Charges pile up for Albert Gonzalez and two unnamed alleged co-conspirators who federal prosecutors say helped engineer SQL injection attacks on Heartland Payment Systems, 7-Eleven and the Hannaford Brothers grocery store chain. Gonzalez also faces different charges for allegedly carrying out a security hack against restaurant chain Dave & Buster's.
Albert Gonzalez, a 28-year-old resident of Miami,
was indicted Aug. 17 for his alleged participation in the largest credit and
debit card data breach ever charged in the United
States. Federal prosecutors say Gonzalez'
corporate victims included Heartland Payment Systems, a New Jersey-based card payment
processor; 7-Eleven, a Texas-based nationwide convenience store chain; and
Hannaford Brothers, a Maine-based supermarket chain.
In a two-count indictment alleging conspiracy and conspiracy to engage in
wire fraud, Gonzalez (aka segvec, soupnazi and j4guar17) is charged-along with
two unnamed co-conspirators-with launching an SQL injection attack against his
victims. SQL attacks seek to exploit computer networks by finding a way around a
network's firewall to steal credit and debit card information.
The indictment alleges that beginning in October 2006 Gonzalez and his co-conspirators
researched the credit and debit card systems used by their victims and devised
a sophisticated attack to penetrate their networks and steal credit and debit
card data. Gonzalez then allegedly sent that data to computer servers the group
operated in California, Illinois,
Latvia, the Netherlands
In addition, Gonzalez and his co-conspirators are charged with using
sophisticated hacking techniques to cover their tracks and avoid detection by
anti-virus software. If convicted, Gonzalez faces up to 20 years in prison on
the wire fraud conspiracy charge and an additional five years in prison on the
conspiracy charge, as well as a fine of $250,000 for each charge.
Gonzalez is currently in federal custody facing other hacking indictments. In
May 2008, the U.S. Attorney's Office for the Eastern District of New York
charged Gonzalez with an alleged role in the hacking of a computer network run
by the national restaurant chain Dave & Buster's. The trial on those
charges is scheduled to begin in Long Island, N.Y.,
In August of 2008, the Department of Justice announced an additional series
of indictments against Gonzalez and others for a number of retail hacks
affecting eight major retailers and involving the theft of data related to 40
million credit cards. Those charges were filed in the District of
Massachusetts. Gonzalez is scheduled for trial on those charges in 2010.
The charges announced Aug. 17 relate to a different pattern of alleged hacking
activity that targeted different corporate victims and involved different