Feeds

TJX mastermind chances his arm with deep cover infiltration appeal

A Scanner Darkly-style defense

Top 5 reasons to deploy VMware with Tegile

Albert Gonzalez, mastermind of the infamous TJ Maxx hack, has sought to get a judge to set aside his earlier guilty plea and conviction in the case by arguing he carried out the hack while working as a paid government informant.

Gonzalez, 29, who escaped jail time back in 2004 over his involvement in the sale of 1.5 million stolen credit and ATM card numbers while a member of the Shadowcrew group by ratting out his erstwhile partners in cybercrime, went on to bigger and better things. While supposedly working for the Secret Service, he acted as ringleader in a massive credit card theft and laundering operation involving an estimated 170 million credit cards between around July 2005 and his arrest in May 2008.

His crew took advantage of network insecurities (particularly weakly encrypted wireless networks in retail shops) to infiltrate systems and ultimately plant packet sniffers on the networked of TJ Maxx, Heartland Payment Systems and others. Extracted data was used to make cloned cards or sold through black market cybercrime forums. Proceeds of these crime were then laundered.

Gonzalez was jailed for 20 years in March 2010. Now, and only after unsuccessfully claiming he wasn't entirely responsible for his actions because he suffers from Asperger's Syndrome, Gonzalez contends he was only following his brief as an informant – acting on the inside to infiltrate cybercrime networks. The fact that, by his own earlier admissions, he was at the top of the pyramid he was supposedly infiltrating gets overlooked.

What isn't in dispute is that while getting paid at least $1,200 a month by his Secret Service handlers and helping to gather evidence of minor players in the cybercrime scene, Gonzalez was simultaneously running his Operation Get Rich or Die Tryin' cybercrime project.

"I still believe that I was acting on behalf of the United States Secret Service and that I was authorised and directed to engage in the conduct I committed as part of my assignment to gather intelligence and seek out international cybercriminals," Gonzalez said in a 25-page petition filed last month and republished by Wired here. "I now know and understand that I have been used as a scapegoat to cover someone's mistakes."

The petition provides a fascinating insight into the life of a cybercrime informant and cites example that would support the contention that Secret Service informants turned a blind eye to some low-level scams carried out by Gonzalez. For example, short of money, he used illegal means to find $5,000 in order to pay off a debt to a carder.

It's a much bigger stretch, however, to come away with the conclusion that the Secret Service had granted Gonzalez carte blanche to carry out the biggest cybercrime operation ever uncovered.

Gonzalez claims that Secret Service agents fluffed his ego to the extent that he got carried away and lost sight of the bigger picture.

"All of this inflated my ego and made me feel very important and made me feel like I was really a part of the Secret Service with the backing and support of the government agency. One day I was unknown and nothing and the next day I am being hailed as a genius and giving presentations to Secret Service agents in Washington, DC. All of this was mind-boggling for me."

But why are we only hearing about all this now, on a form of appeal, months after Gonzalez pleaded guilty (presumably when faced with overwhelming evidence) and was sent to jail? The convict claims he is only raising the issue now because he was not aware of the "public authority" defence.

Like many convicts, he blames his lawyer for an oversight that led to his imprisonment.

Gonzalez's former lawyer, Rene Palomino, told Wired that there was no basis for an argument that his former client acted with government approval, stating that there are no legal grounds for Gonzalez to withdraw his plea and get a trial. He also said the defence had looked closely at the question of whether evidence against Gonzalez obtained from the computer of carder Maksym "Maksik" Yastremskiy following his arrest and alleged torture in Turkey might be ruled as inadmissible. "We researched the issue regarding the evidence, and there were no grounds for suppression," Palomino told Wired. "Everything that was legally possible that could have been done for him was done for him. Nothing was left undone."

Gonzalez entered into a plea-bargaining agreement with his eyes wide open, his former lawyer argued. "He knew what he was getting into when he signed off on this agreement," Palomino concluded. ®

Beginner's guide to SSL certificates

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.