The indictment referred to the other two defendants as "Hacker 1" and "Hacker 2" residing "in or near Russia." They are not in custody.
Hacker charged in big retail scam
Looks like Gonzales was a tool. Russians are protected in Russian Federation.
Posted on 08/17/2009 1:06:22 PM PDT by Cindy
Note: The following text is a quote:
Alleged International Hacker Indicted for Massive Attack on U.S. Retail and Banking Networks
Data Related to More Than 130 Million Credit and Debit Cards Allegedly Stolen
WASHINGTON – Albert Gonzales, 28, of Miami, Fla., was indicted today for conspiring to hack into computer networks supporting major American retail and financial organizations, and stealing data relating to more than 130 million credit and debit cards, announced Assistant Attorney General of the Criminal Division Lanny A. Breuer, Acting U.S. Attorney for the District of New Jersey Ralph J. Marra Jr. and U.S. Secret Service Assistant Director for Investigations Michael Merritt.
In a two-count indictment alleging conspiracy and conspiracy to engage in wire fraud, Gonzales, AKA "segvec," "soupnazi" and "j4guar17," is charged, along with two unnamed co-conspirators, with using a sophisticated hacking technique called an "SQL injection attack," which seeks to exploit computer networks by finding a way around the network’s firewall to steal credit and debit card information. Among the corporate victims named in the indictment are Heartland Payment Systems, a New Jersey-based card payment processor; 7-Eleven Inc., a Texas-based nationwide convenience store chain; and Hannaford Brothers Co. Inc., a Maine-based supermarket chain.
The indictment, which details the largest alleged credit and debit card data breach ever charged in the United States, alleges that beginning in October 2006, Gonzales and his co-conspirators researched the credit and debit card systems used by their victims; devised a sophisticated attack to penetrate their networks and steal credit and debit card data; and then sent that data to computer servers they operated in California, Illinois, Latvia, the Netherlands and Ukraine. The indictment also alleges Gonzales and his co-conspirators also used sophisticated hacker techniques to cover their tracks and to avoid detection by anti-virus software used by their victims.
If convicted, Gonzales faces up to 20 years in prison on the wire fraud conspiracy charge and an additional five years in prison on the conspiracy charge, as well as a fine of $250,000 for each charge.
Gonzales is currently in federal custody. In May 2008, the U.S. Attorney’s Office for the Eastern District of New York charged Gonzales for his alleged role in the hacking of a computer network run by a national restaurant chain. Trial on those charges is scheduled to begin in Long Island, N.Y., in September 2009.
In August of 2008, the Justice Department announced an additional series of indictments against Gonzales and others for a number of retail hacks affecting eight major retailers and involving the theft of data related to 40 million credit cards. Those charges were filed in the District of Massachusetts. Gonzales is scheduled for trial on those charges in 2010.
The charges announced today relate to a different pattern of hacking activity that targeted different corporate victims and involved different co-conspirators.
This case is being prosecuted by Assistant U.S. Attorneys Erez Lieberman and Seth Kosto for the U.S. Attorney’s Office for the District of New Jersey and by Senior Trial Counsel Kimberly Kiefer Peretti of the Criminal Division’s Computer Crime and Intellectual Property Section. The case is being investigated by the U.S. Secret Service.
###
09-810
#
stepping back in time...
http://voices.washingtonpost.com/securityfix/2009/01/payment_processor_breach_may_b.html
“Payment Processor Breach May Be Largest Ever”
(January 20, 2009)
He used a simple SQL injection attack to break into what? Aside from punishing him, those responsible for security of the information should be just as liable.
http://www.washingtonpost.com/wp-dyn/content/article/2009/08/17/AR2009081701915.html
“Alleged Hackers Indicted in Largest Identity Theft Case Ever Prosecuted”
By Brian Krebs
Washington Post Staff Writer
Monday, August 17, 2009; 3:25 PM
SNIPPET: “The indictments returned Monday include two other people accused in the Heartland and Hannaford breaches, described only as “Hacker 1” and “Hacker 2,” both of Russia. All three are charged with two counts: Conspiracy to gain unauthorized access to computers, to commit fraud in connection with computers, and to damage computers, and conspiracy to commit wire fraud. Each defendant faces a maximum of 35 years in prison, as well as more than $1 million in fines, or twice the gain resulting from the offense, whichever is greater.”
The full track: Dissolved Girl
I vote for turning their fingers into mush with a 12# sledge and seeing how good they are at hacking then.
Maybe the CIA should should recruit this guy, who knows he might save us all some day :)
LOLZ.
SQL injection is; DROP TABLE CUSTOMERS -- the simplest of all possible attacks.
That’s exactly what I was thinking. Apparently, in the mind of DOJ.gov, typing tick-dash-dash-space is a “sophisticating hacking technique”.
“...the simplest of all possible attacks.”
I’m no geek, but I did recognize that term...and that means to me it could not have been too sophisticated.
“data relating to more than 130 million credit and debit cards”
How many debit and credit cards ARE there in America? I realize that some people are carrying multiple cards. But what is the total?
Alleged to be international, or alleged to be a hacker? And who does the Federal Govt. hire these days to write news releases? People who have flunked out of ticker crawl class over at CNN?
“In a two-count indictment alleging conspiracy and conspiracy to engage in wire fraud, Gonzales, AKA “segvec,” “soupnazi” and “j4guar17,” is charged, along with two unnamed co-conspirators...”
Sorry to interject but this person, and all who are like them, need to be whipped. “Co-conspirator” is not a word. Conspiracy, by its very definition, means more than one person. The use of this word by supposed intelligent people makes my head wish to explode.
Now back to your regularly scheduled thread.
http://www.census.gov/compendia/statab/tables/09s1148.pdf
#
SNIPPET: “According to data from the U.S. Census Bureau, there were 159 million credit cardholders in the United States in 2000, 173 million in 2006, and that number is projected to grow to 181 million Americans by 2010. (Source: Census Bureau)”
Sophisticated? Give me a break. Any 12 year old with moderate computer savy could probably do the same thing-the place to really investigate should start with those in charge of computer security at these companies.
Smiling at you....kids.
The term co-conspirator is commonly used in court and in written laws. See eg.,http://www.investigativeproject.org/documents/case_docs/170.pdf
Among the corporate victims named in the indictment are Heartland Payment Systems, a New Jersey-based card payment processor; 7-Eleven Inc., a Texas-based nationwide convenience store chain; and Hannaford Brothers Co. Inc., a Maine-based supermarket chain.Instead of a prison sentence and some fines, he and his fellow grifters should have their heads chopped off on TV.
Russian involvement again ? Almost as if the Russians are born to hack. Here is an article describing some details about Russian Patriotic Hackers.
That’s interesting — thanks for the link.
Works for me........let me do the hammering!
About a year and a half ago my credit card info was stolen and $8,000 of charges were rung up in Louisville, KY.....
Fortunately I didn't have to pay for it but how the heck it happened is anybody's guess.........I live in Mich. and no one stole my card.
There is a wired.com article that claims Gonzalez also worked as a secret service informant that went by the nickname Cumbajohnny. Looks like the feds are busting their old players and bringing in the cleaner crews. Something must be going on out there. Another article claimed the two Russians he was working with have not been arrested. Still on the lose apparently.
Well, it looks like this will be interesting.
Yep, I didn’t see any other online press releases regarding the Russians, just the one subject and a reference to the other 2 subjects.
#
http://www.google.com/search?&rls=en&q=Cumbajohnny&ie=UTF-8&oe=UTF-8
Excerpt.
Armenian-Azerbaijani virtual war: Azerbaijan and Armenia have problems in virtual level because of Nagorno-Karabakh conflict. Azeri hackers have attacked about 100 Armenian web sites and have broken them putting Azeri flag there. Armenians claim that to be a threat against national security.
Also saw reports of Iraq hackers attacking Armenia. Perhaps the west is fighting back or perhaps this is Russian stagecraft. Armenia is basically a client of Russia.
The indictment referred to the other two defendants as "Hacker 1" and "Hacker 2" residing "in or near Russia." They are not in custody.
Hacker charged in big retail scam
Looks like Gonzales was a tool. Russians are protected in Russian Federation.
Thank you for posting the photo Justa-hairyape.
Note: The following text is a quote:
http://www.justice.gov/opa/pr/2009/December/09-crm-1389.html
FOR IMMEDIATE RELEASE
Tuesday, December 29, 2009
Major International Hacker Pleads Guilty for Massive Attack on U.S. Retail and Banking Networks
WASHINGTON- Albert Gonzalez, 28, of Miami, pleaded guilty today to conspiring to hack into computer networks supporting major American retail and financial organizations, and to steal data relating to tens of millions of credit and debit cards, announced Assistant Attorney General of the Criminal Division Lanny A. Breuer, U.S. Attorney for the District of New Jersey Paul J. Fishman, U.S. Attorney for the District of Massachusetts Carmen Milagros Ortiz and Director of the U.S. Secret Service Mark Sullivan.
Gonzalez, aka “segvec,” “soupnazi” and “j4guar17,” pleaded guilty to two counts of conspiracy to gain unauthorized access to the payment card networks operated by, among others, Heartland Payment Systems, a New Jersey-based card processor; 7-Eleven, a Texas-based nationwide convenience store chain; and Hannaford Brothers Co. Inc., a Maine-based supermarket chain. The plea was entered in federal court in Boston before U.S. District Court Judge Douglas P. Woodlock. The case is one of the largest data breaches ever investigated and prosecuted in the United States.
According to information contained in the plea agreement, Gonzalez leased or otherwise controlled several servers, or “hacking platforms,” and gave access to these servers to other hackers, knowing that they would use them to store malicious software, or “malware,” and launch attacks against corporate victims. Malware used against several of the corporate victims was also found on a server controlled by Gonzalez. Gonzalez tested malware by running multiple anti-virus programs in an attempt to ascertain if the programs detected the malware. According to information in the plea agreement, it was foreseeable to Gonzalez that his co-conspirators would use malware to steal tens of millions of credit and debit card numbers, affecting more than 250 financial institutions. Gonzalez was indicted in New Jersey in August 2009 for this criminal conduct.
Based on the terms of the plea agreement, Gonzalez will not seek a prison term under 17 years and the government will not seek a prison term of more than 25 years. Gonzalez pleaded guilty in September 2009 in Boston to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft relating to hacks into numerous major U.S. retailers including TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority. Gonzalez was indicted for those offenses in August 2008 in the District of Massachusetts. Gonzalez also pleaded guilty in September 2009 in Boston to one count of conspiracy to commit wire fraud relating to hacks into the Dave & Buster’s restaurant chain, which were the subject of a May 2008 indictment in the Eastern District of New York.
As part of the plea agreement with the government, the New Jersey case was transferred to the District of Massachusetts for plea and sentencing. According to the terms of the New Jersey plea agreement, the parties agree that Gonzalez’ sentence in the New Jersey case should run concurrently with the sentence imposed in the Boston and New York cases. Gonzalez remains in federal custody. Sentencing in the Boston and New York cases is currently scheduled for March 18, 2010, in Boston. Sentencing in the New Jersey case is scheduled for March 19, 2010.
“The Department of Justice will not allow computer hackers to rob consumers of their privacy and erode the public’s confidence in the security of the marketplace,” said Assistant Attorney General Breuer. “Criminals like Albert Gonzalez who operate in the shadows will be caught, exposed and held to account. Indeed, with timely reporting of data breaches and high-tech investigations, even the most sophisticated hacking rings can be uncovered and dismantled, as our prosecutors and agents demonstrated in this case.”
“Commercial hackers like Gonzalez believe they are immune from detection and prosecution as they lurk in the shadows of the Internet,” said U.S. Attorney Fishman of the District of New Jersey. “But time and again they are caught, prosecuted and sentenced to lengthy federal prison terms. Other hackers should sit up and take notice.”
“The conviction of Mr. Gonzalez, and the unraveling of one of the most complex and large scale identity theft cases in history, should serve as a reminder to hacker organizations, that the Department of Justice will vigorously investigate and prosecute cybercrimes, regardless of their sophistication and global reach. Mr. Gonzalez’s conviction is the result of unprecedented coordination across agency and geographical lines, and I want to commend the investigators and prosecutors who have worked tirelessly to bring this case to fruition,” said U.S. Attorney Ortiz of the District of Massachusetts.
“Today’s plea proves that although cyber criminals can threaten our nation’s financial sector, the Secret Service and its many partners around the world will pursue and prosecute them,” said U.S. Secret Service Director Sullivan. “Time and again, cooperation and advanced methodologies have allowed us to focus our resources in order to detect and prevent these types of crimes, wherever they originate.”
The New Jersey case is being prosecuted by Assistant U.S. Attorneys Erez Liebermann and Seth Kosto of the District of New Jersey, Assistant U.S. Attorneys Stephen Heymann and Donald Cabell of the District of Massachusetts, and Senior Counsel Kimberly Kiefer Peretti of the Criminal Division’s Computer Crime and Intellectual Property Section. All of these cases are being investigated by the U.S. Secret Service.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.