Hacker's high life brought to end with 20-year sentence

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

This weekend, Albert Gonzalez, the most prolific commercial hacker in history, is beginning a 20-year jail sentence. Thus comes to an end a saga of crime, greed, and deft keyboard work that brought him a life high on the hog with a supercar and condo, his lady friends some fancy jewellery, and much grief to the millions of people whose credit card details he plundered. No one – least of all Gonzalez – knows how many card holders were affected, but the most cautious estimates put the total in the tens of millions.

Gonzalez, as these numbers suggest, was no acned amateur, hacking companies' records for the thrill of it. He was young – still only 28 – but so good at penetrating supposedly secure networks that at one time he was hired by US intelligence to trace other hackers. His obsession with computers began in childhood: while still in a Florida high school he was questioned by the FBI after breaking into an Indian government website. In 2003, Gonzalez (whose father came to the US from Cuba on a homemade raft in the 1970s) was arrested for hacking. He was not charged and agreed to become a government informant.

Yet even while he was performing this public service, he was penetrating the networks of major companies such as the clothing retailer TJ Maxx, supermarket 7-Eleven and Barnes & Noble bookshop, and stealing credit card details. Using the aliases "segvec", "soupnazi", and "j4juar17", he led a group of professional identity thieves in the US, Ukraine and Russia who made money by selling card data on the black market and taking "bundles of money" out of cash machines.

One of his team's principal techniques was "wardriving", in which he and two partners would cruise in a car past shops, and use a laptop to detect stores with vulnerable wireless internet signals. The trio would then install "sniffer programmes" to hoover up details of the cards and their owners and sell them on. By 2008, Gonzalez had 40 million credit card details on his servers.

His share of the proceeds was an estimated $2.8m (£1.9m), which he used to buy an apartment in Miami, a blue BMW, Rolex watches for his father and friends, a Tiffany ring for a girlfriend, and to stage a $75,000 birthday party. At one time, court documents revealed, he was rather put out when his money-counter malfunctioned and he had to count out $340,000 in $20 notes by hand. Such a chore.

His run came to an end in May 2008, when police raided the room at the lavish National Hotel, Miami Beach, where Gonzalez and girlfriend were staying. Among his possessions in Room 1508 were two computers, $22,000 in cash and a Glock 9mm handgun. Later, around $1.1m was found buried in his parents' Florida back garden. He pleaded guilty in trials late last year and was sentenced at hearings on Thursday and Friday. His two confederates – known as "Hacker 1" and "Hacker2" – remain at large.

Gonzalez's defence team claimed that their client showed behaviour "consistent with Asperger's syndrome, a form of autism", but the courts in Florida and Boston still gave him two concurrent 20-year terms, the stiffest sentence ever recorded for a hacker. Their decision bodes ill for the British hacker Gary McKinnon, who is accused of penetrating Nasa computers, and whose extradition to the US will be judicially reviewed in May.

Gonzalez must also forfeit the remaining cash, his apartment and the car, while his friends must relinquish their Rolexes and the Tiffany ring.