Cybercriminal of the Century?
Doug McLean - Blogmeister
Readers of this blog know that I've been following the case against Albert Gonzalez, the alleged mastermind behind the TJX breach. Last Monday came the shocking news that the Justice Department has concluded that Gonzalez also led the teams that breached both Heartland Payment Systems and Hannaford Bros. Supermarkets. Think about that for a minute, we've now traced three of the largest data breaches in history to the "vision" and leadership of a single man. Gonzalez is currently incarcerated in Brooklyn, NY where he's awaiting trial for allegedly perpetrating the comparatively modest breach of Dave & Busters Restaurants.
We've also learned that Gonzalez and his colleagues did not attack companies at random, but selected specific Fortune 500 corporations based on their business practices and assumptions about the nature and scale of data that could be stolen. Gonzalez obviously has a brilliant criminal mind and you've got to admire his abilities at some level even if you condemn his ethics.
The century is still young, but it seems pretty clear that Mr. Gonzalez can legitimately claim the title of Cybercriminal of the Century at least for now. His exploits make those Kevin Mitnick pale in comparison. He is, however, certainly not the last of his kind we'll see and it wouldn't surprise me if the latest disclosures entice even more ethically challenged hackers to the dark side.
On Friday (August 28, 2009) it was announced that Gonzalez would plead guilty to all 19 counts filed against him in the TJX breach. As a part of the deal Gonzalez will serve 15 to 25 years in prison (with very limited Internet access I'm guessing). And just to prove that crime does pay, he will be forced to relinquish $3m in cash, his condo, and a late model BMW.
As I've observed earlier, the federal prosecutors in this case took a very deliberate approach to building an iron clad case against Gonzalez. It's clear that their work paid off and I think we all owe them a debt of gratitude for taking this case seriously and sending a clear message to those that might want to follow in Gonazalez foot steps.
Now that the entire story is out and we're reaching the end of the legal actions, my only question is who is going to write the book about Gonzalez exploits? Are you listening John Markoff?