Slashdot Mirror

← Back to Stories (view on slashdot.org)

20 Years For Gonzalez In TJX Hacker Case

Posted by Soulskill on from the see-you-when-we-have-flying-cars dept.

alphadogg writes "Hacker mastermind Albert Gonzalez was sentenced Thursday in US District Court to two concurrent 20-year stints in prison for his role in what prosecutors called the 'unparalleled' theft of millions of credit card numbers from major US retailers. US District Court Judge Patti B. Saris announced the concurrent sentences in two 2008 cases against Gonzalez, 28, a Cuban-American who was born in Miami, where he lived when the crimes were committed. Gonzalez and co-conspirators hacked into computer systems and stole credit card information from TJX, Office Max, DSW and Dave and Buster's, among other online retail outlets, in one of the largest — if not the largest — cybercrime operations targeting that sort of data thus far. They then sold the numbers to other criminals. Gonzalez pleaded guilty to conspiracy charges in two cases related to those thefts last December and the following day entered a guilty plea in a third case involving hacking into computer networks of Heartland Payment Systems and the Hannaford Supermarkets and 7-Eleven chains."

20 of 94 comments (clear)

  1. You got my hopes up by smooth+wombat · · Score: 4, Funny

    I misread the first line as "Alberto Gonzalez".

    One can still dream though.

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
  2. In most countries..... by Anonymous Coward · · Score: 2, Insightful

    You'll get less for murder.

    1. Re:In most countries..... by tpstigers · · Score: 2, Insightful

      Exactly! And thanks for pointing it out. Credit card theft and identity theft are two VERY different things, a fact that seems to escape most people. Probably because the people who sell 'insurance' against identity theft want us to confuse them.

    2. Re:In most countries..... by fafaforza · · Score: 2, Insightful

      Right, because the rest of the world isn't structuring their financial environment just like the US. No other country uses credit and credit ratings, computerized history files, complex financial vehicles like CDOs, etc. Iceland, Greece, Portugal and others aren't in a world of hurt right now because of the very same get rich schemes the bankers in the US perpetrated.

      But hey, if wearing anti-US filters on your eyes makes you feel superior about the country you live in, then I say live and let live.

    3. Re:In most countries..... by CohibaVancouver · · Score: 4, Insightful

      You'll get less for murder.

      Most murders are committed in the heat of passion by mentally unbalanced people. This guy rationally and knowingly RUINED many people's lives. He can rot in prison for all I care.

  3. So by zoomshorts · · Score: 3, Interesting

    "Heartland claimed that no merchant data, cardholder's Social Security numbers, or unencrypted personal identification numbers (PIN), addresses or telephone numbers were compromised. "

    So where is the crime if nothing was compromised?

    1. Re:So by YrWrstNtmr · · Score: 4, Informative

      So where is the crime if nothing was compromised?

      I know reading the link is frowned upon in here, but the actual credit card numbers were lifted. Plus (FTA), "It also appears that those behind the breach "made off with the gold" by intercepting and stealing the so-called Track 2 data from the magnetic stripe on the back of cards, which is all that's needed to create counterfeit cards"

  4. TJX Case by Virtucon · · Score: 4, Insightful

    What's missing here is the fact that TJX didn't take reasonable precautions to protect the data.

    They already coughed up $41m to Visa and the FTC received a chunk of change from them as well.

    The only way these kinds of thefts will be stopped is if these companies get serious about protecting Credit Card and Personal information. While PCI goes a long way in trying to address the Credit Card side of things, the Personal Information problem is still looming. We need tougher laws that make companies who gather sensitive information, SSNs etc. fully accountable when theft of the data in their possession occurs.

    All in all, I still bet this guy has about $10m buried someplace but still 20 years of your life is a very stiff sentence considering a plea bargain as well.

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
    1. Re:TJX Case by coolmoose25 · · Score: 5, Informative

      I think the reason he got a stiff sentence (midway between the 15-25 sentencing guideline) was that he got caught TWICE for the same crime. After getting caught the first time, he turned informant, even collecting a $75k salary from the Feds. Meanwhile, he went back to his fraudulent activities and started working an even bigger crime than the one he was originally busted for, and under the Feds noses at that... Fool me once, shame on you. Fool me twice and I'll throw the book at you.

      --
      Brawndo: It's what plants crave!
    2. Re:TJX Case by Aldenissin · · Score: 2, Insightful

      I second this! TJX used default passwords and several other bad practices and kept on once they knew they had a problem. Had they taken the public's data security seriously, this guy would likely never had been able to do what he did here.

          When you can sit outside and type Username: (Name of manager inside) and Password: admin, wirelessly and then get credit card data from the registers which is not supposed to be stored, then yes it is YOUR fault that this happened as well. Especially when those same registers are linked directly to the main servers with surprise, default passwords!

        If I open the door and tell everyone come get this other persons shit, then I am liable as well. It is sad that TJX isn't in this case. I have even heard of someone in my area who were able to trace their trouble to TJX, as they rarely used the card. I asked if they shopped there and yup, that was the only place they had used the card in since the beginning of the year before that.

      --
      Like a city whose walls are broken down is a man who lacks self-control.
    3. Re:TJX Case by captaindomon · · Score: 2, Informative

      TJX was not in compliance with PCI-DSS, even though they said they were. Thus the fines from Visa. PCI-DSS has issues of course, but if they followed it correctly they would not have suffered this intrusion.

      --
      Just because I can hook a shark from a boat, I do no offer to wrestle it in the water.
    4. Re:TJX Case by fafaforza · · Score: 2, Interesting

      TJX may have not been in compliance with PCI, but if you left your house door unlocked to go to the corner store real quick, and someone ripped off your jewelty (or whatever you hold dear), you'd still want them punished. And even though you'd have laid some of the blame on yourself and learned a lesson, you'd still want the scumbag thief to face the music of committing the crime.

  5. what the hell? by circletimessquare · · Score: 2, Insightful

    "a Cuban-American who was born in Miami"

    meaning: he's an american. he's born here, right?

    so what's the fucking point of saying he's CUBAN-american? cuban-americans are more prone to cybercrime? what the hell is the significance of saying he's CUBAN-american. oh, a "real" american would never engage in cybercrime? what's that? an irish-american? an italian-american? when an irish-american robs a bank, do we say describe the crime, the sentencing and the criminal as "An Irish-American who was born in Philadelphia". why is that significant information? it's not, it's a racist smear

    oh, it all makes sense now- he's a CUBAN-american: this is important information to relay in the story summary when describing the criminal and the crime

    racist fucking bullshit

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    1. Re:what the hell? by nycguy · · Score: 2, Insightful

      so what's the fucking point of saying he's CUBAN-american?

      Maybe the author didn't want you to think that Gonzalez is a MEXICAN-american...

    2. Re:what the hell? by DerekLyons · · Score: 2, Insightful

      racist fucking bullshit

      Nah, its politically correct bullshit. The media has been bitten too often by failing to mention the $NONAMERICAN identifier that many American's think of themselves as, that they now do it reflexively.
       
      In the local paper's websites comment section - I've seen the $NONAMERICAN's bitch and moan and try to have it both ways. If the paper mentions a $NONAMERICAN was drunk and caused an accident, they bitch (as you do) that the paper is racist for implying $NONAMERICAN's are drunks. But let a $NONAMERICAN be positively mentioned (Say, winning a local business award) and they bitch about the paper being racist if they fail to mention the subject is a $NONAMERICAN.

    3. Re:what the hell? by mapkinase · · Score: 2, Insightful

      It's racist only if you say African-American or Jewish.

      --
      I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
  6. I think the sentence is wrong :) by davidwr · · Score: 2, Interesting

    Don't give him 2 20-year concurrent sentences.

    Give him a misdemeanor sentence of several hours per victim, stacked, then throw in a couple of felony charges with concurrent sentences so he'll have a felony record.

    It amounts to the same amount of time, but when someone looks at his rap sheet he'll see millions of convictions on his record.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  7. dude by circletimessquare · · Score: 3, Funny

    you're born in new york fucking city and you're fucking complaining about dropping the fucking f-bomb?

    fuck!

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  8. Re:Explain Concurrent sentences Please by eudas · · Score: 2, Informative

    Hmm, some brief googling turns up a page which appears to offer a decent answer:
    http://www.associatedcontent.com/article/71874/concurrent_vs_consecutive_sentences.html?cat=17

    --
    Blessed is he who expects the worst, for he shall not be disappointed.
  9. Re:Explain Concurrent sentences Please by Smallpond · · Score: 3, Interesting

    What's the logic behind concurrent sentences. 2 concurrent 20 year sentences is for all intents and purposes the same as one 20 year sentence. SO he basically got away with one of the crimes with no punishment. If its because 40 years for these 2 crimes is too harsh, then logically 20 years is too harsh for 1 and the law needs to be changed. Can someone explain the logic to me

    What happens if one of the two cases gets reversed on appeal? You want him to go free?