Notorious Miami hacker Albert Gonzalez was being paid $75,000 a year by the U.S. Secret Service to work as an undercover informant at the time he spearheaded the TJX hack in 2007, CNN reports.
Gonzalez, 28, was convicted last year of stealing more than 170 million credit and debit card numbers in a spate of high-profile cyber attacks, including retail giant TJX, credit card processor Heartland Payment Systems, Hannaford Brothers grocery chain, Office Max, and 7-11 after he pleaded guilty to numerous counts of identity theft, wire fraud, computer fraud and conspiracy.
Convicted hacker and Gonzalez's friend Stephen Watt told news sources that Gonzalez reported the actions of other cyber thieves in exchange for cash payments from the Secret Service, according to CNN. Watt pleaded guilty in 2009 for working as an accomplice to Gonzalez's multi-million card-hacking business by creating a sniffer program used to access at least 45 million credit and debit card numbers from TJX's corporate network in what has been known as one of the largest hacking schemes in history.
According to a plea agreement, Gonzalez is slated to be sentenced Thursday and Friday in U.S. District Court on three separate indictments in Massachusetts, New Jersey and New York, and is expected to receive between 17 and 25 years in prison.
CNN reports that the Miami hacker's annual $75,000 pay-out for working as an undercover informant was high, but not outrageous if he was working full time and delivering expected results. Mark Rasch, former federal prosecutor, said, "It's a significant amount of money to pay an informant but it's not an outrageous amount to pay if the guy was working full time and delivering good results. It's probably the only thing he was doing " other than hacking into TJX and making millions of dollars."
According to court documents, prosecutors pushed for the longest possible sentence of 25 years, arguing that it was Gonzalez who masterminded the TJX breach that cost credit card companies, retailers and customers more than $200 million, and exposed 45 million customer credit and debit card accounts.
Until his arrest in September, Gonzalez had reportedly lived a lavish lifestyle, throwing himself a $75,000 birthday party and loudly complaining that he once had to count $340,000 in $20 bills by hand, according a New York Times report. The prosecution argued in court documents that Gonzalez' crimes were a calculated attempt to steal tens of millions of dollars, pointing out that an investigation turned up $1.1 million buried in his parents backyard and while Gonzalez was also considering buying a yacht in Internet chats.
"Gonzalez was at the center of the largest and most costly series of identity thefts in the nation's history," the prosecution wrote. "He knowingly victimized a group of people whose population exceeded that of many major cities and some states—certainly millions upon millions, perhaps tens of millions."
Gonzalez' attorney, Mark Weinberg, thought his client should receive the minimum sentence of 15 to 17 years, arguing that a psychological report indicated that Gonzalez demonstrated behavior linked to Asperger's syndrome, a form of autism.
According to court documents, Weinberg also said that Gonzalez was also a negligible figure in the Heartland breach, and limited his crimes to data theft, as opposed to impersonating a real person to ruin someone's credit, or invading networks to crash systems.