by Thomas HebbIn March of 2010 Albert Gonzalez was sentenced to 20 years in prison for what many argue to be the largest cybercrime of its kind. With mild assistance from associates in the US, Turkey and Russia, Gonzalez hacked into the servers of several major companies and farmed them for sensitive credit and debit card information from the comfort of his Miami home. Gonzalez targeted US companies TJX, DSW, Dave and Buster's, and Office Max, illegally accessing the information of over 90 million credit and debit cards from the servers. Gonzalez didn’t stop there; he went on to hack into the servers of Heartland Payment Systems, a company which handles the transactions of Visa and American Express. He also added a string of 7-Eleven stores and a few supermarkets to his list of victims.
After Gonzalez created a large database of the card information he wasted no time turning the bits of data into a new BMW, a large Miami condominium, and a multimillion dollar “rainy day” fund. Not only did Gonzalez sell the credit card information to eager buyers across the globe, but he also manufactured his own credit cards and encoded them with the stolen information. He then sold the “clone cards” for increased profit. While financial institutions felt the security of the debit cards could be maintained through the requirement of a PIN number, this proved to be a small obstacle to Gonzalez. With the help of one of his co-conspirators Gonzalez created an algorithm to identify the PIN number within the associated debit card’s information and began selling them off as a packaged deal.
It is evident through the execution of such a large scale operation that Gonzalez was hardly a novice cybercriminal. Gonzalez was arrested and convicted in 2003 for making fraudulent banking transactions after stealing similar data. After seeing the “error in his ways” he was offered a job with the United States Secret Service as a paid informant. In this position he earned $75 000 annually and assisted the Secret Service in the apprehension of criminals who were conducting similar crimes to his own. Ironically enough he was stealing the credit card information from TJX and the other companies throughout the entire course of his employment with the Secret Service. He used the information and techniques he was privy to as a result of his new crime fighting position to ensure that his co-conspirators were not caught during their transactions. Gonzalez took on an alias, “segvec,” while conducting his extra-curricular activities. Segvec was committing crimes of a far greater calibre than any that Gonzalez had been convicted for. It took the Secret Service over a year to realize that the assailant they were looking for had been working for them the entire time.
Gonzalez is currently serving his sentence in the US. His attorneys attempted to get him a lighter sentence based on a diagnosis of Aspergers Syndrome and Gonzalez’s addiction and use of narcotics. Doctors for the prosecution disputed the diagnosis and the judge did not see his addiction as an excuse. Most recently Gonzalez has filed a protest stating that he wanted to change his plea to not-guilty on grounds of “public authority.” This means that he was given government permission to conduct the crimes; in his initial trial he was unaware that he could use this argument to his defence. He alleges that he believed the Secret Service wanted him to conduct the crimes in order to seek out and apprehend other cybercriminals.
No comments:
Post a Comment