Four years after pleading guilty to an abortive scheme to steal customer credit card numbers from the Lowe's hardware chain, hacker Brian Salcedo learned from prison last week that a co-conspirator who pressured him to go through with the hack attack was working for the feds at the time.
Brian Salcedo in an undated mugshot.
*Photo: Mecklenburg County Sheriff.*Salcedo, 25, is serving a record-breaking nine-year prison term for a 2003 intrusion into Lowe's corporate network. Salcedo and another hacker had parked outside a Lowe's in Southfield, Michigan and tapped into the store's unsecured WiFi network. Over the course of weeks, they used their foothold to penetrate Lowe's servers at stores across the country, where they eventually planted software that would sniff and store customer credit card numbers as they flew from cash registers to a processing server in North Carolina.
The hackers' downfall was seemingly straightforward. According to court records, Lowe's detected an intrusion and called in the FBI, who staked out the Southfield store's parking lot and eyeballed Salcedo and his partner working from a Pontiac Grand Prix. Salcedo pleaded guilty without even looking at the thousands of pages of "discovery" in the case -- the government's evidence.
But now, revelations in last week's indictment of three Miami men for a WiFi hacking spree have Salcedo replaying in his head a crucial moment in the genesis of his crime -- when, a week before he planted the credit card sniffing code, he nearly backed out of the scheme entirely.
Salcedo says he started getting cold feet when he realized that Lowe's network administrators had detected his presence on their network. He wanted to bail. But he had already lined up a buyer for the credit cards -- a mysterious figure in the computer underground known as SoupNazi, who wouldn't take no for an answer.
SoupNazi told Salcedo and his partner that it was too late to turn back, says Salcedo. "He insinuated threats against us, and said we had to continue doing what we were doing," Salcedo said in a phone interview from prison Monday.
Last week, federal indictments handed down in Boston unmasked SoupNazi as 27-year-old Albert Gonzalez, who's also known as Cumbajohny and Segvec. Gonzalez is the alleged mastermind of a series of WiFi based intrusions into U.S. retailers, including TJ Maxx, OfficeMax and DSW. Perfecting the attack pioneered by Salcedo, Gonzalez allegedly stole at least 40 million credit and debit card numbers worth millions of dollars on the black market.
Of significance to Salcedo: At the time Gonzalez threatened him, he was also working for the feds. Court records reveal that Gonzalez had been busted in July 2003 -- three months before Salcedo's Lowe's hack began. At his arrest, the government admits, Gonzalez became a key informant for the U.S. Secret Service, eventually aiding in the 2004 arrest of 28 fraudsters linked to the credit card fraud supersite Shadowcrew.com.
Now, "I know for a fact that he was an informant during the time that he was dealing with us," says Salcedo.
Another source involved in the Lowe's hack independently confirmed Salcedo's account, and said that SoupNazi cultivated the impression that he was connected to organized crime, and demanded that Salcedo go through with the attack.
It's unlikely that the Secret Service instructed Gonzalez to threaten Salcedo, and the agency may have been unaware that its informant was even dealing with the Lowe's hackers, says Mark Rasch, a former Justice Department cybercrime prosecutor. Rasch notes that it was the FBI, not the Secret Service, that foiled the attack.
But Rasch says the revelations raise enough questions of potential entrapment for Salcedo to attempt a court challenge to his nine-year prison sentence -- at the time, the longest sentence for any U.S. hacker, which was upheld by a federal appeals court in 2006.
"His argument would basically be that ... Gonzalez threatened him as a government agent in order to induce him to plant the sniffer," Rasch says. "He would not have planted the sniffer but for the threat, and his sentence was based on that."
Salcedo's prosecutor did not return a phone call Tuesday.
Gonzalez was arrested in a Miami hotel room last week, in possession of more than $20,000 in cash and a Glock 27 firearm with ammunition.
Salcedo is serving time at a federal prison camp in McKean, Pennsylvania, where he has a job in the welding shop. He's projected for release in October, 2011.
See Also:
