Albert Gonzalez was a computer genius. Throughout high school, he excelled at just about every computer-based task that he was given. He was so gifted, in fact, that he even managed to create a sort of cult-like following amongst his fellow computer nerds.
But it seems that no matter how gifted a person is, there exists the potential to abuse that gift. Rather than use his talents for good, Albert decided that he wanted to use his considerable skills to swindle people out of their hard-earned money. In the course of his illicit activities, Albert ran afoul of the Secret Service and somehow, managed to turn even that into an opportunity…
1. Cuban Immigrant
Albert Gonzalez was born in Cuba in 1981. When he was several years old, his parents immigrated to the United States, settling in Miami, Florida. Even from a young age, his parents noticed that Albert had a real knack for technology. When he was eight years old, they bought him his first computer. In high school, Albert became the defacto leader of a group of “troubled” computer nerds. It was around this time that his taste for technical mischief began.
Albert graduated high school and then moved to New York City in 2000. He only stayed there for three months before moving to Kearny, New Jersey. At this point, Gonzalez had begun to make a name for himself on the internet as an experienced computer hacker. On the web he was known as “Segvec,” “Soupnazi” and “J4guar”, among other various aliases. Once he had established himself among internet circles, he began his first criminal enterprise…
In the early 2000s, Albert was operating the website Shadowcrew.com: an underground cybercriminal marketplace. Here, users traffic in stolen credit card data without impunity as well as share information about banks, retailers, and other corporations who they knew to be vulnerable to cyber attacks. Users could even read “Tutorials and How-To’s” that described how to use cryptography on the magnetic strips on credit cards, debit cards and ATM cards so that the numbers could be used.
4. Lucrative Endeavor
Albert’s newfound friends, the Shadowcrew group, trafficked in stolen credit and ATM card numbers. At the height of their success, the group had stolen 1.5 million of them. Over 4,000 users were registered with the Shadowcrew.com website and once they were in and registered, they could buy stolen account numbers or counterfeit documents at auction. Albert was making money doing what he loved, finding holes in the system….
5. The Operation
It wasn’t just about the money for Albert, either. What he loved and obsessed over the most was his ability to conquer and exploit computer networks. His long term goal was fairly straightforward, however. Gonzalez wanted to earn approximately $15 million from his schemes, a comfortable number, then buy a yacht and retire somewhere offshore.
6. Stolen Info
It wasn’t just card numbers the Shadow Crew was trafficking in, either. Many other objects of identity theft were sold at auction by the Shadow Crew: including counterfeit passports, drivers’ licenses, Social Security cards, credit cards, debit cards, birth certificates, and health insurance cards. Even email accounts, with username, password, and personal info were sold at the website. It was the site’s overall success that first brought Albert Gonzalez to the attention of the U.S. government…
7. First Arrest
Albert’s initial run-in with law enforcement began in 2003. He was arrested while attempting to make fraudulent ATM withdrawals while in New York City. Once the feds found out that his online nickname, “Cumbajohnny”, was connected to the top administrator of Shadowcrew, they brought him in. They had caught him in the act, there was nothing Albert could do.
Nothing except work for them, that is. The U.S. government had need of a man with Albert Gonzalez’ talents. It was decided that it would be a waste to send a hacker of Gonzalez’ caliber to prison. So the Secret Service chose to offer him $75,000 a year to be an informant for them. It wasn’t ideal of course. But Gonzalez soon found out he could work the new arrangement to his advantage…
9. Operation Firewall
The feds involved Gonzalez in a mission codenamed “Operation Firewall.” Gonzalez’ part was to set up a secure VPN on Shadowcrew.com to be wiretapped by the secret service. The hacker did as he was told, and by October 2004, he had helped them arrest 28 more members of the site. He moved to Miami and began to think about his future with as the government’s stool pigeon.
10. Heartland Payment Systems
Get Rich or Die Tryin’ was the most ambitious and notorious of Gonzalez’ exploits. He used a SQL injection attack he could exploit a database vulnerability at Heartland Payment Systems, Inc. Heartland was responsible for keeping track of all the TJX companies credit payments as well as all Citibank-branded 7-Eleven ATMs and Hannaford Brothers computer systems. He had been able to steal millions of credit cards, all on the government’s dime…
11. The Routine
The scam was simple, once inside a local TJX outlet’s network, Albert and his hackers could make their way upstream into the corporate network, which was located in Massachusetts. Once they were in the corporate computers, he explored the TJX network and was able to siphon transaction data from the credit card magstripes in real time, as the cards were being swiped at the registers.
12. Foreign Partners
Once they had the data, Gonzalez and his new crew routed the magstripe data to servers he had leased in Latvia and the Ukraine. The numbers were then passed to expert Ukranian card seller and computer neerdowell, Maksym “Maksik” Yastremskiy, who sold them off to other carders in the underground. Once they had paid for them in Bitcoin or other direct to bank-account deposits, Maksik’s customers programmed the magstripe data onto new, counterfeit credit cards. Now Albert was making millions…
13. The Take
Albert managed to accrue the numbers of 45.6 million credit and debit card numbers over an 18-month period. Though there is no way of knowing exactly how much Gonzalez and his cronies made between 2004 and 2007, the number was likely in the range of billions of dollars of potential debt. Albert’s crew compromised cards at BJ’s Wholesale Club, DSW, Office Max, Boston Market, Barnes & Noble, Sports Authority, and T.J. Maxx.
14. The Big Con
The most remarkable thing about the whole enterprise was that Albert Gonzalez had successfully conned law enforcement even after he had repented and “seen the error of his ways”. The whole time he was funnelling the card info over to the Ukraine, he was drawing a $75,000 salary working for the U.S. Secret Service as a paid undercover informant. That is, until the feds figured out what was going on…
In May of 2008, authorities arrested Albert Gonzalez for the second time. The straw that broke the camel’s back? He had hacked into a Dave and Buster’s corporate network from a terminal in Islandia, New York. The incident had occurred some months before, in September 2007 and the chain had reported about 5,000 stolen card numbers. The amount of fraudulent transactions totalled $600,000.
The feds had only became suspicious after the conspirators kept returning to the Dave and Busters to try and reintroduce their hack. They found Gonzalez in a Miami Beach hotel, room 1508. He had $1.6 million dollars in cash, $1.1 million of which they had seized from a drum he had buried in his parent’s backyard. He also had his laptops with him and a small, compact Glock pistol. There was no way out this time…
Hacker Albert Gonzalez was sentenced to 20 years in prison on March 25, 2010 for hacking into and stealing information from TJX, Office Max, the Dave & Busters restaurant chain, Barnes & Noble and a string of other organizations. The judge sentenced him to 20 years for the Heartland case as well. Luckily for Albert, the sentences were to run concurrently, which means he’ll only serve a total of 20 years for both cases, rather than 40.
Not so luckily, however, is the fact that Gonzalez was also ordered to forfeit more than $1.65 million as restitution for the money he stole. He had to forfeit all of his belongings as well including: condominium in Miami, blue 2006 BMW 330i automobile, IBM and Toshiba laptop computers, a Glock 27 firearm, a Nokia cell phone, a Tiffany diamond ring and three Rolex watches. Albert wasn’t the only one to suffer for his crimes, though…
19. Partners in Crime
Gonzalez gave up all of his co-defendants in an attempt to perhaps earn some leniency from the judge a second time around. His main accomplices, Stephen Watt (in the picture), Damon Patrick Toey, and Christopher Scott, all pleaded guilty to the fraud, conspiracy and theft. Each one had to pay restitution for the crimes as well.
20. Deep Regrets
At his sentence pronouncement, Gonzalez told the court that he deeply regretted his crimes. He went on to say that he ruined his second chance at life and blamed nobody but himself. “I violated the sanctity of my parents’ home as well.” he said to the judge, while asking for a milder sentence. He is still serving his 20 years.