Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Gonzalez pleads guilty to giant breaches
Published: 2009-09-14

A 28-year-old Miami resident pleaded guilty on Friday to charges of conspiracy, computer and wire fraud, and aggravated identity theft stemming from the massive thefts of data from major commerce companies, such as retail giant TJX and payment processor Heartland Payment Systems.

The defendant, Albert Gonzalez, had worked with at least three others to break into the networks of their corporate victims and steal credit- and debit-card account information, prosecutors charged. The Florida resident allegedly took part in breaching the security of at least 14 large companies and stealing more than 225 million credit- and debit-card accounts. Many networks were breached using SQL injection vulnerabilities in Web servers to gain a beachhead; in other cases, Gonzalez and his team drove to branch locations and took advantage of poorly secured wireless connections.

Prosecutors lauded the 19-count guilty plea.

"Consumers must be able to trust that the credit and debit cards they use everyday in thousands of stores around the world are safe from unlawful access," Assistant Attorney General Lanny A. Breuer said in a statement. "We will continue to prosecute the theft of person identity data that citizens entrust to computer networks every day."

The indictments against Gonzalez shed light on the largest financial breaches of the past three years, including 130 million credit- and debit-card accounts stolen from Heartland Payment Systems' servers and at least 94 million accounts stolen from TJX. The charges also put the responsibility for another 4.2 million accounts stolen from Hannaford's servers at the feet of Gonzalez.

Gonzalez plead guilty to indictments in Boston and New York. The Boston agreement stipulates a minimum of 15 years in prison and a maximum of 25 years, while -- under the New York plea agreement -- Gonzalez faces 20 years in prison. Prosecutors will allow the sentences to run concurrently.

The 28-year-old Florida resident will also forfeit $2.7 million and his personal property, including a 2006 BMW, a Tiffany diamond ring and Rolex watches. Gonzalez had buried $1 million in cash in his back yard, according to prosecutors.

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus