Tuesday, August 18, 2009

Miami hacker accused of record credit card theft


A Miami native who is one of the nation's most well-known hackers is charged with stealing 130 million credit card numbers -- a case prosecutors are calling the largest ever.

BY ROB BARRY, MICHAEL SALLAH AND NIRVI SHAH


rbarry@MiamiHerald.com, msallah@MiamiHerald.com and nshah@MiamiHerald.com

Albert Gonzalez, the Miami cyberthief and former government informant who broke records last year in the largest credit card fraud case in U.S. history, shattered his own mark this week, prosecutors say. The 28-year-old hacker who launched his career cruising Dixie Highway with a laptop to break into the security systems of box stores was indicted Monday in New Jersey in an elaborate scheme to steal more than 130 million credit cards -- reselling them on the worldwide black market.

Known in dark corners of cyberspace as ``soupnazi,'' the Miami native was charged along with two unnamed defendants with targeting customers at convenience store giant 7-Eleven and supermarket chain Hannaford Brothers. The defendants also are accused of infiltrating the computers of a national credit card processing company.

Prosecutors said Gonzalez, who is already in jail awaiting trial in the earlier case, used a sophisticated hacking technique known as ``SQL injection'' to break into computer systems and steal credit and debit card records, sending the data to California, Illinois, Latvia, the Netherlands and Ukraine.

The data would then be printed on fresh cards and offered to thousands of buyers in cafes and nightclubs around the world.

Prosecutors said the case is the largest credit and debit card data breach ``ever charged in the United States.''

PREVIOUS INCIDENTS

The indictment represents the latest brush with the law for Gonzalez, a Cuban American high school graduate who became known to local hackers for his extraordinary computer skills and ability to navigate vast streams of data.

In 2003, he avoided a conviction for credit card theft in New Jersey by agreeing to become an informant for the U.S. Secret Service. But federal agents discovered in 2007 that the man they were using as a key operative was actually carrying out his own secret venture to steal millions of credit cards.

Armed with a laptop and a magnetic antenna, Gonzalez cruised along busy U.S. 1 in Miami tapping into the wireless networks of major retailers, including TJ Maxx, BJ's WholeSale Club, OfficeMax and Barnes & Noble, and stealing the records of sales made with a credit card, prosecutors say.

He was indicted along with 10 others in federal court in Boston for stealing more than 40 million credit cards -- the largest heist of its kind at the time.

Along the way, he amassed more than $1.65 million, a Miami condo, a BMW, a currency counter and a Glock 27. Prosecutors also said Gonzalez buried $1 million in the back yard of his parents' house in southwest Miami-Dade.

Two others from Miami charged in the case, Christopher Scott and Damon Patrick Toey, have since pleaded guilty.

SOPHISTICATED NETWORK

Since then, prosecutors say they discovered that those weren't the only computer crimes he was carrying out.

Gonzalez had also launched a plan to reap even more customer accounts in 2006 by tapping directly into a credit card processing computers that handle millions of transactions a day.

The alleged hackers picked their targets by looking at the list of Fortune 500 companies and going to stores to find out what type of payment systems were in place, court records say.

``This is historically the largest incident ever. You combine these two together, and this guy is like the Tony Montana of credit card theft,'' said Sean Arries, a security expert with Terremark, Inc. in Miami.

``It absolutely blows me away by the size of it.''

`A SELECT GROUP'

Investigators say Gonzalez and his network are among the most advanced they've encountered.

``We're not seeing a huge array of hackers capable of doing this, but rather a more select group, [and that] demonstrates that there is a level of sophistication involved in these hacks,'' said Assistant U.S. Attorney Erez Liebermann of the Justice Department's New Jersey district office.

Gonzalez's Miami attorney, Rene Palomino Jr., did not respond to requests for an interview.

No one answered the phone at Gonzalez's childhood home just west of Coral Gables on Monday evening.

Neighbors said they haven't seen Gonzalez for years, but that he grew up in the area, attending Coral Terrace Elementary School and South Miami Senior High.

``He was a really, really good kid,'' said one neighbor, who did not want to be identified.

Beyond the criminal case, Arries said the cases involving Gonzalez have already forced companies to better protect their customers' financial data and pay millions in settlements.

``It's the companies responsibility to secure this sort of information and they were doing a really bad job at it,'' Arries said. ``They left themselves vulnerable.''

Miami Herald reporter Scott Hiassen contributed to this report.
.
.

.


P.S. Hacker Albert Gonzalez, also known as "segvec", and "j4guar17"."
.
/