Slashdot Mirror


The Great Cyberheist

theodp writes "In this week's cover story, the NY Times Magazine delves into the mind of Albert Gonzalez, the hacker who is currently doing time (the longest sentence ever handed down for computer crime in the US) for masterminding attacks on the nation's leading retailers, reportedly costing TJ Maxx, Heartland, and other victimized companies more than $400 million. And that may just be the tip of the iceberg. 'The majority of the stuff I hacked was never brought into public light,' said one of Gonzalez's partners-in-crime. Another claims there 'were major chains and big hacks that would dwarf TJX. I'm just waiting for them to indict us for the rest of them.' Online fraud is still rampant in the US, but statistics show a major drop in 2009 from previous years when Gonzalez was active. While reportedly not a gifted programmer, even the Feds that Gonzalez two-timed admired his ingenuity, likening him to top CEOs. When asked how Gonzalez rated among criminal hackers, a prosecutor replied: 'As a leader? Unparalleled. Unparalleled in his ability to coordinate contacts and continents and expertise. Unparalleled in that he didn't just get a hack done — he got a hack done, he got the exfiltration of the data done, he got the laundering of the funds done. He was a five-tool player.' Accounting for time served and good behavior, Gonzalez is expected to get out of prison in 2025." Last June Rolling Stone ran a long profile of Albert Gonzalez written by Sabrina Rubin Erdely; they have dusted it off now that producer Eric Eisner has embarked on the development of a feature film based on Erdely's piece.

1 of 57 comments (clear)

  1. Full article text by Nero+Nimbus · · Score: -1, Redundant

    November 10, 2010
    The Great Cyberheist
    By JAMES VERINI
    One night in July 2003, a little before midnight, a plainclothes N.Y.P.D. detective, investigating a series of car thefts in upper Manhattan, followed a suspicious-looking young man with long, stringy hair and a nose ring into the A.T.M. lobby of a bank. Pretending to use one of the machines, the detective watched as the man pulled a debit card from his pocket and withdrew hundreds of dollars in cash. Then he pulled out another card and did the same thing. Then another, and another. The guy wasn't stealing cars, but the detective figured he was stealing something.

    Indeed, the young man was in the act of "cashing out," as he would later admit. He had programmed a stack of blank debit cards with stolen card numbers and was withdrawing as much cash as he could from each account. He was doing this just before 12 a.m., because that's when daily withdrawal limits end, and a "casher" can double his take with another withdrawal a few minutes later. To throw off anyone who might later look at surveillance footage, the young man was wearing a woman's wig and a costume-jewelry nose ring. The detective asked his name, and though the man went by many aliases on the Internet -- sometimes he was cumbajohny, sometimes segvec, but his favorite was soupnazi -- he politely told the truth. "Albert Gonzalez," he said.

    After Gonzalez was arrested, word quickly made its way to the New Jersey U.S. attorney's office in Newark, which, along with agents from the Secret Service's Electronic Crimes Task Force, had been investigating credit- and debit-card fraud involving cashers in the area, without much luck. Gonzalez was debriefed and soon found to be a rare catch. Not only did he have data on millions of card accounts stored on the computer back in his New Jersey apartment, but he also had a knack for patiently explaining his expertise in online card fraud. As one former Secret Service agent told me, Gonzalez was extremely intelligent. "He knew computers. He knew fraud. He was good."

    Gonzalez, law-enforcement officials would discover, was more than just a casher. He was a moderator and rising star on Shadowcrew.com, an archetypal criminal cyberbazaar that sprang up during the Internet-commerce boom in the early 2000s. Its users trafficked in databases of stolen card accounts and devices like magnetic strip-encoders and card-embossers; they posted tips on vulnerable banks and stores and effective e-mail scams. Created by a part-time student in Arizona and a former mortgage broker in New Jersey, Shadowcrew had hundreds of members across the United States, Europe and Asia. It was, as one federal prosecutor put it to me, "an eBay, Monster.com and MySpace for cybercrime."

    After a couple of interviews, Gonzalez agreed to help the government so he could avoid prosecution. "I was 22 years old and scared," he'd tell me later. "When you have a Secret Service agent in your apartment telling you you'll go away for 20 years, you'll do anything."

    He was also good-natured and helpful. "He was very respectable, very nice, very calm, very well spoken," says the Secret Service agent who would come to know Gonzalez best, Agent Michael (a nickname derived from his real name). "In the beginning, he was quiet and reserved, but then he started opening up. He started to trust us."

    The agents won his trust in part by paying for his living expenses while they brought him to their side and by waiting for Gonzalez to work through his withdrawal. An intermittent drug addict, Gonzalez had been taking cocaine and modafinil, an antinarcoleptic, to keep awake during his long hours at the computer. To decompress, he liked Ecstasy and ketamine. At first, a different agent told me, "he was extremely thin; he smoked a lot, his clothes were disheveled. Over time, he gained weight, started cutting his hair shorter and shaving every day. It was having a good effect on his health." The agent went on to say: "He could be very disarming, if you let your guard down