Feeds

TJX kingpin pleads guilty to Heartland hack

Forest Gump of cybercrime face 17 years plus

Build a business case: developing custom apps

TJX hacking mastermind Albert Gonzalez faces a minimum of 17 years behind bars after pleading guilty to further cybercrimes.

Gonzalez, 28, of Miami, admitted hacking into the systems of card processor Heartland Payment Systems, 7-Eleven, and supermarket chain Hannaford Brothers as part of a plea bargain agreement on Tuesday. The former federal informant led a gang that exploited wireless security problems in branch offices and other security flaws to steal tens of millions of credit and debit card records.

In a plea bargain agreement, Gonzalez admitted that he maintained a cloud-based hacking service for use in credit card fraud, as an extract from a DoJ statement explains.

Gonzalez leased or otherwise controlled several servers, or "hacking platforms", and gave access to these servers to other hackers, knowing that they would use them to store malicious software, or “malware,” and launch attacks against corporate victims. Malware used against several of the corporate victims was also found on a server controlled by Gonzalez. Gonzalez tested malware by running multiple anti-virus programs in an attempt to ascertain if the programs detected the malware.

The Forrest Gump of cybercrime admitted two counts of conspiracy to gain unauthorized access to the payment card networks of Heartland et al. The admission comes after an earlier guilty plea in the TJX case. The TJX case has been bundled together with breaches of the corporate networks of BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority.

Prosecutors unsurprisingly describe the cases as the biggest ID theft crimes ever prosecuted and one of the largest data breaches case ever investigated and prosecuted in the US. Sentencing is scheduled for March 18 and 19, with defense lawyers promising to ask for no less than 17 years behind bars while prosecutors agree to request no more than 25 years in jail for Gonzalez.

Lawyers for Gonzalez previously argued that their client suffered from Asperger's Syndrome. It's unclear whether the plea bargaining agreement means that this contention is no longer relevant to the case and whether it might yet surface in mitigation arguments during sentencing. ®

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Plug and PREY: Hackers reprogram USB drives to silently infect PCs
BadUSB instructs gadget chips to inject key-presses, redirect net traffic and more
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?