Woe be to the highly unsuccessful cracker manques: The fellow who was deemed to have the most responsibility in a quartet that all pleaded guilty was sentenced yesterday to nine years in jail for his role in using a poorly secured Wi-Fi network run by Lowe's to insert credit-card grabbing software into their systems. The judge reduced the potential longer sentence because Brian Salcedo provided information to Lowe's on security problems on their network.
Salcedo accomplice Adam Botbyl pleaded guilty to lesser charges and was sentenced today to more than two years in federal prison, somewhat less than expected. Paul Timmins pleaded to a misdemeanor. The article notes he was charged with wardriving, but that's incorrect: wardriving is generally passive. Timmins accessed the network, checking email according to his plea. The reporter writes, In wardriving, hackers search for vulnerable wireless Internet connections. But that's a subset of all wardrivers. Most wardrivers pursue Wi-Fi networks like birders pursue birds; they aren't searching per se for vulnerable networks.
Kevin Mitnick was only sentenced to five years, but prosecutors in the Mitnick case demonized him in order to make the case seem larger. He didn't do anything admirable, but he revealed the massive security flaws in many companies social and technical infrastructure. His actual damages--the cost to repair what he did as opposed to the costs to properly secure their own systems--were very small.
Another colleague of mine spent several years under probation for proving to Intel when he was a contractor that their password choices were bad. He didn't have their permission nor did he have any intent, but they decided to have him charged. He was obliged to pay the costs of their fixing a problem that he was demonstrating that they needed to fix.
In this case, prosecutors estimated that $2.5 million in damages would have been caused if Lowe's didn't uncover the inserted software on their network. The Wi-Fi access wasn't really the point in the case at all, just their means of detected entry.