Joshuah Witt, 34, and Brad Lowe and John Griffin, both 36, were charged in a 10-count federal indictment that accuses them of conspiracy, damaging computers, access device fraud and aggravated identity theft, according to a news release Wednesday from the U.S. Attorney's Office in Seattle.
Led by Griffin, the trio carried out the fraud from 2008 until 2010, according to prosecutors. During this time, they broke into more than a dozen business networks, and stole credit card numbers that were used to purchase tens of thousands of dollars in equipment and luxury goods.
In some cases, the hackers chose their victims by driving around in a car outfitted with a laptop and long-range antennae to search for vulnerable wireless networks – a technique known as “war driving.” They also often physically broke into local businesses, then stole data from computers and installed malware on the company networks.
“These defendants combined ‘old school' methods, such as burglary, with high-tech methods, such as using unprotected wireless networks, to hide their identities, while draining bank accounts and committing fraud,” U.S. Attorney Jenny Durkan said.
Through their activities, the hackers obtained usernames and passwords for business payroll accounts, then used these credentials to reroute funds into bank accounts under their control. Additionally, they stole the credentials for business accounts belonging to office supply companies and used them to purchase high-priced computers and other goods.
If convicted, they face up to 15 years in prison and a $250,000 fine.