acts. Same goes for a would-be shoplifter, if they go to the store wearing a baggy coat to hide their loot, eye something behind a counter and want to steal it, are they guilty of the crime before taking the item? No. They might chicken out or decide not to. Everyone faces basic choices like this at some point in their lives, we are all born not knowing how to get along in society and eventually learn it though at an earlier age.

If someone put a gun to the would-be shoplifter's head or equivalently threatened them with death if they didn't then take the item, isn't it a lot more likely they would?

Gonzalez was obviously a key instigator in this crime. He'd done similar before and was being paid to rat out his own kind. When Salceno met up with this fellow I'd expect he had no idea of the depths Gonzalez would stoop to just to keep making $6K a month while living with his mommy.

That doesn't mean Salcedo is entirely innocent but as the article already mentioned this was a record penalty. Just assuming the entirety of guilt should fall upon his shoulders isn't quite how our legal system is supposed to work, we have annoying little concepts of trying to find truth and justice, not only judging based on what we assume.

RE: Hmm
By JustTom on 8/13/2008 5:14:24 PM , Rating: 2
we have annoying little concepts of trying to find truth and justice, not only judging based on what we assume.

He plead guilty.The sentence was upheld upon appeal.What assumptions are being made?

RE: Hmm
By ThePooBurner on 8/13/2008 10:11:53 AM , Rating: 2
I agree with NaughtyGeek. I would have had a post that said the same thing had i not been at work and had to help a customer before getting a chance. I'm not sure of anyone that would be willing to die just to be able to back out of a trafficing deal gone sour.

There is no fuzzy logic
By fibreoptik on 8/13/2008 10:04:59 AM , Rating: 2
How his attempt at stealing people's info (and not getting any) different than a cashless bank robbery attempt? The fact that he figures he should not be charged on the grounds that he did not succeed makes him an epic D-bag.

RE: There is no fuzzy logic
By DASQ on 8/13/2008 10:17:48 AM , Rating: 2
Does attempted murder get you the same sentence as second degree murder?

RE: There is no fuzzy logic
By Solandri on 8/13/2008 1:36:53 PM , Rating: 2
This is actually a big problem with the way most people view crimes. For some reason they tend to view trying and failing to commit a crime as much less severe than trying and succeeding. In reality, the act of trying is the crime, regardless of whether you succeed or fail.

In other words, the punishment for a crime (regardless of success or failure) is punitive (meant to punish you and discourage others from committing the same crime). Any distinction made between failing and succeeding is merely compensatory (compensating the victim or his surviving kin for damages). If you think about it, this is the only way to break it down that makes logical sense.

The only other factor I can think of which makes attempted murder a less serious offense than successful murder is that there may be uncertainty over whether there really was an attempt at murder. With a dead body, it's pretty certain someone intended to kill someone else. But with attempted murder, the evidence for intent may hinge on the testimony of a spurned ex-spouse who has a penchant for lying. Ideally convictions for attempted murder would be certain and the punishment the same as successful murder. But I think our system imposes a more lax punishment in compensation for the lowered level of certainty in the attempted murder cases.

RE: There is no fuzzy logic
By Smartless on 8/13/2008 2:55:15 PM , Rating: 3
Hmm where's those Minority Reports when you need them.

RE: There is no fuzzy logic
By ThePooBurner on 8/13/2008 10:19:34 AM , Rating: 2
I think the point is more of what you get when you are convicted of attempted robbery or attempted murder vs when you are convicted successful versions of either. Granted there isn't a lot of leniency, but there is some. This sounds more like a punishment from Minority Report than what would normally happen. Not saying he shouldn't have gotten a fair sentence, just i don't think the current one sounds very fair. Perhaps 6 years instead of 9 or something.

RE: There is no fuzzy logic
By clovell on 8/13/2008 12:27:37 PM , Rating: 2
> The fact that he figures he should not be charged on the grounds that he did not succeed

I don't see where he said that.

Take away lesson...
By Lord 666 on 8/13/2008 9:41:31 AM , Rating: 3
Always work alone

RE: Take away lesson...
By Master Kenobi on 8/13/2008 10:31:25 AM , Rating: 2
Working alone is "How to get away with a crime 101". It's funny how many of these losers still skip that class.

By phxfreddy on 8/13/2008 1:04:11 PM , Rating: 4
.........when credit card numbers we conspire to receive.

By JustTom on 8/13/2008 11:28:12 AM , Rating: 2

The reason they never were able to use the credit cards was because they got caught before they could. They installed the software to cache credit card numbers. Salcedo was also on probation for a previous computer crime conviction. He plead guilty to the charges. Let him have a nice vacation.

One word:
By domg on 8/16/2008 8:52:13 PM , Rating: 2

"There's no chance that the iPhone is going to get any significant market share. No chance." -- Microsoft CEO Steve Ballmer
Related Articles
Huge Data Theft Ring Busted by the Feds
August 8, 2008, 7:27 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki