Albert Gonzalez (born 1981) is an American computer hacker and computer criminal who is charged with the combined theft of credit card data and subsequent resale of more than 170 million cards and bank numbers from 2005 to 2007 — the largest fraud of its kind in history.
Gonzalez and his associates used SQL injection to deploy backdoors to several corporate systems to launch a packet sniffer (specifically ARP spoofing) that allowed him to steal data from internal corporate networks.
During his binge, he was said to have spent $75,000 on a birthday party and complained that he had to count $340,000 manually because his currency-counting machine broke down.
Gonzalez received three federal charges:
- In May 2008, in the Dave & Busters case in New York (the trial was held in September 2009)
- In May 2008, in the TJ Maxx case in Massachusetts (the trial was held in early 2010)
- August 2009 in New Jersey due to the Heartland Payment.
On March 25, 2010, Gonzalez was sentenced to 20 years in federal prison.
Gonzalez and his team were featured in the season 5 episode of CNBC's "American Greed, "titled" Hackers: Operation Get Rich Or Die Tryin."
Early life
Gonzalez's parents, who immigrated to the United States from Cuba in the 1970s, bought Albert his first computer when he was 8 years old.
He went to Miami, Florida High School, where he was described as a" troubled " leader of computer nerds. In 2000, he moved to New York City, where he lived for three months before moving to Kearney, New Jersey.
Gonzalez in 2001 at DefCon Las Vegas
ShadowCrew
While in Kearney, he was accused of being the mastermind behind a hacker group called ShadowCrew that placed 1.5 million stolen credit cards and ATM numbers on sale. Although he was considered the mastermind of the fraudulent scheme (working on the site under the nickname "CumbaJohnny"), he was not charged.
According to the indictment, 4,000 people registered on the site shadowcrew.com. Once registered, they could buy stolen account numbers or forged documents at an auction, or read textbooks and" How-To's " describing the use of cryptography in the magnetic stripes of credit cards, debit cards, and bank cards so that their numbers could be used.
Site moderators penalized members who did not comply with the site's rules, and also returned money if the stolen card numbers were invalid.
In addition to card numbers, many other items of identity theft were auctioned off, including fake passports, driver's licenses, social security cards, credit cards, debit cards, birth certificates, college student IDs, and health insurance cards.
One participant sold 18 million email accounts with matching usernames, passwords, birth dates, and other personal information. Most of the accused were participants who actually sold illegal items. Users who kept or moderated the site were charged in absentia, including those who tried to register a domain name Shadowcrew.cc
The Secret Service dubbed its investigation "Operation Firewall" and believed that $ 4.3 million had been stolen by that time, as Shadowcrew shared its information with other groups: Carderplanet and Darkprofits.
The investigation was conducted by units from the United States, Bulgaria, Belarus, Canada, Poland, Sweden, the Netherlands and Ukraine. Gonzalez was initially charged with possession of 15 fake credit and debit cards in Newark, New Jersey, although he avoided jail time by providing evidence for the United States Secret Service against his co-conspirators. 19 ShadowCrew members were charged. Gonzalez then returned to Miami.
TJX Companies
Working with the authorities, he said that he planned to hack TJX companies, from which 45.6 million credit and debit cards were stolen in 18 months in 2007. In 2005, 40 million CardSystems Solutions accounts were hacked. Gonzalez and ten associates searched for vulnerabilities in wireless networks along Route 1 in Miami. They hacked cards at BJ's Wholesale Club, DSW, Office Max, Boston Market, Barnes & Noble, Sports Authority, and T. J. Maxx.
Gonzalez's accusers referred to him by his nicknames: "cumbajohny", "soupnazi", "segvec", " kingchilli "and"stanozlolz."
The hack was a challenge for TJ Maxx, who discovered the hack in December 2006. The company initially believed that the hack began in May 2006, but further investigation revealed that it all started in July 2005.
One of Gonzalez's alleged co-conspirators, Steven Watt, was 7 feet tall, and known in the hacker world as the " Unix Terrorist "and" Jim Jones. " Watt worked at Morgan Stanley in New York and wrote an interceptor program.
Arrest
Gonzalez was arrested on May 7, 2008 on charges of hacking Dave & Buster's corporate network in Islandia, New York. The incident occurred in September 2007, when about 5,000 card numbers were stolen. Fraudulent transactions totaling $600,000 were registered on 675 cards.
Authorities began to suspect something after the conspirators kept returning to the restaurant to re-hack the network to restart the attack, as it doesn't restart if the computers were turned off.
Gonzalez was arrested in room 1508 at the National Hotel in Miami Beach, Florida. In related arrests, authorities seized $1.6 million in cash (including $1.1 million in plastic bags in a drum buried in his parents ' backyard), his laptops, and a Glock pistol.
Officials said Gonzalez lived in a modest home in Miami.
He was in the Metropolitan Detention Center in Brooklyn when he was charged with the Heartland attacks.
Partners in crime
Several other people from the United States were also involved in the same case with Gonzalez. They were charged and convicted as follows:
Stephen Watt was charged with providing a data theft tool in an identity theft case. Steven Watt was sentenced to two years in prison and 3 years of supervised release. He was also ordered by the court to pay $171,500,000 in restitution.
Damon Patrick Toey pleaded guilty to fraud, credit card fraud and aggravated identity theft and received a five-year sentence.
Christopher Scott pleaded guilty to conspiracy, unauthorized access to computer systems, fraud with access devices and identity theft. He was sentenced to seven years in prison.
Heartland Payment Systems
In August 2009, Gonzalez was indicted in Newark, New Jersey for hacking into Heartland Payment Systems, Citibank 7-Eleven ATMs, and Hannaford Brothers computer systems. Heartland took on the bulk of the attack, which stole 130 million card numbers. At Hannaford, 4.6 million phone numbers were stolen. The other two retailers were not disclosed in the indictment. However, Gonzalez's lawyer told StorefrontBacktalk that two of the retailers were J. C. Penney and Target Corporation. Heartland reported that as a result of the attack, including legal costs, it lost $ 12.6 million. Gonzalez allegedly called the scheme " Operation Get Rich Or Die Tryin."
According to the indictment, the attack by Gonzalez and two unidentified hackers "in or near Russia" along with the Miami-based "P. T." conspirator began on December 26, 2007 at Heartland Payment Systems, August 2007 at 7-Eleven, and Hannaford Brothers in November 2007, as well as two other unidentified companies. Gonzalez and his associates targeted large companies and studied their terminals, and then attacked them from Internet-connected computers in New Jersey, Illinois, the Netherlands, and Ukraine.
They carried out their attacks over the Internet, using many nicknames in chat rooms, stored data related to their attacks on several hacker platforms, disabled programs that record incoming and outgoing traffic, and masked themselves by using a "proxy".
The indictment states that the hackers tested their program on 20 anti-virus programs.
Rene Palomino Jr., Gonzalez's lawyer, is accused in a blog post on the New York Times website that the indictment grew out of a squabble between U.S. attorneys in New York, Massachusetts and New Jersey. Palomino noted that Gonzalez was in negotiations with New York and Massachusetts for a plea deal in connection with the T. J. Maxx case when New Jersey announced its guilty verdict. Palomino revealed the "P. T." conspirator as Damon Patrick Toey, who pleaded guilty in the T. J. Maxx case. Palomino stated that Toey, not Gonzalez, was the leader of the Heartland cause. Palomino also said, " Mr. Toey has been working with us since day one. He was staying at Gonzalez's apartment. This whole idea of creation belonged to Toey… It was his brainchild. Not Albert Gonzalez. I know he wasn't involved in all the chains that were hacked from New Jersey.“
Palomino said one of the unnamed Russian hackers in the Heartland case was Maxim "Maksik" Yastremsky, who was also charged with T. J. Maxx but is currently serving 30 years in a Turkish prison on charges of hacking Turkish banks, is in an unrelated Gonzalez case. According to investigators, Yastremsky and Gonzalez exchanged 600 messages, and that Gonzalez paid him $400,000 through e-gold.
Yastremsky was arrested in July 2007 in Turkey on charges of hacking 12 banks in Turkey. The Secret Service investigation was used to shape the case against Gonzalez, including the covert viewing of Yastremskiy's laptop in Dubai in 2006 and a review of the disk image of a Latvian computer rented from Cronos IT and allegedly used in the attack.
After the indictment, Hearland said it did not have information about how many credit card numbers were stolen, nor did it have information about how the US government came up with the 130 million number figure.
Deal with the authorities
On August 28, 2009, Gonzalez's lawyer filed documents in the U.S. District Court for the District of Massachusetts in Boston indicating that Gonzalez will plead guilty to all 19 charges in the U.S. Albert Gonzalez case, 08-CR-10223 (TJ Maxx case). This plea deal is reported to "resolve" issues with the case in New York USA v. Yastremskiy, 08-CR-00160 in the United States District Court for the Eastern District of New York (Dave and Busters case).
On March 25, 2010, U.S. District Judge Patti Saris sentenced Gonzalez to 20 years in prison for hacking and stealing information from TJX, Office Max, the Dave and Busters restaurant chain, Barnes & Noble, and several other companies. The next day, U.S. District Judge Douglas P. Woodlock sentenced him to 20 years in the Heartland Payment Systems case. The sentences had to be carried out simultaneously, which means that Gonzalez will serve a total of 20 years for both cases. The sentence included confiscation of property: cash ($ 1.65 million dollars), a Miami condo, a blue 2006 BMW 330i, IBM and Toshiba computers, a Glock 27 pistol, a Nokia phone, a Tiffany diamond ring, and three Rolex watches.
On March 25, 2011, Gonzalez filed a motion for clemency in U.S. District Court in Boston. He claimed that during the time he committed his crimes, he assisted the United States Secret Service in locating international cybercriminals and claimed that his lawyers could not have informed him that he could thus use the protection of the "State." body“. The Secret Service declined to comment on Gonzalez's request, which is still pending.
Gonzalez is currently serving a 20-year sentence at the United States Penitentiary in Leavenworth. Gonzalez's prison term expires in 2025.
Write comments on the translation in the personal account or comments, I will be grateful and will try to quickly improve the text.
(c) Original author: wikipedia.org
