The theft ring used Wi-Fi to find, crack wireless business networks.

Share story

The final member of a roving theft ring that combined high-tech hacking and old-fashioned burglary has been sentenced to nearly eight years in federal prison for a series of identity- and payroll thefts that took more than $3 million from up to 50 local businesses.

Joshuah Allen Witt, 35, appeared in U.S. District Court on Friday, where Judge Richard A. Jones imposed just under an eight-year sentence on charges that included conspiracy, aggravated identity theft and access-device fraud.

Witt, who pleaded guilty in April, received the same prison sentence as co-conspirator John Earl Griffin, 36, who appeared before Jones earlier. Witt will get credit for the nearly two years he has been in custody since his arrest.

A third defendant, Brad Eugene Lowe, 39, received a 6 ½-year sentence.

All of the men will be ordered to pay restitution, which will be determined at another hearing, Jones said.

Jones told Witt his crimes had far-reaching impact. “For some of these individuals, it will be years, if not a lifetime, to recover from the conduct you engaged in,” the judge said.

U.S. Attorney Jenny Durkan, who leads the Justice Department’s Cybercrime and Intellectual Property Enforcement working group, said the hefty sentences send a “strong message to these modern-day bank robbers: Hack and steal at your own peril, as the consequence is prison time.”

“I commend the businesses who quickly alerted law enforcement about the intrusions on their computer systems,” Durkan said. “Without their help, law enforcement could not have put this ring out of business.”

Even then, it took the U.S. Secret Service’s Electronic Crimes Task Force nearly 2 ½ years to break the case.

According to court documents and statements from victims, the men engaged in crimes “both sophisticated and rudimentary,” and combined high technology with broken glass and jimmied locks.

The indictment accused the men of “wardriving” — cruising in a vehicle outfitted with a powerful Wi-Fi receiver to detect business wireless networks. They then would hack into the company’s network from outside, cracking the security code and accessing company computers and information.

In other cases, they would physically break into the company and install “malware” on a computer designed to “sniff out” passwords and security codes and relay that information back to the thieves.

They then would strike quickly by accessing company accounts with other businesses like Amazon.com or eBay and charging expensive items, or in some cases actually getting into a company’s payroll.

In more than one instance, they would divert automatic payroll deposits to newly created bank accounts, load the deposits onto debit cards and buy items such as Rolex watches or engines for their cars.

Mike Carter: 206-464-3706 or mcarter@seattletimes.com