computerwoche.de

Archiv

Hacker Gonzalez gets 20 years for Heartland breach

26.03.2010
Hacker Albert Gonzalez, who participated in a cybercrime ring that stole tens of millions of credit and debit card numbers, was sentenced Friday in U.S. District Court to 20 years in prison.

The sentence imposed by U.S. District Court Judge Douglas P. Woodlock was for Gonzalez's role in a hacking ring that broke into computer networks of Heartland Payment Systems, which processed credit and debit card transactions for Visa and American Express, Hannaford Supermarkets and 7-Eleven. The sentence is actually 20 years and one day, owing to the need to deal with peculiarities in sentencing statutes, because Woodlock had to take into account that Gonzalez was on pretrial release for an unrelated crime when he took up with the international network of hackers responsible for the security breaches. He was at the time supposed to be serving as an informant for the U.S. Secret Service, but he double-crossed the agency, supplying a co-conspirator with information obtained as part of those investigations.

"I am guilty of these crimes ... I accept full responsibility for these actions," Gonzalez said at the sentencing, reiterating what he said Thursday about "exploiting" his relationship with a government agency, though he did not name it. He also referred to the "dishonor" he brought to his parents and their home, where he buried more than US$1 million in the backyard. He forfeited that money, as well as other goods, when he was arrested.

"I plead for leniency," he said. "I understand that the road to redemption is going to be long for me," adding that it was his hope, however, that he would be able to be on that road someday.

The sentence will run concurrently with two other 20-year concurrent sentences meted out Thursday, also in the U.S. District Court for the District of Massachusetts, by a different federal judge, Patti B. Saris. Gonzalez pleaded guilty in all three cases last December, with the U.S. Department of Justice agreeing to seek no more than 25 years in prison in each case, all to run concurrently.

Gonzalez, 28, was living in Miami at the time of the crimes in the three cases, which occurred over almost two years before he was arrested in May of 2008 and subsequently indicted in New York, New Jersey and Massachusetts, with the cases eventually being moved to the same federal court jurisdiction. Besides the companies targeted in the case heard Friday, a ring that Gonzalez led hacked into computer networks of major retailers including TJX, DSW, Barnes & Noble, Office Max and Dave & Buster's. They stole tens of millions of credit and debit card numbers, using some to make withdrawals at ATM machines and selling millions of the numbers to other criminals, in what prosecutors termed "unparalleled" online theft.