Cybercrime trio sentenced for $3m hacking spree via WiFi and malware

Filed Under: Featured, Law & order, Malware

The Seattle Times has reported on the final nail in the coffin of a Pacific North West hacking trio, with the third and final member of the group being sentenced by the court.

The three men, Joshuah Allen Witt, 35, John Earl Griffin, 36, and Brad Eugene Lowe, 39, have all now been given stiff prison terms. Lowe picked up the lightest sentence, with six-and-a-half years, whilst Witt and Griffin were sent down for nearly eight years each.

They attacked companies both externally - by wardriving and looking for poorly-protected corporate WiFi connections - and internally - by breaking in and installing keyloggers on company computers. (It's much easier to infect a PC if you do it deliberately!)

There are two lessons to be learned here.

The first lesson is to make sure you get your WiFi security right - at work and at home. We've written up some simple guidelines before to help you do the right thing.

To summarise, here are three things which do not provide WiFi security. Two of them provide a touch of safety against inadvertent connections, but none of these protect you against wardrivers:

WEP encryption. The security system in WEP (Wired Equivalent Privacy) is flawed and can easily and automatically be cracked. A wardriver will bypass WEP in 60 seconds - and that includes the time taken to park outside your office and boot up his laptop. Use WPA instead.

MAC address filtering. MAC (Media Access Control) addresses aren't secret. WiFi networks broadcast the MAC addresses of all currently-connected devices, so a wardriver already has a list of addresses he can use.

SSID hiding. The SSID (Service Set identifier) is your network name. Hiding it merely means your network doesn't openly advertise itself for use. But it isn't a secret - the SSID appears in other network traffic anyway, so the wardriver knows what it is.

The second lesson is to be doubly vigilant after a physical break-in. Don't just look for what's missing, but what might have been left behind.

(That's the same sort of lesson as we should all learn from the recent DNS Changer excitement.)

Cybercrooks who have physical access to your network can install malware on your computers, connect hardware keylogging devices to your keyboards, and even stash rogue wireless access points behind the furniture.

Just what the crooks were after in this case is clear: money.

They're said to have netted $3 million, raiding company bank accounts and even, it seems, modifying database records to steal directly from the payroll.

The crooks will now have years to regret their actions. Sadly, so too will the companies whose finances were plundered.


The images of imprisoned hands, the little red "X for Noooo!", and the stylised WiFi antenna on the main page are courtesy of Shutterstock.

, , , , , , , , , , ,

You might like

4 Responses to Cybercrime trio sentenced for $3m hacking spree via WiFi and malware

  1. Robert Latimer · 1173 days ago

    It's a shame that these so called ''clever'' hackers couldn't use their skills to upset the Status-quo a little bit, insted of Money~Money~Money ALL the time????

  2. Mervin Keck · 1172 days ago

    I spent $180 on a dual band router, spent hours making my home network secure. Yesterday the cable company came in to replace a dead router. when they left I discovered they had unplugged my $180 dual band router and put in a new modem/router which I can't configure or secure. Makes me paranoid!

  3. Jenny · 1166 days ago

    Here's what I don't understand.

    They found open networks or cracked the WEP. Then they connected to these networks. But how were they able to "hack" into them further.

    They had an IP address once they were connected but what more could they then do? Neither the blog nor the newspaper story is particularly revealing.

  4. Infosec Consultant · 848 days ago

    A few years ago, a client suffered a break-in to a comms room, tucked away under the IT building in a car park area. An equipment case was slightly damaged, so the client (including their experienced physical security manager and senior IT managers) dismissed it out of hand as petty vandalism. I was given very strange looks for even suggesting that something might have been ADDED rather than taken away. What I call "risk awareness", they call "paranoia". Ho hum.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog