20 Years For Gonzalez In TJX Hacker Case 94
alphadogg writes "Hacker mastermind Albert Gonzalez was sentenced Thursday in US District Court to two concurrent 20-year stints in prison for his role in what prosecutors called the 'unparalleled' theft of millions of credit card numbers from major US retailers. US District Court Judge Patti B. Saris announced the concurrent sentences in two 2008 cases against Gonzalez, 28, a Cuban-American who was born in Miami, where he lived when the crimes were committed. Gonzalez and co-conspirators hacked into computer systems and stole credit card information from TJX, Office Max, DSW and Dave and Buster's, among other online retail outlets, in one of the largest — if not the largest — cybercrime operations targeting that sort of data thus far. They then sold the numbers to other criminals. Gonzalez pleaded guilty to conspiracy charges in two cases related to those thefts last December and the following day entered a guilty plea in a third case involving hacking into computer networks of Heartland Payment Systems and the Hannaford Supermarkets and 7-Eleven chains."
You got my hopes up (Score:5, Funny)
I misread the first line as "Alberto Gonzalez".
One can still dream though.
Re: (Score:1, Funny)
To make it super duper honest, you could set up a "Pinky Swear Authority" that will ensure all the developers are trusted. I nominate myself as the Root.
Re: (Score:2)
This has already been done. It's selinux, and the NSA swears that it's really, really secure and that they don't know of any back doors in it.
Re: (Score:1, Offtopic)
OT but I'll try to paraphrase a really obscene exchange of Alberto's perjured Senate testimony. This is where they gave him a week to "correct himself":
Schumer: "So, you're saying this information was publicly available even though there is no evidence of what you're saying."
Fredo: "Yes, I told a reporter."
Schumer: "Oh! You did! Which reporter did you tell at which outlet?"
Fredo: "Um, it wasn't really me, it was someone who worked for me."
Schumer: "Oh! So who did you tell in your staff to alert the media
In most countries..... (Score:2, Insightful)
You'll get less for murder.
Re: (Score:2)
Re: (Score:2)
In *america* world, if your identity is compromised like this, people will go bankrupt very easily. That in majority of cases bring peoples life to stand still. They have to go through hell to fix the problem. He deserves what he got. Let him rot in jail.
Fixed that for you.
How insightful.
Re: (Score:3, Insightful)
Right, because the rest of the world isn't structuring their financial environment just like the US. No other country uses credit and credit ratings, computerized history files, complex financial vehicles like CDOs, etc. Iceland, Greece, Portugal and others aren't in a world of hurt right now because of the very same get rich schemes the bankers in the US perpetrated.
But hey, if wearing anti-US filters on your eyes makes you feel superior about the country you live in, then I say live and let live.
Re: (Score:1)
Well Portugal and Greece are in troubles because they spend more than they take in.
Plus especially Greece lied a decade about their numbers.
Re: (Score:1)
and somehow Goldman Sachs was their financial advisor
Re: (Score:2, Insightful)
Re: (Score:2)
You'll get less for murder.
OT sort of. This last week there was a guy in VA who was sentenced in an online pedophile chat room incident. It was the usual police sting where the guy *thought* he was chatting to a teenage girl, but never actually did. His sentence .. 100 years. My first thought was that it just made abducting and murdering teenage girls less risky than thinking you were chatting with them online
Re: (Score:2)
Um, I'm fairly sure that in VA the penalty for what you describe is death. I suppose it's debatable whether that's preferable to 100 years in prison.
Re:In most countries..... (Score:5, Insightful)
You'll get less for murder.
Most murders are committed in the heat of passion by mentally unbalanced people. This guy rationally and knowingly RUINED many people's lives. He can rot in prison for all I care.
Re: (Score:2)
The nature of his crime means he can easily repeat it if released. The solution is not to release him.
Re: (Score:2)
Cuban-American (Score:1, Troll)
So (Score:3, Interesting)
"Heartland claimed that no merchant data, cardholder's Social Security numbers, or unencrypted personal identification numbers (PIN), addresses or telephone numbers were compromised. "
So where is the crime if nothing was compromised?
Re:So (Score:5, Informative)
I know reading the link is frowned upon in here, but the actual credit card numbers were lifted. Plus (FTA), "It also appears that those behind the breach "made off with the gold" by intercepting and stealing the so-called Track 2 data from the magnetic stripe on the back of cards, which is all that's needed to create counterfeit cards"
Re: (Score:1)
Re: (Score:2)
Gonzalez is evidently charged with not only the Heartland case, but also the TJX break-in from 2007.
Explain Concurrent sentences Please (Score:2)
What's the logic behind concurrent sentences. 2 concurrent 20 year sentences is for all intents and purposes the same as one 20 year sentence. SO he basically got away with one of the crimes with no punishment. If its because 40 years for these 2 crimes is too harsh, then logically 20 years is too harsh for 1 and the law needs to be changed. Can someone explain the logic to me
Re: (Score:2)
What's the logic behind concurrent sentences.
Your question prompted me to google and I found concurrent vs consecutive sentences. [associatedcontent.com] It seems that it is up t the judge to decide how to sentence someone based on touchy feely concepts of their prior history. IE if they were previously good before committing 2 separate crimes then they might get concurrent sentences. If they are bad people then they might get consecutive sentences.
Re: (Score:2, Informative)
Hmm, some brief googling turns up a page which appears to offer a decent answer:
http://www.associatedcontent.com/article/71874/concurrent_vs_consecutive_sentences.html?cat=17 [associatedcontent.com]
Re:Explain Concurrent sentences Please (Score:4, Interesting)
What's the logic behind concurrent sentences. 2 concurrent 20 year sentences is for all intents and purposes the same as one 20 year sentence. SO he basically got away with one of the crimes with no punishment. If its because 40 years for these 2 crimes is too harsh, then logically 20 years is too harsh for 1 and the law needs to be changed. Can someone explain the logic to me
What happens if one of the two cases gets reversed on appeal? You want him to go free?
Parallel Sentencing (Score:2)
If I was Albert Gonzalez, I would have asked for 480 concurrent 1-month sentences instead. Then when the judge finalized the sentence, I'd show him the definition of the word "concurrent".
Re: (Score:2)
If I was Albert Gonzalez, I would have asked for 480 concurrent 1-month sentences instead. Then when the judge finalized the sentence, I'd show him the definition of the word "concurrent".
Then the crime wouldn't be 'unparalleled', would it? Besides, the judge could just add a mutex to each sentence so they end up being sequential anyway.
TJX Case (Score:5, Insightful)
What's missing here is the fact that TJX didn't take reasonable precautions to protect the data.
They already coughed up $41m to Visa and the FTC received a chunk of change from them as well.
The only way these kinds of thefts will be stopped is if these companies get serious about protecting Credit Card and Personal information. While PCI goes a long way in trying to address the Credit Card side of things, the Personal Information problem is still looming. We need tougher laws that make companies who gather sensitive information, SSNs etc. fully accountable when theft of the data in their possession occurs.
All in all, I still bet this guy has about $10m buried someplace but still 20 years of your life is a very stiff sentence considering a plea bargain as well.
Re: (Score:1)
What's missing here is the fact that TJX didn't take reasonable precautions to protect the data.
Looks like you're the kinda guy that blames rape victims for dressing too sexy.
Nonsense. Companies have an actual legal and contractual obligation to protect the data of their customers and the banks they do business with. Whether TJX took proper precautions is debatable but it's not even close to the same thing as blaming the victim. The real victims here are the credit card holders who trusted TJX when they bought some clothes or whatever not to leave their personal info open to hackers stealing 11 million credit card numbers. Those people (and the credit card banks) are suing TJX f
Re:TJX Case (Score:5, Informative)
Re: (Score:3, Insightful)
I second this! TJX used default passwords and several other bad practices and kept on once they knew they had a problem. Had they taken the public's data security seriously, this guy would likely never had been able to do what he did here.
When you can sit outside and type Username: (Name of manager inside) and Password: admin, wirelessly and then get credit card data from the registers which is not supposed to be stored, then yes it is YOUR fault that this happened as well. Especially when th
Re: (Score:2)
Usually when this argument is raised it's when someone just used a default password, looked around the system, maybe even informed the operator, and got prosecuted for it. That isn't the case here... doesn't matter if the door's ajar, that's still not an excuse for going
Re: (Score:2)
mod parent + insightful, for truer words were never spoken. Seriously, someone should have gone to jail for being so negligent with sensitive information like that, and no, it almost certainly was not anyone whose job it was to see to such things. It was, most likely, someone with budget control over that department who "...didn't see the value in
Re: (Score:3, Informative)
Re: (Score:2)
Part of demonstrating compliance is the Audit Process. If TJX had an audit, the auditor at this point would be part of the problem and possibly subject to litigation and damages. The problem though is that the PCI-DSS fines didn't start kicking in until a couple of years ago, so TJX could have been working on PCI-DSS and not have completed there work.
It's a tough problem, for example, When I was working for a large airline, we couldn't get around to upgrading their WLAN infrastructure to be PCI-DSS compli
Re: (Score:2)
PCI does nothing at all compared to what COULD be done using the technology we already have available.
Consider if a credit card with a smart chip signed the transactions. Customer uses personal interface to authorize a charge. POS then presents a charge record complete with their merchant account number and if it is no more than authorized, the smart chip assigns it a serial number and signs it. Merchant presents the signed charge to CC company.
At that point, it doesn't matter in the least if someone grabs
Re: (Score:3, Interesting)
TJX may have not been in compliance with PCI, but if you left your house door unlocked to go to the corner store real quick, and someone ripped off your jewelty (or whatever you hold dear), you'd still want them punished. And even though you'd have laid some of the blame on yourself and learned a lesson, you'd still want the scumbag thief to face the music of committing the crime.
Re: (Score:2)
I think your analogy needs refinement.
1) Neighbor Asks you to watch their kid.
2) You agree, and watch them.
3) then you go to the store and leave the front door open.
4) You come back and the kid is gone.
5) Your neighbor is pissed but you just shrug your shoulders
6) Police give you a misdemeanor citation
Yes you still want the kidnapper prosecuted but you had direct culpability in the loss of the child. You were supposed to look after them but you didn't, in some places that will wind you up in jail. But sin
Re: (Score:2)
What's missing here is the fact that TJX didn't take reasonable precautions to protect the data.
Fully agreed. Until there's some serious liability for mis- and non-feasance when it comes to customer data, there's no incentive for these bozos to clean up their act.
All in all, I still bet this guy has about $10m buried someplace but still 20 years of your life is a very stiff sentence considering a plea bargain as well.
Here I'd disagree. This is being treated as a single offense, but it's actually an offense against millions of victims. If the sentence was proportionate to the offense, this guy would never see daylight again.
Re: (Score:2)
I agree that companies need to safeguard credit card data, but Visa/Mastercard doesn't even have something as simple as chip and pin for cards in the US.
PCI is a broken system, in that the cartel reaping all the benefits has no risk and foists off the responsibility for protecting card data to the merchant processors who get practically nothing, and then down to the merchants who are PAYING for the privelege of taking credit cards. Visa/Mastercard could and should develop a more secure system, but they won'
what the hell? (Score:2, Insightful)
"a Cuban-American who was born in Miami"
meaning: he's an american. he's born here, right?
so what's the fucking point of saying he's CUBAN-american? cuban-americans are more prone to cybercrime? what the hell is the significance of saying he's CUBAN-american. oh, a "real" american would never engage in cybercrime? what's that? an irish-american? an italian-american? when an irish-american robs a bank, do we say describe the crime, the sentencing and the criminal as "An Irish-American who was born in Philadel
Re: (Score:2)
I'm amazed by the amount of trouble americans go trough to sound PC (like 'african-american' and 'native-american') but in my opinion it only sounds more racist, especially when used in news items like this.
Re: (Score:2)
Re: (Score:2)
The fact to remember is: All Americans are
Re: (Score:2)
There are those who wish to retain their ethnic heritage. Those people are then not just Americans but chinese-American or African-American. Of course worth noting that all African-Americans I have encountered were white and from South Africa.
Bottom line is I think we agree on, it is no politically correct to call a black person African American just because of the color of their skin. If they are from Africa directly then it's fair because its based on knowing something personal about them.
Re: (Score:3, Insightful)
so what's the fucking point of saying he's CUBAN-american?
Maybe the author didn't want you to think that Gonzalez is a MEXICAN-american...
why? (Score:2)
who cares either way?
if he's born here, he's an american. end of fucking story. his parents were mexican? they were cuban? they were polish? they were indian? what's the fucking difference?
yes, i know, to SOME people the difference matters. and for those of you for whom identifying whether or not he's mexican or cuban is important, you're a racist asshole, EVEN IF you are the same ethnic background
Better than, "Your little Mexican friend." (Score:2)
I'm not Mexican yo! I'm Cuban, B.
"Ah yes, Cuban B!"
Re: (Score:2)
"Right near da beach. BOYEEEE!"
Man I haven't seen that movie in ages.
Self Defined as Cuban American - mayhaps (Score:2)
Maybe he declared himself a Cuban American. In Miami, the Cuban population, whether born here or not, are relatively proud of their Cuban Heritage, and often refer to themselves as Cuban Americans. Being a Floridian, I'm accutely aware of the self imposed distinctions often made by those people who are of Cuban descent.
Re: (Score:2)
I wish you could express outrage without resorting to the F-bomb, but yeah.
--SirGarlon, a Polish-English-Dutch-American born in New York
dude (Score:4, Funny)
you're born in new york fucking city and you're fucking complaining about dropping the fucking f-bomb?
fuck!
Re: (Score:3, Insightful)
Nah, its politically correct bullshit. The media has been bitten too often by failing to mention the $NONAMERICAN identifier that many American's think of themselves as, that they now do it reflexively.
In the local paper's websites comment section - I've seen the $NONAMERICAN's bitch and moan and try to have it both ways. If the paper mentions a $NONAMERICAN was drunk and caused an accident, they bitch (as you do) that the paper is racist for implying $NONAMERICAN's are drun
i actually agree with you (Score:2)
the issue is blind pride
people are prideful about things they shouldn't be proudful of
the only valid source of pride in this world is that you are an ethical HUMAN BEING
but if you are proud of being an {INSERT RACIAL/ NATIONALISTIC/ RELIGIOUS CHAUVINIST IDENTIFIER} you begin the process of talking about "us" versus "them", and, in your blind silly pride, actually wind up being the source of pretty much all the problems we have in this world
its getting better, very slowly but surely. someday, in the distant
Re: (Score:3, Insightful)
It's racist only if you say African-American or Jewish.
Re: (Score:2)
It's just like calling someone Afro-American, although he or she might have never been or linked to Africa in any way.
Re: What's the point? (Score:2)
so what's the fucking point of saying he's CUBAN-american?
It's not racism - it's an allusion to his cigar-rolling skills!
I think the sentence is wrong :) (Score:2, Interesting)
Don't give him 2 20-year concurrent sentences.
Give him a misdemeanor sentence of several hours per victim, stacked, then throw in a couple of felony charges with concurrent sentences so he'll have a felony record.
It amounts to the same amount of time, but when someone looks at his rap sheet he'll see millions of convictions on his record.
Re: (Score:2)
Don't give him 2 20-year concurrent sentences.
Give him a misdemeanor sentence of several hours per victim, stacked, then throw in a couple of felony charges with concurrent sentences so he'll have a felony record.
It amounts to the same amount of time, but when someone looks at his rap sheet he'll see millions of convictions on his record.
That means they'd have to try and convict him on millions of charges. The paperwork for that alone would kill the court system. Imagine having to read the ruling at the decision hearing. It'd take weeks.
TJ Maxx Slogan (Score:1)
way to go FBI (Score:1)
Now, how are those financial investigations of Wall St coming along ?
Free Kevin Mitnick! (Score:1)
Oh, wait. . .Deja vu.
I loved his defense! (Score:2)
How can you have a fair trial? Illegal trial. (Score:1)