A Miami-based hacker plead guilty this week for his role in orchestrating a series of massive data security breaches that bilked retailers and financial firms of tens of millions of credit and debit cards.
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
 |
||||
|
|
|||
|
||||
Albert Gonzalez, 28, plead guilty in federal court in Boston to conspiring to hack into computer networks operated by Heartland Payment Systems, 7-Eleven, Hannaford Brothers Co. Inc. and other retailers. Under the terms of the plea agreement, Gonzalez could face between 17 and 25 years in prison for his role in the breaches.
The credit card heist is said to have affected more than 250 financial institutions. In September, Gonzalez plead guilty to 19 counts of conspiracy, fraud and aggravated identity theft relating to hacking into numerous major U.S. retailers including TJX Co., BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority. He was charged along with two Russian hackers for the attacks. He also plead guilty to one count of conspiracy for his role in the data breach at the Dave & Buster's restaurant chain.
|
||||
|
|
|||
|
||||
"Criminals like Albert Gonzalez who operate in the shadows will be caught, exposed and held to account," said Assistant Attorney General Lanny A. Breuer, in a statement released by the Attorney General's office in Boston. "Indeed, with timely reporting of data breaches and high-tech investigations, even the most sophisticated hacking rings can be uncovered and dismantled, as our prosecutors and agents demonstrated in this case."
Investigators said Gonzalez leased several servers and gave access to other hackers, knowing they would use them to store malware used to launch attacks against Heartland and the retailers. Gonzalez tested the malware by running it against multiple antivirus programs to ensure that it would avoid detection.
TJX malware author gets two years for data breaches
The software programmer behind the sniffer malware program used in a spate of data breaches, including the massive TJX data breach was given a two year jail sentence and ordered to pay restitution to TJX.
Stephen Watt, 25, was sentenced to two years of jail time followed by 3 years of supervised release in which his computer use will be monitored. In addition, he was ordered to pay restitution in the amount of $171.5 million.
|
|
Watt pled guilty to conspiracy charges in October, 2008. He admitted to providing a modified sniffer program used to monitor and capture data, including customers credit and credit card information as it traveled across corporate computer networks.
Watt is one of more than 10 people charged in connection to a string of data security breaches between 2003 and 2008. The program was used in a spate of data breaches including the massive TJX breach in which 45 million credit and debit cards were stolen over an 18-month period. It was installed after hackers penetrated the retailer's Wi-Fi network. TJX was later criticized for collecting and retaining too much consumer data and taking too long to deploy the stronger WPA encryption protocol at its department stores.