Feeds

TJX mastermind chances his arm with deep cover infiltration appeal

A Scanner Darkly-style defense

Secure remote control for conventional and virtual desktops

Albert Gonzalez, mastermind of the infamous TJ Maxx hack, has sought to get a judge to set aside his earlier guilty plea and conviction in the case by arguing he carried out the hack while working as a paid government informant.

Gonzalez, 29, who escaped jail time back in 2004 over his involvement in the sale of 1.5 million stolen credit and ATM card numbers while a member of the Shadowcrew group by ratting out his erstwhile partners in cybercrime, went on to bigger and better things. While supposedly working for the Secret Service, he acted as ringleader in a massive credit card theft and laundering operation involving an estimated 170 million credit cards between around July 2005 and his arrest in May 2008.

His crew took advantage of network insecurities (particularly weakly encrypted wireless networks in retail shops) to infiltrate systems and ultimately plant packet sniffers on the networked of TJ Maxx, Heartland Payment Systems and others. Extracted data was used to make cloned cards or sold through black market cybercrime forums. Proceeds of these crime were then laundered.

Gonzalez was jailed for 20 years in March 2010. Now, and only after unsuccessfully claiming he wasn't entirely responsible for his actions because he suffers from Asperger's Syndrome, Gonzalez contends he was only following his brief as an informant – acting on the inside to infiltrate cybercrime networks. The fact that, by his own earlier admissions, he was at the top of the pyramid he was supposedly infiltrating gets overlooked.

What isn't in dispute is that while getting paid at least $1,200 a month by his Secret Service handlers and helping to gather evidence of minor players in the cybercrime scene, Gonzalez was simultaneously running his Operation Get Rich or Die Tryin' cybercrime project.

"I still believe that I was acting on behalf of the United States Secret Service and that I was authorised and directed to engage in the conduct I committed as part of my assignment to gather intelligence and seek out international cybercriminals," Gonzalez said in a 25-page petition filed last month and republished by Wired here. "I now know and understand that I have been used as a scapegoat to cover someone's mistakes."

The petition provides a fascinating insight into the life of a cybercrime informant and cites example that would support the contention that Secret Service informants turned a blind eye to some low-level scams carried out by Gonzalez. For example, short of money, he used illegal means to find $5,000 in order to pay off a debt to a carder.

It's a much bigger stretch, however, to come away with the conclusion that the Secret Service had granted Gonzalez carte blanche to carry out the biggest cybercrime operation ever uncovered.

Gonzalez claims that Secret Service agents fluffed his ego to the extent that he got carried away and lost sight of the bigger picture.

"All of this inflated my ego and made me feel very important and made me feel like I was really a part of the Secret Service with the backing and support of the government agency. One day I was unknown and nothing and the next day I am being hailed as a genius and giving presentations to Secret Service agents in Washington, DC. All of this was mind-boggling for me."

But why are we only hearing about all this now, on a form of appeal, months after Gonzalez pleaded guilty (presumably when faced with overwhelming evidence) and was sent to jail? The convict claims he is only raising the issue now because he was not aware of the "public authority" defence.

Like many convicts, he blames his lawyer for an oversight that led to his imprisonment.

Gonzalez's former lawyer, Rene Palomino, told Wired that there was no basis for an argument that his former client acted with government approval, stating that there are no legal grounds for Gonzalez to withdraw his plea and get a trial. He also said the defence had looked closely at the question of whether evidence against Gonzalez obtained from the computer of carder Maksym "Maksik" Yastremskiy following his arrest and alleged torture in Turkey might be ruled as inadmissible. "We researched the issue regarding the evidence, and there were no grounds for suppression," Palomino told Wired. "Everything that was legally possible that could have been done for him was done for him. Nothing was left undone."

Gonzalez entered into a plea-bargaining agreement with his eyes wide open, his former lawyer argued. "He knew what he was getting into when he signed off on this agreement," Palomino concluded. ®

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.