Seattle police detectives say they've unraveled a theft ring that operated both in cyberspace and through old-fashioned burglaries with a technological twist — breaking into a company with the sole purpose of installing malicious software to enable future thefts.

Share story

It took nearly three years, but Seattle police detectives say they’ve unraveled a theft ring that operated both in cyberspace and through old-fashioned burglaries with a technological twist — breaking into a company with the sole purpose of installing malicious software to enable future thefts.

Federal prosecutors have indicted three men — Joshua Allen Witt, 34; Brad Eugene Lowe, 36; and John Earl Griffin, 36 — on charges of conspiracy and eight other counts including accessing a protected computer to further fraud, access device fraud and aggravated identity theft.

The 20-page indictment lays out a scheme that U.S. Attorney Jenny Durkan on Wednesday said was “both sophisticated and rudimentary,” and combined high technology with broken glass and jimmied locks.

The trio is accused of targeting at least 53 companies, with losses expected to mount into the hundreds of thousands of dollars.

This week, save 90% on digital access.

“In some cases, the victims were both burgled and cyber-burgled,” Durkan said at a news conference.

The indictment accused the men of “wardriving” — cruising in a vehicle outfitted with a powerful Wi-Fi receiver to detect business wireless networks. They then would hack into the company’s network from outside, cracking the security code and accessing company computers and information.

In other cases, they would physically break into the company and install “malware” on a computer designed to “sniff out” passwords and security codes and relay that information back to the thieves.

They then would strike quickly by accessing company accounts with other businesses like or eBay and charging expensive items, or in some cases actually getting into a company’s payroll.

In more than one instance, they would divert automatic payroll deposits to newly created bank accounts, load it onto debit cards and buy items like Rolex watches or engines for their cars.

“They were sophisticated in technology … and livin’ large,” Durkan said.

Durkan said the victims ranged from high-tech firms to storefront retailers.

Assistant U.S. Attorney Kathryn Warma said it was extremely difficult to pinpoint who was behind the intrusions. The first crimes occurred in 2008, she said, and while detectives pretty quickly figured out a single group was responsible, the suspects were only recently identified.

In the meantime, some innocent employees of the victim companies were suspected and questioned by police, Durkan said.

The arrests came after a string of burglaries in King County, in which all three men were charged in a lengthy state complaint filed in January that outlines the investigation and says that authorities have recovered stolen items during a series of searches of homes, cars and storage facilities in King County.

“Everything that makes it easy for us to do our business online makes it easy for them to commit crimes online,” Durkan said.

At Wednesday’s news conference, representatives from three of the victim businesses explained how they believed their networks were secure and how quickly the thefts occurred. All agreed to be named, but asked that their businesses not be identified.

Jeff Eby, the financial officer at a retail company, said two burglaries in 2008 seemed relatively routine enough and were reported to police. The only things taken, he said, were a couple of old laptops.

About a month later, he said, his company network suffered an intrusion that he learned about only when he came into work to find an unscheduled payroll printout on his printer. Suspicious, he reviewed the document to find that someone was attempting to add two new employees and divert their pay to bank accounts in North Dakota. The payroll was automatically printed as the program was being used.

Alec Fishburne said his software company, in a secure high rise, was likely hacked in 2008 by someone accessing the network from somewhere in the same building. Not only did they conduct transactions with other businesses, but they also changed the routing codes on some employees’ direct-deposit accounts and diverted their pay to other accounts.

Another businessman, Mark Houtchenn, said the thieves “took tens of thousands of dollars” and stole the identities of almost all of his 14 employees.

“It’s been a pain in the neck, if not quite a bit lower,” he said.

Mike Carter: 206-464-3706 or

Custom-curated news highlights, delivered weekday mornings.