Last week was a tough week for Albert Gonzalez, the so-called "leader of the largest hacking and identity theft ring ever prosecuted by the U.S. government." Gonzalez received a sentence of 20 years of imprisonment in two separate federal cases against him. The hacker, known variously as "segvec," "soupnazi" and "j4guar17" pled guilty in the New Jersey and Massachusetts cases for his role as mastermind of the two largest financial data breaches ever, those involving TJX and Heartland Payment Systems.
The federal court sentencing entries states that after Gonzalez serves his 240-month sentence, he will be subject to 3 years of supervised release, fines and substantial restitution, to be determined at hearings scheduled in June. The Department of Justice press release (.pdf) details some of Gonzalez’s activities, which included:
- Wardriving: "driving around in a car with a laptop computer looking for unsecure wireless computer networks of retailers."
- Installation of sniffer programs to capture credit and debit card numbers used at retail stores.
- Selling credit and debit card numbers to others for fraudulent use.
The DOJ press release also indicates that while six of Gonzalez’s co-conspirators have been captured (as far away as in Germany and Turkey), Gonzalez’s activities may have compromised "tens of millions of credit and debit card numbers, affecting more than 250 financial institutions."
In January, we posted details from the debate during Gonzalez sentencing including his claim that he suffered from "internet addiction." At that time, Gonzalez’s attorneys requested a sentence of 15 years for his crimes.