US credit card hacker sentenced

Albert Gonzalez told the court he was guilty as charged. Computer expert Albert Gonzalez has been jailed for 20 years in the US for his part in stealing more than 130 million credit and debit card numbers. The judge who sentenced him described the case as "the largest and most costly example of computer hacking in US history". Gonzalez, from Miami, pleaded guilty at his trial in September 2009. He was accused, along with two Russian co-conspirators, of hacking into retailer payment systems. They targeted more than 250 US companies including payment processor Heartland Payment Systems, food and drink store 7-Eleven and American supermarket Hannaford Brothers Co. Gonzalez was found to have used SQL injection attacks to exploit weaknesses in payment software programmes and access data, stealing millions of customer card details. He blamed "curiosity and addiction" for his crimes. As part of a plea bargain, he had handed over to the court expensive jewellery, watches, his car and home. He also gave $1m in cash that he had buried in his parents' garden. "Hackers continue to put up a persistent and very real threat to enterprise systems," said Amichai Shulman, chief technology officer of cyber security firm Imperva. "The current data security spend is focused on enterprise networks, yet the Gonzalez attacks took distinct advantage of weaknesses in the database and applications. This is an industry-wide problem." Source/Kaynak: news.bbc.co.uk TJ Maxx hacker Albert Gonzalez sentenced to 20 years for his part in the compromise of almost 100 million credit and debit cards Dan Raywood March 26, 2010 PRINT EMAIL REPRINT FONT SIZE: A | A | A RELATED ARTICLES Albert Gonzalez' lawyer claims that he was close to a plea agreement before being arrested Data theft of more than 130 million credit cards foiled as cybercriminal arrested Programmer accused of assisting T.J. Maxx hackers Home secretary Alan Johnson still believes Gary McKinnon should be extradited and claims that the criminal justice system is there to be used Gary McKinnon fails in European appeal - extradition looms MORE IN NEWS Spam continues to be sent from countries as wide as the US, Brazil and China The risk of mobile spyware is increasing as network-hosted defence encouraged Wikipedia brought offline for several hours following outage caused by overheating on Wednesday evening Pwn2Own contest sees Apple iPhone, IE8, Firefox and Safari hacked Open Rights Group demonstrates against the Digital Economy Bill, as parliament confirms date for second reading Albert Gonzalez has been sentenced to 20 years in prison for his part in the hacking of more than 90 million credit and debit card numbers from TJ Maxx and other retailers. Gonzalez, who was arrested last summer, and confessed to helping lead a ring that broke into the retailers, said that he buried $1 million cash in the garden of his parents' home and that his crimes got out of control ‘because of my inability to stop my pursuit of curiosity and addiction', according to Reuters. Gonzalez's prison term could be extended today as another judge will sentence him on charges of stealing tens of millions more payment card numbers from companies including payment card processor Heartland Payment Systems, 7-Eleven and the Hannaford chain of New England grocery stores. Mark Rasch, former head of the computer crimes unit at the US Department of Justice, said that it was the harshest sentence ever handed down for a computer crime in an American court. Assistant US attorney Stephen Heymann said that Gonzalez and his co-conspirators had caused some $200 million in damages to those businesses, and that it was not possible to quantify how much money was stolen from individuals. Heymann said: “He shook a portion of our financial system. What matters most is that teenagers and young adults not look up to Albert Gonzalez. They need to know that they will be caught. That they will be punished and that the punishment will be severe.” Under his plea agreement, Gonzalez had faced up to 25 years in prison, but asked the judge for leniency in sentencing, saying he had been addicted to computers since childhood, had abused alcohol and illegal drugs for years and suffered from symptoms of Asperger's disorder. Amichai Shulman, CTO of Imperva, said: “The lesson to draw from today's sentencing is simple: enterprises are fighting today's cyber war with yesterday's technology. Hackers continue to put up a persistent and very real threat to enterprise systems. The current data security spend is focused on enterprise networks, yet the Gonzalez attacks took distinct advantage of weaknesses in the database and applications. And this is an industry-wide problem. “Today's sentencing will hopefully act as a deterrent to cyber crime in the US. However, the threat to enterprises from hackers like Gonzalez remains persistent.” Graham Cluley, senior technology consultant at Sophos, said: “Twenty years is a breathtaking sentence foranyone to receive but it is particularly unusual for a computer crime. “What's fascinating about this story is that Gonzalez was actually working for the US Secret Service when they became aware of his involvement in the 2007 hack. Clearly security measures need to be strengthened to avoid this ‘double agent' effect happening again.” For more information on data breaches, and how to avoid them, listen to the SC webcast with Larry Ponemon, chairman and founder of the Ponemon Institute on Tuesday 30th March. Source/Kaynak: scmagazineuk.com