Hacker 'stole 130m credit card numbers'

Click to follow
The Independent US

A former US government informant was charged over the country's largest case of credit and debit card data theft.

Albert Gonzalez, 28, is accused of stealing 130 million accounts on top of 40 million he stole previously.

Gonzalez, of Florida, broke his record for identity theft by hacking into retail networks, according to prosecutors, although they say his illicit computer exploits ended when he went to jail on charges stemming from an earlier case.

He was an ex-informant for the US Secret Service, which he helped hunt hackers, authorities say. But they said the agency later found out that he had also been working with criminals and feeding them information on investigations, warning off at least one individual.

Gonzalez, already in jail awaiting trial in another hacking case, was indicted in the state of New Jersey and charged with conspiring with two other unidentified suspects to steal the private information. Prosecutors say the goal was to sell the stolen data to others.

Prosecutors say Gonzalez, known online as "soupnazi", targeted customers of convenience store giant 7-Eleven and supermarket chain Hannaford Brothers. He also targeted Heartland Payment Systems, a New Jersey-based card payment processor.

According to the indictment, Gonazalez and two Russian co-conspirators would hack into corporate computer networks and secretly place "malware", or malicious software, that would allow them back-door access to the networks later to steal data.

Gonzalez faces up to 20 years in prison if convicted on the new charges. His lawyer did not immediately return a call for comment.

He is awaiting trial next month in New York state for allegedly helping hack the computer network of the national restaurant chain Dave and Buster's.

The US Justice Department said the new case represented the largest alleged credit and debit card data breach charged in the US, based on a scheme that began in October 2006.

Gonzalez allegedly devised a sophisticated attack to penetrate the computer networks, steal the card data and send that data to computer servers in California, Illinois, Latvia, the Netherlands and Ukraine.

Last year the justice department announced additional charges against Gonzalez and others for hacking retail companies' computers for the theft of about 40 million credit cards. At the time, that was believed to have been the biggest single case of hacking private computer networks to steal credit card data, puncturing the electronic defences of retailers including T.J. Maxx, Barnes & Noble, Sports Authority and OfficeMax.

Prosecutors say Gonzalez was the ringleader of the hackers in that case.

At the time of those charges, officials said the alleged thieves were not computer geniuses, just opportunists who used a technique called "wardriving", which involved cruising through different areas with a laptop and looking for accessible wireless internet signals.

Once they located a vulnerable network, they installed so-called "sniffer programs" that captured credit and debit card numbers as they moved through a retailer's processing networks.

Gonzalez faces a possible life sentence if convicted in that case.

Restaurants are among the most common targets for hackers, experts say, because they often fail to update their anti-virus software and other computer security systems.