Albert Gonzalez

Albert Gonzalez
Albert Gonzalez

Photo of Albert Gonzalez by U.S. Secret Service
Born 1981

Albert Gonzalez (born 1981) is a computer hacker and computer criminal who is accused of masterminding the combined credit card theft and subsequent reselling of more than 170 million card and ATM numbers from 2005 through 2007—the biggest such fraud in history.

Gonzalez and his accomplices used SQL injection techniques to create malware backdoors on several corporate systems in order to launch packet sniffing (specifically, ARP Spoofing) attacks which allowed him to steal computer data from internal corporate networks.

During his spree he was said to have thrown himself a $75,000 birthday party and complained about having to count $340,000 by hand after his currency-counting machine broke. Gonzalez stayed at lavish hotels but his formal homes were modest.[1]

Gonzalez had three federal indictments:

  • May 2008 in New York for the Dave & Busters case (trial schedule September 2009)
  • May 2008 in Massachusetts for the TJ Maxx case (trial scheduled early 2010)
  • August 2009 in New Jersey in connection with the Heartland Payment case.

On March 25, 2010, Gonzalez was sentenced to 20 years in federal prison.

Gonzales along with his crew were featured on the 5th season episode of the CNBC series American Greed titled: Episode 40: Hackers: Operation Get Rich or Die Tryin’.[2]

Contents

Early life

His parents, who had immigrated to the United States from Cuba in the 1970s, bought him his first computer when he was 8. By the age of 9 he was reported to be actively removing computer viruses.[3]

Gonzalez, a Cuban-American, attended South Miami High School in Miami, Florida, where he was described as the "troubled" pack leader of computer nerds.[4] In his senior year at the school he and friend used the library computer to hack into computer systems of the government of India where they left messages about their culture. Reportedly India had to cancel government checks as a result. Gonzalez was not charged and was warned to stay away from a computer for six months.[3] In 2000 he moved to New York City where he lived for three months before moving to Kearny, New Jersey.[5]

Shadowcrew

While in Kearny he was accused of being the mastermind of a group of hackers called the Shadowcrew group, which trafficked in 1.5 million stolen credit and ATM card numbers.[6] Although considered the mastermind of the scheme (operating on the site under the screen name of "CumbaJohnny"), he was not indicted.[7] According to the indictment there were 4,000 people who registered with the Shadowcrew.com website. Once registered they could buy stolen account numbers or counterfeit documents at auction or read “Tutorials and How-To’s” describing the use of cryptography in magnetic strips on credit cards, debit cards and ATM cards so that the numbers could be used.[7] Moderators of the website punished members who did not abide by the site's rules including providing refunds to buyers if the stolen card numbers proved invalid.[7]

In addition to the card numbers, numerous other objects of identity theft were sold at auction, including counterfeit passports, drivers’ licenses, Social Security cards, credit cards, debit cards, birth certificates, college student identification cards, and health insurance cards.[7] One member sold 18 million e-mail accounts with associated usernames, passwords, dates of birth, and other personally identifying information. Most of those indicted were members who actually sold illicit items. Members who maintained or moderated the website itself were indicted including one who attempted to register the .cc domain name Shadowcrew.cc[7]

The Secret Service dubbed their investigation "Operation Firewall" and is believed that $4.3 million was stolen as Shadowcrew shared its information with other groups entitled Carderplanet and Darkprofits. The investigation involved units from the United States, Bulgaria, Belarus, Canada, Poland, Sweden, the Netherlands and Ukraine.[8] Gonzalez was initially charged with possession of 15 fake credit and debit cards[1] in Newark, New Jersey, though he avoided jail time by providing evidence to the United States Secret Service against his cohorts. 19 ShadowCrew members were indicted.[1] He then returned to Miami.[7]

TJX Companies

While cooperating with authorities, he was said to have masterminded the hacking of TJX Companies in which 45.6 million credit and debit card numbers were stolen over an 18 month period ending in 2007 topping the 2005 breach of 40 million records at CardSystems Solutions.[9] Gonzalez and 10 others sought targets while wardriving and seeking vulnerabilities in wireless networks along U.S. Route 1 in Miami. They compromised cards at BJ's Wholesale Club, DSW, Office Max, Boston Market, Barnes & Noble, Sports Authority and T.J. Maxx.[10][dead link][11]

The indictment referred to Gonzalez by the screen names "cumbajohny", "soupnazi", "segvec", "kingchilli" and "stanozlolz."[10]

The hacking was an embarrassment to TJ Maxx, which discovered the breach in December 2006. The company initially believed the intrusion began in May 2006, but further investigation revealed breaches dating back to July 2005.[9]

One of his co-conspirators was 7-foot-tall Stephen Watt, known in the hacker world as "Unix Terrorist" and "Jim Jones." Watt worked at Morgan Stanley in New York City and wrote the sniffer program.[12]

Arrest

Gonzalez was arrested on May 7, 2008 on charges stemming from hacking into the Dave & Buster's corporate network from a point of sale location at a restaurant in Islandia, New York. The incident occurred in September 2007. About 5,000 card numbers were stolen. Fraudulent transactions totaling $600,000 were reported on 675 of the cards.[13]

Authorities became suspicious after the conspirators kept returning to the restaurant to reintroduce their hack because it would not restart after the company computers shut down.[13]

Gonzalez was arrested in Room 1508 at the National Hotel[14] in Miami Beach, Florida. In various related raids authorities seized $1.6 million in cash (including $1.1 million in plastic bags in a three-foot drum buried in his parents' backyard),[1] his laptops and a compact Glock pistol.[4]

Officials said that Gonzalez lived in a nondescript house in Miami.[4]

He was in the Metropolitan Detention Center in Brooklyn when he was indicted in the Heartland attacks.

Heartland Payment Systems

In August 2009 Gonzalez was indicted in Newark, New Jersey on charges dealing with hacking into the Heartland Payment Systems, Citibank-branded 7-Eleven ATM's and Hannaford Brothers computer systems. Heartland bore the bulk of the attack in which 130 million card numbers were stolen. Hannaford had 4.6 million numbers stolen. Two other retailers were not disclosed in the indictment however Gonzalez's attorney told StorefrontBacktalk that two of the retailers were J.C. Penney and Target Corporation.[15] Heartland reported that it had lost $12.6 million in the attack including legal fees.[16] Gonzalez allegedly called the scheme "Operation Get Rich or Die Tryin."[1]

According to the indictment the attacks by Gonzalez and two unidentified hackers "in or near Russia" along with unindicted conspirator "P.T." from Miami began on December 26, 2007, at Heartland Payment Systems, August 2007 against 7-Eleven and Hannaford Brothers in November 2007 and two other unidentified companies.[17] Gonzalez and his co-horts targeted large companies and studied their check out terminals and then attacked the companies from internet-connected computers in New Jersey, Illinois, Latvia, the Netherlands and Ukraine.

They covered their attacks over the Internet using more than one messaging screen name, storing data related to their attacks on multiple Hacking Platforms, disabling programs that logged inbound and outbound traffic over the Hacking Platforms, and disguising, through the use of “proxies,” the Internet Protocol addresses from which their attacks originated.[17]

The indictment said the hackers tested their program against 20 anti virus programs.

Rene Palomino Jr., attorney for Gonzalez, charged in a blog on the New York Times website that the indictment arose out of squabbling among U.S. Attorney offices in New York, Massachusetts and New Jersey. Palomino said that Gonzalez was in negotiations with New York and Massachusetts for a plea deal in connection with the T.J. Maxx case when New Jersey made its indictment. Palomino identified the unindicted conspirator "P.T." as Damon Patrick Toey who had pled guilty in the T.J. Maxx case. Palomino said Toey rather than Gonzalez was the ring leader of the Heartland case. Palomino further said, “Mr. Toey has been cooperating since Day One. He was staying at (Gonzalez’s) apartment. This whole creation was Mr. Toey’s idea...It was his baby. This was not Albert Gonzalez. I know for a fact that he wasn’t involved in all of the chains that were hacked from New Jersey.”[18]

Palomino said one of the unnamed Russian hackers in the Heartland case was Maksym Yastremskiy who was also indicted in the T.J. Maxx but is now serving 30 years in a Turkish prison on a charge of hacking Turkish banks in a separate matter.[19] Investigators said Yastremskiy and Gonzalez exchanged 600 messages and that Gonzalez paid him $400,000 through e-gold.[1]

Yastremskiy was arrested in July 2007 in Turkey on charges of hacking into 12 banks in Turkey. The Secret Service investigation into him was used to build the case against Gonzalez including a sneak and peek covert review of Yastremskiy's laptop in Dubai in 2006 and a review of the disk image of the Latvia computer leased from Cronos IT and alleged to have been used in the attacks.[20]

After the indictment Heartland issued a statement saying that it does not know how many card numbers were stolen from the company and that it does not know how the U.S. government reached the 130 million number.[21]

Plea bargain

On August 28, 2009, his attorney filed papers with the United States District Court for the District of Massachusetts in Boston indicating that he would plead guilty to all 19 charges in the U.S. v. Albert Gonzalez, 08-CR-10223, case (the TJ Maxx case). According to reports this plea bargain would "resolve" issues with the New York case of U.S. v. Yastremskiy, 08-CR-00160 in United States District Court for the Eastern District of New York (the Dave and Busters case).

Gonzalez could serve a term of 15 years to 25 years. He would forfeit more than $1.65 million, a condominium in Miami, a blue 2006 BMW 330i automobile, IBM and Toshiba laptop computers, a Glock 27 firearm, a Nokia cell phone, a Tiffany diamond ring and three Rolex watches.

His sentence would run concurrent with whatever comes out of the case in the United States District Court for the District of New Jersey (meaning that he would serve the longest of the sentences he receives).[22][23]

In March 2010, he received two concurrent 20 year terms.[24] On March 25, 2011, he filed in U.S. District Court in Boston to withdraw his guilty plea. He said his attorneys had not advised him he could have used a “public authority” defense option because he said he had been working for the United States Secret Service to seek out international cybercriminals.[25]

References

  1. ^ a b c d e f From snitch to cyberthief of the century – Miami Herald – August 22, 2009
  2. ^ "Case File: Operation Get Rich or Die Tryin". http://www.cnbc.com/id/40535839. Retrieved February 23, 2011. 
  3. ^ a b Miami hacker in credit card scam honed skills at early age – Miami Herald – August 20, 2009
  4. ^ a b c 'Soupnazi' hacker Albert Gonzalez went from nerdy past to life of sex, guns and drugs – New York Daily News – August 19, 2009
  5. ^ Meek, James Gordon; and Siemaszko, Corky. "'Soupnazi' hacker Albert Gonzalez went from nerdy past to life of sex, guns and drugs", Daily News (New York), August 19, 2009. Accessed March 28, 2011. "After graduation, Gonzalez moved north to Manhattan and lived on the East Side for three months in 2000 before setting up shop in Kearny, N.J., records show. It was while living there in an anonymous garden apartment with mostly senior citizens as neighbors that Gonzalez was busted for hacking in 2003."
  6. ^ Government informant is called kingpin of largest U.S. data breaches – Computer World – August 18, 2009
  7. ^ a b c d e f Grand jury indictment of Shadowcrew
  8. ^ Secret Service busts online organized crime ring – Computerworld – October 28, 2004
  9. ^ a b TJX data breach: At 45.6M card numbers, it's the biggest ever – Computerworld – March 29, 2007
  10. ^ a b Grand jury indictment, District of Massachusetts
  11. ^ "The Retail Store Hacker Albert Gonzalez Now Faces Prison Time". Law Vibe. http://lawvibe.com/the-retail-store-hacker-albert-gonzalez-now-faces-prison-time/. 
  12. ^ "TJX Hacker Was Awash in Cash; His Penniless Coder Faces Prison". Wired. June 18, 2009. http://www.wired.com/threatlevel/2009/06/watt. 
  13. ^ a b Three Charged in Dave & Buster's Hacking Job – csoonline.com – May 24, 2008
  14. ^ No hack as a hacker – Chicago Sun Times – August 23, 2009
  15. ^ J.C. Penney, Target Added To List Of Gonzalez Retail Victims – StorefontBackTalk – August 27, 2009
  16. ^ Hacker Charged With Heartland, Hannaford Breaches – wired.com – August 17, 2009
  17. ^ a b Grand jury indictment, District of New Jersey
  18. ^ Gonzalez Case Raises Very OId Retail Security Issues – Storefrontbacktalk.com – August 23, 2009
  19. ^ Hacking Suspect’s Lawyer Criticizes Federal Prosecutors – nytimes.com – August 19, 2009
  20. ^ In Gonzalez Hacking Case, a High-Stakes Fight Over a Ukrainian’s Laptop – Wired – August 20, 2009
  21. ^ Gonzalez: The Al Capone Of Cyber Thieves? – storefrontbacktalk.com – August 19, 2009
  22. ^ Man Accused of Stealing Stores’ Data Pleads Guilty – New York Times – August 29, 2009
  23. ^ Computer Hacker Gonzalez to Admit Guilt, Forfeit $1.65 Million – Bloomberg – August 29, 2009
  24. ^ James Verini (November 10, 2010). "The Great Cyberheist". New York Times. http://www.nytimes.com/2010/11/14/magazine/14Hacker-t.html. Retrieved November 14, 2010. 
  25. ^ http://www.scmagazineus.com/tjx-hacker-gonzalez-asks-for-withdrawl-of-guilty-plea/article/200488/

Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Albert Gonzalez — Photo d Albert Gonzalez prise par un agent du Secret Service. Albert Gonzalez (né en 1981) est un hacker américain accusé en août 2009 d avoir organisé une fraude touchant 135 millions de numéros de cartes de crédit et de cartes de débit …   Wikipédia en Français

  • Albert — ist ein deutscher männlicher Vorname. Der Name ist auch als Familienname gebräuchlich. Inhaltsverzeichnis 1 Herkunft 2 Varianten 3 Namenstage 4 Bekannte N …   Deutsch Wikipedia

  • Albert Ramos — Nationalität: Spanien  Spanien …   Deutsch Wikipedia

  • Albert Portas — Carrière professionnelle 1994 – aujourd hui …   Wikipédia en Français

  • Albert Costa — Pour les articles homonymes, voir Costa et Alberto Costa. Albert Costa …   Wikipédia en Français

  • Albert Canet — Pour les articles homonymes, voir Canet. Albert Canet …   Wikipédia en Français

  • Albert Lopo — Alberto Lopo Nombre Albert Lopo García Nacimiento 5 de mayo de 1980 (31 años) Barcelona , España Nacionalidad …   Wikipedia Español

  • Albert Solé — Este artículo o sección necesita referencias que aparezcan en una publicación acreditada, como revistas especializadas, monografías, prensa diaria o páginas de Internet fidedignas. Puedes añadirlas así o avisar …   Wikipedia Español

  • Albert Bustamante — Infobox Congressman name = Albert Garza Bustamante date of birth = birth date and age|1935|04|8 place of birth = Asherton, Texas state = Texas district = 23rd term = 1985 ndash;1993 preceded = Abraham Kazen succeeded = Henry Bonilla party… …   Wikipedia

  • Albert Cohen — Abraham Albert Cohen (Corfú, 16 de agosto de 1895 Ginebra, 7 de octubre de 1981) fue un escritor romandés de origen griego, descendiente de una familia sefardita (Coen) y de expresión francesa. Su obra más conocida es la novela Bella del Señor… …   Wikipedia Español

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”