How did hacker Albert Gonzales steal over 130 million credit cards?
Recently, the US government announced the capture of one of the web’s most wanted hackers. Albert Gonzales, a Cuban American, is accused of running what is believed to be the largest credit card scam in history. Unfortunately for corporate America and law enforcement nationwide, the questions and trouble didn’t end when handcuffs went around Gonzales’ wrists.
Major US businesses and cops from Miami to Seattle are trying to come up with answers today — how did a single man perpetrate this widespread scam right under their noses? it isn’t like what Gonzales did took particular skill. In fact, law enforcement officials are focusing on just how easy it can be to hack people’s credit card details. Apparently, it is not difficult for even the most wet behind the ears hacker to break into a coporations files and have their way with customer’s data. This arrest in Miami puts corporations on the spot — what will they do to ensure this kind of thing doesn’t happen again?
Albert Gonzalez, a 28 year old native of Miami, had been acting as an informant for the US Secret Service. After an arrest six years ago, Gonzales got out of trouble by agreeing to act as a kind of whistleblower, ratting out and keeping tabs on his fellow hackers. Gonzales was charged with conspiracy in his effort to steal the details of over a hundred million credit cards. Gonzale’s complete charge sheet went over, in detail, the lengthy and complicated online crime history of Gonzales.
According to Federal prosecuters, the alleged credit card fraud was acted out through the use of systems that can penetrate computer networks, look for and retrieve credit card data, and send this information for storage in servers spread across the US and Europe.
Computer security experts point out that this process (allegedly thought up and perpetrated by Gonzalez and two other accused hackers from eastern Europe) is very simple in hacker terms, making the real question one about the failure of corporate America to properly defend their computer systems and client information.
Gonzales’ charge sheet indicates that the hacker, along with two other men who lived in or near Russia, inserted a bit of “structured query language” into the computer systems of companies like Heartland. You may not have heard of Heartland but your wallet has — they are one of the largest credit and debit card payment processing companies in the world. The three hackers allegedly activated this code sometime in the middle of December 2007. “Structured query language” is a computer programming system that is designed to organize data so it can be accessed and managed easily.
Over the course of his criminal career, Albert Gonzalez used at least three internet aliases: ‘segvec’, ‘soupnazi’ and ‘j4guar17’.
Other companies that Gonzales allegedly attacked with his malware include Hannaford Brothers (a supermarket chain identified by Gonzales as ‘particularly vulnerable’) and 7-Eleven.
The charge sheet indicates further that Gonzalez would “identify potential corporate victims, by, among other methods, reviewing a list of Fortune 500 companies”. Gonzales may have been using very basic hacker techniques, but his research was top notch. Gonzales is alleged to have “traveled to retail stores of potential corporate victims” in order to identify what sorts of payment processing systems were used in their checkout process and also, less important, to try and wrap his head around the ways in which a company may be vulnerable.
If he is convicted, Albert Gonzalez faces a maximum charge of 25 years in jail. This will be nothing new for the Cuban-American hacker — Gonzales has been held in jail after his arrest last year in New York for allegedly hacking into a national restaurant chain’s computer system.
We do not know what Gonzales did with the information he stole. Gonzales has not yet been charged with any crime related to unlawful use of the credit card data he stole. The assumption is that Gonzales sold the 130 million pieces of credit card info to another source in an attempt to distance himself from the crime. If that is the case, then we may not have yet seen.the full effects of his cyber attack, and that the real impact of the stolen information may only show up in time. Yes, Gonzales earned money as part of his scam, but since no charges related to illicit credit card use exist, we must assume the money came from another source.
Albert Gonzalez, was raised in Coral Gables, Florida near Miami. He attended school in both Coral Gables and Miami. Gonzales was convicted of credit card theft in 2003 but agreed to hand over information on fellow hackers and track them for the Secret Service. Unfortunately for law enforcement, Gonzales continued his criminal career while playing patsy for the Feds.
Before he was busted last year, Gonzales put together a fortune of over $1.5 million. Gonzales was allegedly a big spender, throwing himself a $75,000 birthday party. An anecdote appears in Wired magazine about Gonzales — “He had so much cash he bought a money counter and complained that when it broke down he had to manually count $340,000 in $20 bills.” Not a problem most of us would complain about.
Gonzales’ trial is due to begin in September 2009.