IMGCAP(1)]
BOSTON – A one-time government informant believed to be the mastermind behind several of the biggest online credit card thefts pleaded guilty Friday to some of the biggest card breaches in history, including those at retailers TJX Cos., Barnes & Nobles, Sports Authority, Dave & Buster's, OfficeMax, Boston Market and BJ's Wholesale Club.
The biggest victims were not the cardholders, who are indemnified against most of the fraud losses, but credit unions and banks, which were forced to either claim the losses on their insurance or eat the losses.
As part of a deal with federal prosecutors, Albert Gonzalez, 28, faces up to 25 years in prison in Massachusetts and 20 years in New York and forfeiture of over of $2.8 million, a fraction of what the losses his schemes are believed to have cost.
Sentencing has been scheduled for Dec. 8.
During Friday's plea hearing Gonzalez's Miami lawyer, Rene Palomino, told the court the master-hacker "is extremely remorseful."
"He just feels really bad, mainly because of the damage he's caused, but also because of what his family has had to endure," said Palomino.
Authorities said the schemes enabled Gonzalez to amass more than $2.8 million, buy a Miami condo and a BMW, as well as luxury jewelry and electronics. Included in the forfeited currency is more than $1 million in cash Gonzalez had buried in a container in his backyard.
Gonzalez was first arrested in the 2003 online cards scheme known as shadowcrew.com, also faces charges in the breaches at Heartland Payment Systems, Hannaford Bros. supermarkets and 7-Eleven convenience stores while he was purportedly serving as a government informant for his 2003 role in shadowcrew. Charges in the Heartland Payment, Hannaford Bros. and 7-Eleven cases are still pending.
Known by his online names of "soupnazi" and "segvec," Gonzalez was moved from New Jersey to Miami after he was arrested in the shadowcrew case. But while he was supposed to be keeping an eye on other scams for the Feds, he was expanding his own activities. Authorities said he and his accomplices would cruise the parking lots of big retailers and hack into their data bases using a laptop–a practice known as wardriving. The group was able to install malware, online "snifters," that collected cards information from the retailers' computer systems.
The group would sell the credit card information online at a variety of open sites. Purchasers of the information would use it to make online purchases or to create their own credit or ATM cards which they used to withdraw millions of dollars in cash. Much of the illegal activity was performed overseas, out of the reach of U.S. authorities, in places like Russia, Ukraine, Bulgaria and China.
