Prosecutors to seek 25 years for hacker in TJX, Sports Authority hacking case

By Denise Lavoie, AP
Tuesday, March 23, 2010

Prosecutors to seek 25 years for TJX hacker

BOSTON — A computer hacker who helped orchestrate one of the largest thefts of credit and debit card numbers in U.S. history faces sentencing this week for hacking into computer systems of major retailers, including TJX Cos., BJ’s Wholesale Club and Sports Authority.

Prosecutors plan to ask for a 25-year prison sentence for Albert Gonzalez, a former federal informant from Miami who pleaded guilty last year in three separate hacking cases brought in Massachusetts, New Jersey and New York.

The sentence sought by prosecutors is the maximum under the terms of plea agreements in cases against Gonzalez brought in Massachusetts, New Jersey and New York. He will be sentenced in all three cases during hearings Thursday and Friday in U.S. District Court.

His lawyer will argue that Gonzalez should get no more than 15 years.

Prosecutors said Gonzalez victimized millions of people and cost companies, banks and insurers nearly $200 million. They said just two of Gonzalez’s computer servers contained more than 40 million distinct credit and debit card numbers.

“The sheer extent of the human victimization caused by Gonzalez and his organization is unparalleled,” Assistant U.S. Attorney Stephen Heymann said in a sentencing memorandum filed in court.

Gonzalez, 28, pleaded guilty in September to hacking into the computers of TJX Cos., BJ’s Wholesale Club, OfficeMax, BostonMarket, Barnes & Noble, Sports Authority and the Dave & Busters restaurant chain.

In December, he pleaded guilty to conspiracy to gain unauthorized access to computer servers at the Maine-based supermarket chain Hannaford Brothers; the convenience store chain 7-Eleven Inc.; and Heartland Payment Systems Inc., a New Jersey-based processor of credit and debit cards.

Gonzalez’s Boston attorney, Martin Weinberg, did not immediately return calls seeking comment on his sentencing recommendation of 15 years.

Weinberg said during an earlier court hearing that he would ask for a lesser sentence based in part on a defense psychiatrist’s report that Gonzalez shows behavior consistent with Asperger’s syndrome, a form of autism. The report described Gonzalez as an Internet addict with an “idiot-savant-like genius for computers and information technology,” but socially awkward.

Gonzalez, who was known online as “soupnazi,” was a self-taught computer genius.

He was first arrested for hacking in 2003, but he became a government informant, helping the Secret Service find other hackers. But prosecutors said that over the next five years, he hacked into the computer systems of major retailers while continuing to be an informant for the government.

During that time, authorities said, he amassed $2.8 million and lived a lavish lifestyle. As part of the plea deals, Gonzalez must forfeit more than $2.7 million, plus his Miami condo, car, Rolex watches and a Tiffany ring he gave to his girlfriend.

Authorities said Gonzalez and two foreign co-defendants used hacking techniques that involved “wardriving,” or cruising through different areas with a laptop computer and looking for retailers’ accessible wireless Internet signals. Once they located a vulnerable network, they installed “sniffer programs” that captured credit and debit card numbers as they moved through a retailer’s processing computers — then tried to sell the data overseas.

YOUR VIEW POINT
NAME : (REQUIRED)
MAIL : (REQUIRED)
will not be displayed
WEBSITE : (OPTIONAL)
YOUR
COMMENT :