3.23.2010

"Wardriving": How the TJX hacker did it


Prosecutors to seek 25 years for TJX hacker


A computer hacker who helped orchestrate one of the largest thefts of credit and debit card numbers in U.S. history faces sentencing this week for hacking into computer systems of major retailers, including TJX Cos., BJ's Wholesale Club and Sports Authority.

Prosecutors plan to ask for a 25-year prison sentence for Albert Gonzalez, a former federal informant from Miami who pleaded guilty last year in three separate hacking cases brought in Massachusetts, New Jersey and New York.

The sentence sought by prosecutors is the maximum under the terms of plea agreements in cases against Gonzalez brought in Massachusetts, New Jersey and New York. He will be sentenced in all three cases during hearings Thursday and Friday in U.S. District Court.

His lawyer will argue that Gonzalez should get no more than 15 years.

Prosecutors said Gonzalez victimized millions of people and cost companies, banks and insurers nearly $200 million. They said just two of Gonzalez's computer servers contained more than 40 million distinct credit and debit card numbers.

"The sheer extent of the human victimization caused by Gonzalez and his organization is unparalleled," Assistant U.S. Attorney Stephen Heymann said in a sentencing memorandum filed in court.

Gonzalez, 28, pleaded guilty in September to hacking into the computers of TJX Cos., BJ's Wholesale Club, OfficeMax, BostonMarket, Barnes & Noble, Sports Authority and the Dave & Busters restaurant chain.

In December, he pleaded guilty to conspiracy to gain unauthorized access to computer servers at the Maine-based supermarket chain Hannaford Brothers; the convenience store chain 7-Eleven Inc.; and Heartland Payment Systems Inc., a New Jersey-based processor of credit and debit cards.

Gonzalez's Boston attorney, Martin Weinberg, did not immediately return calls seeking comment on his sentencing recommendation of 15 years.

Weinberg said during an earlier court hearing that he would ask for a lesser sentence based in part on a defense psychiatrist's report that Gonzalez shows behavior consistent with Asperger's syndrome, a form of autism. The report described Gonzalez as an Internet addict with an "idiot-savant-like genius for computers and information technology," but socially awkward.

Gonzalez, who was known online as "soupnazi," was a self-taught computer genius.

He was first arrested for hacking in 2003, but he became a government informant, helping the Secret Service find other hackers. But prosecutors said that over the next five years, he hacked into the computer systems of major retailers while continuing to be an informant for the government.

During that time, authorities said, he amassed $2.8 million and lived a lavish lifestyle. As part of the plea deals, Gonzalez must forfeit more than $2.7 million, plus his Miami condo, car, Rolex watches and a Tiffany ring he gave to his girlfriend.

Authorities said Gonzalez and two foreign co-defendants used hacking techniques that involved "wardriving," or cruising through different areas with a laptop computer and looking for retailers' accessible wireless Internet signals. Once they located a vulnerable network, they installed "sniffer programs" that captured credit and debit card numbers as they moved through a retailer's processing computers — then tried to sell the data overseas.


Comment: We had at least one card that was compromised. The card issuer contacted us, canceled the card and issued a replacement.

2 comments:

Any anonymous comments with links will be rejected. Please do not comment off-topic