Soon after his office was burglarized — twice — Jeff Eby walked in and found a payroll report sitting on his printer. He hadn't printed it, and as his company's chief financial officer, he's the only person who would have.
That's how he came to learn his organization had been hit by what prosecutors describe as a small team of sophisticated thieves and hackers that hit dozens of businesses over the past few years. In some cases, they chose their victims simply by driving around and picking up their wireless Internet signals; in others, they broke in the old-fashioned way, mainly for the purpose of installing malicious computer software on company networks, prosecutors said.
Joshuah Allen Witt, Brad Eugene Lowe and John Earl Griffin are charged in a 10-count federal indictment unsealed this week accusing them of aggravated identity theft and other charges. Lowe and Griffin have pleaded not guilty; Witt is in state custody and is expected to soon be transferred to federal custody.
At least 53 Puget Sound-area companies were hit, with losses well into the hundreds of thousands of dollars. Investigators are still tallying, Seattle U.S. Attorney Jenny Durkan told a news conference Wednesday.
In some cases, prosecutors say that once the men hacked into the wireless hotspots or burglarized the businesses, they obtained financial data, hijacked payroll systems, stole the identities of employees and routed pay checks to accounts they'd set up in the employees' names.
Then, they gave themselves raises.
"Once the hackers are in the system, they have a smorgasbord" — and can use the information to open bank accounts, compromise the personal credit information of employees and access PayPal, Amazon and eBay accounts, said Assistant U.S. Attorney Kathryn Warma.
The defendants were so ingenious at masking their trail and destroying electronic evidence of their intrusions that sometimes employees of the victimized companies wound up being questioned as potential suspects, investigators said. And according to the indictment, they took over some companies' networks in such a way that they were able "to monitor the victim business's discovery and response to the network intrusion, to include eavesdropping on communications with law enforcement agents."
The men used the money on items including a Rolex watch and car engines, prosecutors said. They're also accused of buying a wealth of computer equipment — including powerful antennas — that could be used to further their hacking activities.
It wasn't immediately clear how police first linked the three to the hacking, but documents filed in federal and state court said the investigation began by August 2008, and the three were identified as suspects by late 2010, when all three were initially arrested. Two — Lowe and Witt — were charged with various burglaries in King County Superior Court. Griffin was arrested at a local wine bar when police said he tried to use stolen gift cards, but that case was never referred for prosecution, said Dan Donohoe, a spokesman for the county prosecutor's office.
Investigators said it helped that the businesses reported the intrusions promptly, and the U.S. Secret Service Electronic Crimes Task Force in the region was able to connect the dots among cases that seemed unrelated.
Witt, who has a criminal history involving escape, theft and other convictions, was also arrested for investigation of stolen property in 2007, but ignored orders to appear in court in that case. Nevertheless, when he was arrested again last December, the court gave him a 24-hour release in which to post bond. He didn't post bond or show up in court as ordered, and was taken back into custody in February.
After being released from custody in late 2010, Witt and Lowe continued burglarizing businesses, prosecutors said. They were rearrested last Friday.
Lowe's attorney, Brent Hart, said it was too early to comment on the case.
An attorney for Griffin could not immediately be reached for comment.
No attorney has appeared on Witt's behalf in federal court.
The victimized companies included Eby's, a firm that helps universities capitalize on technologies they develop, and a downtown property management firm run by Mark Houtchens. Both said the costs of fixing the damage caused by the intrusions — figuring out what happened and securing their computer networks anew — have been severe.
"It's a pain in the neck, if not quite a bit lower," Houtchens said.