 |
Albert Gonzalez is already in a N.Y. jail. |
Accused hacker to plead guilty
Gonzalez faces up to 25 years for data theft from TJX and others
Albert Gonzalez, the accused computer hacker charged in what prosecutors call the largest identity fraud case in US history, faces up to 25 years in prison after agreeing yesterday to plead guilty, a punishment that reflects a new level of seriousness in the fight against cybercrime.
Under a plea agreement with federal prosecutors filed in Boston yesterday, Gonzalez would serve a sentence of 15 to 25 years after pleading guilty to a 19-count indictment, including charges of conspiracy, wire fraud, and aggravated identity theft. He would also forfeit some $2.8 million in cash, a Miami condo, a car, and expensive jewelry.
The 28-year-old is charged with orchestrating the heist of more than 40 million credit cards from nine retailers, including discounter BJ’s Wholesale Club of Natick and Framingham-based TJX Cos., which operates TJMaxx and Marshalls stores. TJX did not return a call seeking comment.
“This is the fiercest sentence for cybercrime I’ve ever heard,’’ said David Perry, the global director of education at Trend Micro, an Internet content security company. “But it makes sense in this case: Gonzalez is the Al Capone of cybercrime.’’
The agreement doesn’t apply to other charges Gonzalez faces, in a case brought by the US attorney’s office in Newark in connection with the theft of more than 130 million credit card numbers. In that case, Gonzalez and two unnamed hackers stand accused of stealing the credit card numbers from retailers, that include the Hannaford Brothers supermarket chain based in Maine, and from Heartland Payment Systems of New Jersey, which processes payments for thousands of stores nationwide.
Gonzalez is already in a federal jail in Brooklyn, N.Y., where he has been awaiting trial on 2008 charges that he stole credit card data from 11 Dave & Buster’s restaurants. As part of yesterday’s agreement, Gonzalez will plead guilty to a second indictment for the Dave & Buster’s break-in.
“The Gonzalez cases have shown how serious computer fraud can be,’’ Trend Micro’s Perry said. “The FBI alone doesn’t have the bandwidth to police this, it’s too big. Today’s settlement shows that we’re starting to develop the standards, procedures, and sentences to take this on.’’
TJX Cos. of Framingham estimated the theft cost it more than $200 million in legal fees, settlements, security consultants, and other expenses.
“The severity of the penalty reflects how much damage Gonzalez caused to credit card companies and merchants, who had to clean up the mess he left behind,’’ said Richard Smith, principal at Boston Software Forensics, an Internet security firm.
Although a guilty plea from Gonzalez will imprison one of the nation’s most notorious cybercriminals, Smith said his removal will not significantly lessen the danger to consumers.
Criminals who engage in what Gonzalez is accused of doing usually make their money by selling the credit card numbers, instead of adding charges to the cards themselves, Smith said. “Consumers still have to worry about much smaller-time criminals who are adding charges to thousands, not millions of credit cards.’’
Smith added that the Gonzalez cases are also unusual in that they are located in the United States.
“Traditionally, much more cybercrime originates overseas,’’ he said.
Material from Globe wire services was used in this report. D.C. Denison can be reached at denison@globe.com. 
© Copyright 2009 Globe Newspaper Company.
