Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:33 PM
Connect Directly

TJX, Heartland Hacker Hit With A Second 20-Year Prison Sentence

'Cybercrime pusher' Albert Gonzalez today was handed a 20-year prison sentence for his breach of Heartland Payment Systems, 7-Eleven

One day after receiving a 20-year sentence for his role in the massive breach at TJX, convicted black-hat hacker Albert Gonzales got hit with another 20-year penalty -- this time for his breach of Heartland Payment Systems, 7-Eleven, and other companies.

But Gonzalez, 28, will serve only a total of 20 years because the latest ruling is concurrent with the first sentence, according to published reports.

Gonzalez's 20-year sentence, announced yesterday in U.S. District Court in Boston for stealing and selling payment card information in his hacking of TJX, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, and Dave & Busters restaurants, was the largest ever levied for a computer crime. It's considered the largest identity theft case ever in the U.S.

But it wasn't the maximum penalty he could have received: Gonzalez faced anywhere from 17 to 25 years behind bars.

Jeffrey Troy, acting deputy assistant director of the FBI's cyber division, says Gonzalez's big sentence was commensurate with the amount of damages the hacks incurred. The FBI's Troy says the outcome of the trial should make an impact on cybercriminals. "Sitting at a computer [and robbing a bank, for instance] should not give anybody an increased level of comfort that they are not going to be pursued by the authorities. They are going to be," Troy says.

In September, Gonzales admitted to the TJX breach, and later plead guilty to stealing data from Heartland Payment Systems, Hannaford Brothers, 7-Eleven, and Target Co.

Federal prosecutors say Gonzalez's crimes in the TJX case cost the companies and insurers nearly $200 million by his actions.

Gonzalez, also known as "segvec," soupnazi," and "j4guar17," conducted most of his dirty deeds during 2005 to 2008 while he served as a paid undercover informant for the U.S. Secret Service. He reportedly was paid a $75,000 salary by the agency. He had called his cybercrime enterprise "Operation Get Rich Or Die Tryin.'" In August, he was indicted, along with two Eastern Europeans for the hacks of Heartland, Hannaford Bros, 7-11, and two retailers who have not yet been revealed. Michael Maloof, CTO at TriGeo Network Security, says he was hoping for a major sentence for Gonzalez. "He was also a supplier, who made the tools and techniques" and sold them to others, Maloof says. "He was a cybercrime pusher and organizer."

But while the sentence should send a message, the Gonzalez case certainly won't be the last, according to Maloof. "I wish I could say crime doesn't pay. So many cybercriminals are not caught," he says. "But anything that might give someone pause so that they think twice before going down this path might help."

Gonzalez and his crew used classic and well-known hacking methods -- namely SQL injection, packet sniffing, and backdoor malware designed to evade detection -- that experts say could have been thwarted.

Specifically, Gonzalez allegedly provided his co-conspirators -- two of whom resided in Russia and another in Virginia Beach, Va. -- with SQL injection strings to use for hacking into the victims' networks. He also provided them with malware to plant inside the victims' systems that would serve as a backdoor for subsequent access. The attackers installed sniffers to capture credit and debit-card numbers and other card data. They wrote malware that could avoid detection by anti-virus software in order to remain under the radar. The stolen data was sent back to servers operated by the suspects that were located in California, Illinois, Latvia, the Netherlands, and Ukraine, according to the indictment.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.