By Frank James
In what it's calling the largest alleged credit and debit card data breach that U.S. officials have ever indicted anyone for, the Justice Department charged Albert Gonzales, 28, of Miami, Fla. with leading a conspiracy to hack into computer networks and steal data linked to more than 130 million credit and debit cards.
According to the Justice Department, the companies targeted by Gonzales and his co-conspirators were Heartland Payment Systems, a New Jersey-headquartered card payment processor; Texas-based 7-Eleven Inc.; and Maine-based supermarket chain Hannaford Brothers Co. Inc.
From the Justice Department's press release:
The indictment, which details the largest alleged credit and debit card data breach ever charged in the United States, alleges that beginning in October 2006, Gonzales and his co-conspirators researched the credit and debit card systems used by their victims; devised a sophisticated attack to penetrate their networks and steal credit and debit card data; and then sent that data to computer servers they operated in California, Illinois, Latvia, the Netherlands and Ukraine. The indictment also alleges Gonzales and his co-conspirators also used sophisticated hacker techniques to cover their tracks and to avoid detection by anti-virus software used by their victims.
If convicted, Gonzales faces up to 20 years in prison on the wire fraud conspiracy charge and an additional five years in prison on the conspiracy charge, as well as a fine of $250,000 for each charge.
Gonzales is already in U.S. custody on charges that he was responsible for hacking into computer systems used by restaurant chain Dave and Busters and TJX, whose retail stores include the T.J. Maxx and Marshalls chains.
Gonzales allegedly made millions of dollars by selling the stolen credit and debit card information to other crime rings. And he lived large off the criminality of which the feds accuse him.
This lead on a Wired.com story gives a little color:
Accused TJX hacker kingpin Albert Gonzalez called his credit card theft ring "Operation Get Rich or Die Tryin."
He spent $75,000 on a birthday party for himself and once complained that he had to manually count $340,000 in pilfered $20 bills because his counting machine broke. But while Gonzalez apparently lived high off ill-gotten gains, a programmer who claims he earned nothing from the scheme sits broke and unemployed, his career in shambles, while awaiting sentencing for a piece of software he crafted for his friend.
At one time, Gonzales actually cooperated with the Secret Service but it appears that didn't go well.
An excerpt from the blog Lawvibe.com:
Gonzalez was offered a position to cooperate as an informant with the Secret Service in 2003 when he was apprehended in New Jersey for various crimes. One of the biggest events he was involved with while working with the Secret Service as an informant was with "Operation Firewall." This was back in October of 2004 where 28 members of Shadowcrew.com, an illegal cyber organization, were arrested after Gonzalez -- then under the name of "CumbaJohny" -- led them to register in a federal-operated private VPN service sting operation. However, it is now speculated now that he had leaked information to other co-conspirators to prevent capture and prosecution -- thereby circumventing his role as an ally to the Secret Service.