Double agent who 'stole 130 million card details'

Hacker who agreed to help nail his accomplices now accused of greatest identity theft spree in history

He is handsome, he is rich – he reportedly splurged $75,000 (£45,000) on his own birthday one year – and has the kind of charm that could dazzle the hardest of men, says a federal secret service agent. But it's not your daughters you need to be locking up: it's your credit cards.

We have known for some time that the electronic identity-theft business is burgeoning. The US Treasury Department says it knows of 55,000 cases in just 10 years. But, as of now, it has its official poster boy. He is 28-year-old Albert Gonzalez, a man who allegedly has a special talent for this particular line.

That, at least, is the contention of the authorities in New Jersey, who late on Monday unveiled criminal charges against Mr Gonzalez identifying him as the leader of a three-man ring which, between October 2006 and May 2008, successfully siphoned off the data from no fewer than 130 million credit and debit cards in the US by hacking into the networks of several retail and financial giants including the 7-Eleven corner-shop chain.

The charges against Mr Gonzalez and two other unidentified men apparently working out of or close to Russia are causing considerable consternation for a multitude of reasons. For one, this may be the biggest criminal case involving the theft of credit card data ever uncovered. Second, some of the details of the alleged criminal career of Mr Gonzalez are raising eyebrows. For example: why didn't the Feds cotton on to all of this before?

It turns out that Mr Gonzalez was first detained in 2003 in connection with alleged nefarious hacking operations but was not prosecuted after he agreed to assist the secret service in trying to nail some of his accomplices. The authorities also agreed to allow him to move from the New York area to Miami.

Since May of last year, Mr Gonzalez has been a resident of a jail in Brooklyn awaiting trial on charges of hacking into the computer system of Dave & Buster's, a national restaurant chain based in Miami. He was allegedly trying to steal card numbers.

But later last year, the police were pointing to Mr Gonzalez again. In a separate case now pending in Boston, he was accused of being the ringleader of yet another data breach involving a series of companies, but most notably TJ Maxx retail in Massachusetts. On that occasion, prosecutors said, the ring had successfully purloined the details of 40 million cards and their activities had cost TJX – which owns TJ Maxx – about $200m (£120m).

The new set of charges eclipses all that came before, however. It also opens the window on a netherworld of electronic crime that will set off new alarm bells in capitals around the world. If one man can be responsible for this number of breaches, the problem may be bigger than anyone imagined.

If Mr Gonzalez is guilty it is also his chutzpah that shocks. He is "a very important player in a sophisticated ring that has real results at the street level of bank, retail, debit- and credit-card fraud," acknowledged Seth Kosto, an Assistant US Attorney in New Jersey who specialises in computer fraud.

According to court documents filed in the TJX case in Boston, Mr Gonzalez instigated what he called an "operation to get rich or die tryin'", which involved identifying some of the biggest companies in America and setting about assessing how vulnerable their payment systems were to being hacked.

It is alleged that, once Mr Gonzalez and his team had successfully penetrated a particular company's system, an electronic "back door" would be installed that in theory would allow them to return at any time to harvest even more credit card numbers.

The value of data from stolen credit cards depends on the market. But, according to the latest documents filed in the case, once the information was stolen it was immediately relayed to computers controlled by the ring in different parts of the world, including California and Ukraine.

Of course those least happy to hear details of Mr Gonzalez's alleged capers are the companies whose names feature in the latest charges, including a supermarket chain called Hannaford. "We're pleased that the authorities have aggressively pursued this case to be in a position to bring an indictment against the alleged perpetrators," said Michael Norton, a spokesman for Hannaford. 7-Eleven declined to comment.

The technique

Gonzalez allegedly used a technique known as an "SQL injection attack", a form of computer hacking which is designed to exploit security vulnerabilities in databases. This type of attack is said to have started in Russia, China and North Korea,but has become increasingly popular in the United States. So much so that computer giant IBM will later this month release a report which shows that instances of SQL injection attacks have increased by 50 per cent in the first quarter of 2009, compared with the final quarter of 2008.

SQL injection requires the hackers to gain access to the computer networks they wish to hack. The hacker would do this by somehow breaching the computer's firewall and then "injecting" software into the database, which is held in a computer programming language known as SQL. What type of software is not known, but it would search for pins or passwords or transaction records. The stolen data was then sent to computer servers to sell on.

PROMOTED VIDEO
Have you tried new the Independent Digital Edition apps?
News
ebookA unique anthology of reporting and analysis of a crucial period of history
News
people
Life and Style
President Obama, one of the more enthusiastic users of the fist bump
science
Arts and Entertainment
Peter Griffin holds forth in The Simpsons Family Guy crossover episode
tv
Life and Style
Upright, everything’s all right (to a point): remaining on one’s feet has its health benefits – though in moderation
HealthIf sitting is bad for your health, what happens when you stay on your feet for a whole month?
News
Kristen Stewart and Rupert Sanders were pictured embracing in 2012
people
Independent
Travel Shop
the manor
Up to 70% off luxury travel
on city breaks Find out more
santorini
Up to 70% off luxury travel
on chic beach resorts Find out more
sardina foodie
Up to 70% off luxury travel
on country retreats Find out more
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

iJobs Job Widget
iJobs General

HSE Manger - Solar

£40000 - £45000 Per Annum: The Green Recruitment Company: Job Title: HSE Mana...

Data Governance Manager (Solvency II) – Contract – Up to £450 daily rate, 6 month (may go Permanent)

£350 - £450 Per Day: Clearwater People Solutions Ltd: We are currently looking...

Powertrain Design Engineer

competitive: Progressive Recruitment: I hope you are well. My client based in ...

Java Developer - Banking - London - Up to £560/day

£500 - £560 per day: Orgtel: Java Developer FX - Banking - London - Up to £560...

Day In a Page

A new Russian revolution: Cracks start to appear in Putin’s Kremlin power bloc

A new Russian revolution

Cracks start to appear in Putin’s Kremlin power bloc
Eugene de Kock: Apartheid’s sadistic killer that his country cannot forgive

Apartheid’s sadistic killer that his country cannot forgive

The debate rages in South Africa over whether Eugene de Kock should ever be released from jail
Standing my ground: If sitting is bad for your health, what happens when you stay on your feet for a whole month?

Standing my ground

If sitting is bad for your health, what happens when you stay on your feet for a whole month?
Commonwealth Games 2014: Dai Greene prays for chance to rebuild after injury agony

Greene prays for chance to rebuild after injury agony

Welsh hurdler was World, European and Commonwealth champion, but then the injuries crept in
Israel-Gaza conflict: Secret report helps Israelis to hide facts

Patrick Cockburn: Secret report helps Israel to hide facts

The slickness of Israel's spokesmen is rooted in directions set down by pollster Frank Luntz
The man who dared to go on holiday

The man who dared to go on holiday

New York's mayor has taken a vacation - in a nation that has still to enforce paid leave, it caused quite a stir, reports Rupert Cornwell
Best comedians: How the professionals go about their funny business, from Sarah Millican to Marcus Brigstocke

Best comedians: How the professionals go about their funny business

For all those wanting to know how stand-ups keep standing, here are some of the best moments
The Guest List 2014: Forget the Man Booker longlist, Literary Editor Katy Guest offers her alternative picks

The Guest List 2014

Forget the Man Booker longlist, Literary Editor Katy Guest offers her alternative picks
Jokes on Hollywood: 'With comedy film audiences shrinking, it’s time to move on'

Jokes on Hollywood

With comedy film audiences shrinking, it’s time to move on
It's the best of British art... but not all is on display

It's the best of British art... but not all is on display

Voted for by the British public, the artworks on Art Everywhere posters may be the only place where they can be seen
Critic claims 'I was the inspiration for Blanche DuBois'

Critic claims 'I was the inspiration for Blanche DuBois'

Blanche Marvin reveals how Tennessee Williams used her name and an off-the-cuff remark to create an iconic character
Sometimes it's hard to be a literary novelist

Sometimes it's hard to be a literary novelist

Websites offering your ebooks for nothing is only the latest disrespect the modern writer is subjected to, says DJ Taylor
Edinburgh Fringe 2014: The comedy highlights, from Bridget Christie to Jack Dee

Edinburgh Fringe 2014

The comedy highlights, from Bridget Christie to Jack Dee
Dame Jenny Abramsky: 'We have to rethink. If not, museums and parks will close'

Dame Jenny Abramsky: 'We have to rethink. If not, museums and parks will close'

The woman stepping down as chair of the Heritage Lottery Fund is worried