Computer Hacking Ring Leader Sentenced To 20 Years
Albert Gonzalez had led a ring of hackers who stole more than 40 million credit and debit card numbers by breaking into computer systems run by such major retailers as TJX, which operates the TJ Maxx and Marshalls stores, BJ's Wholesale Club, Barnes & Noble, Office Max and others.
Gonzalez, 28, a college dropout from Miami, pleaded guilty to a string of charges stemming from the attacks during his trial in September 2009. Under the agreement with prosecutors, he faced a possible sentence of between 15 and 25 years in prison.
A story in the Boston Globe stated the sentence was one of the longest ever imposed for computer crime or identity theft. U.S. District Judge Patti Saris imposed the 20-year sentence, weighing Gonzalez' remorse against the scope of the crime and the amount of damage created by the hacking incidents and data thefts.
Gonzalez and his co-conspirators caused some $200 million in damages to the targeted businesses, said Assistant U.S. Attorney Stephen Heymann, quoted in a Reuters news story.
Gonzalez, using the pseudonyms "segvec" and "soupnazi," used SQL injection attacks to exploit weaknesses in the retailers' payment systems to access credit card data, according to a BBC News story. The stolen card numbers were either sold on the black market in Eastern Europe or used to withdraw cash from ATMs.
Gonzalez faces the prospect of receiving more jail time when he is sentenced today in a separate case of helping to steal as many as 130 million credit and debit card numbers from Heartland Payment Systems, a credit and debit card payment processing company, the 7-Eleven convenience store chain and supermarket chain Hannaford Brothers. The Boston Globe said he faces a sentence of 17 to 25 years in that case.
Authorities have recovered $1.5 million in assets from Gonzalez, including his home and car and $1.1 million in cash he buried in the backyard of his parents' house.
Gonzalez has been in jail since his arrest in may 2008.