CHARLOTTE, N.C. -- A second Michigan man was sentenced Thursday to more than two years in federal prison for his role in a scheme to hack into the Lowe's national computer system to steal credit card information.
U.S. District Judge Lacy Thornburg sentenced Adam Botbyl, 21, of Oakland County's Waterford Township, to two years and two months. Another defendant, Brian Salcedo, 21, of Whitmore Lake, Mich., was sentenced on Wednesday to nine years in prison.
Before Thornburg imposed the sentence, Assistant U.S. Attorney Matthew Martens told him the defendants tried to get data that could have caused huge economic losses for the Mooresville-based home improvement chain and its customers.
"The damage that could have been caused by these defendants would have been astronomical," he said. "The fact that it didn't happen wasn't because they retreated. It's because the FBI caught them in the act."
Botbyl, who pleaded guilty to one count of conspiracy, could have faced five years in prison.
"I would like to apologize to the court and to the victim, Lowe's," he said when Thornburg gave him a chance to address the court.
Salcedo pleaded guilty in August to conspiracy, transmitting computer code to cause damage to a computer, unauthorized computer access, and computer fraud.
Salcedo's 108-month sentence exceeds that given to well-known hacker Kevin Mitnick, who spent 68 months in prison according to a U.S. Justice Department Web site that tallies government cyber-crime prosecutions.
A third defendant, Paul Timmins, of Waterford Township, pleaded guilty to a new charge of unauthorized access to a protected computer. Prosecutors said that may be the first conviction in the nation for "wardriving." He is awaiting sentencing.
In wardriving, hackers search for vulnerable wireless Internet connections. The original indictment charged that Botbyl and Timmins drove around Southfield, Mich., in April 2003, searching for a vulnerable connection and using a laptop computer equipped with a wireless card and a wireless antenna.
In an indictment, prosecutors said the trio tapped into the wireless network of a Southfield Lowe's store, using that connection to enter the chain's central computer system in North Wilkesboro, N.C., and eventually to reach computer systems in Lowe's stores across the country.
Once inside the central Lowe's system, the men installed a program in the computer systems of several stores that was designed to capture credit card information from customers, the indictment said.
Lowe's officials said the men did not gain access to the company's national database and that they believe the security of customers' credit card information was never compromised.
The case was prosecuted in Charlotte because it is home to an FBI cyber-crime task force, Martens said.