Just over a year ago I reported on the Justice Department’s indictment of 11 “individuals” involved in an identity theft ring that targeted wireless retail networks of TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, and DSW, among others. They were charged for stealing over 130 million credit and debit card numbers.
One of those indicted was a U.S. citizen named Albert Gonzalez, age 28. Gonzalez, under arrest on one ID theft case, had been working as an informant in a second case, and was found to be criminally involved in a third identity theft ring. Over the weekend he admitted his guilt in an older case, and agreed to forfeit assets gained by crimes. Among his assets were a condominium in Miami, a 2006 BMW, various computers and laptops, a Glock 27 firearm, a Nokia cell phone, a Tiffany diamond ring and three Rolex watches.
Gonzalez was scheduled to go to trial Sept. 14 in federal court in Central Islip, N.Y. His charges included operating a fraud scheme from April through September in 2007, and hacking into computers at the corporate headquarters of the Dave & Buster’s restaurant chain where he stole debit and credit card numbers. He faces 15 years to 25 years in prison.
On the second case, Gonzalez faces as many as 35 years in prison.In that case Gonzalez and the other hackers malware and so-called “injection strings” to attack the computers and steal data. They installed “sniffer” programs to capture data “on a real-time basis” as it moved through the computer networks. They used instant messaging services to advise each other on how to navigate the systems. They also programmed malware to evade detection by anti-virus software and erase files that might detect its presence.