News

Heartland hacker Gonzalez pleads guilty to compromise of 170 million cards

September 13, 2009

Albert Gonzalez, the 28-year-old hacker accused of stealing and reselling more than 170 million credit and debit/ATM card numbers, pleaded guilty this week to identity theft, wire fraud, computer fraud and conspiracy, reports Afterdawn.com.

Now Gonzalez has to give up his Miami condo, a 2006 BMW 330i, thousands of dollars in jewelry and U.S. $2.7 million in cash. Sentencing is set for Dec. 8, and Gonzalez is expected to receive the maximum of 20 years in prison.

The hacker stole the credit card numbers using SQL injection and sniffer malware software to create back doors into the corporate systems at TJX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority and Dave & Buster's. Gonazalez and two conspirators also used wardriving — hacking accessible Wi-Fi networks in retail stores. One of the conspirators is a Morgan Stanley investment banker who wrote the sniffing programs.

The hackers either sold the numbers online or encoded the data onto magnetic strips of blank ATM cards, using the reproduced cards to withdraw thousands of dollars from ATMs.

U.S. Secret Service director Mark Sullivan says technology advances have allowed criminals to exploit loopholes in outdated security practices:

Technology has forever changed the way we do business, virtually erasing geographic boundaries. However, this case demonstrates that even in the cyber world, there is no such thing as anonymity.

Despite Gonzalez' guilty pleas in Massachusetts and New York, there are still charges pending in New Jersey, where he is accused of stealing numbers from Hannaford Brothers, 7-Eleven and Heartland Payment Systems.