Historic Hacks: Albert Gonzalez
If you’ve ever wondered about the availability of your debit or credit card number on the internet, you can thank today’s historic hacker. Albert Gonzalez made history when he resold more than 170 million credit and ATM numbers to the highest bidder. Read on to hear how he did it and, more importantly, how he was caught.
The crime:
Between 2005 and 2007, Albert Gonzalez accomplished the largest SQL Injection fraud in history. SQL Injection is a code injection method hackers use to corrupt databases. It is a somewhat common hacking method typically used to place malicious code into sections of a data-driven application.
According to various sources, Gonzalez and his accomplices created backdoors, or vulnerabilities, to create attacks focused on what is called packet sniffing. Packet sniffing is a way for analysts to sort packets as the data travels from source to receiver. However, Gonzalez used the software for his own nefarious activities to access private information within databases.
Gonzalez then hacked into the systems that stored primary banking information, retrieved identifying numbers like credit and debit cards, and stole millions of dollars from banking customers. His actions led to three federal indictments and a twenty-year prison sentence.
The beginning:
Albert Gonzalez was born in Cuba in 1981. He bought his first computer at the age of twelve and hacked into NASA at fourteen. Suffice to say, working with computers came naturally to Gonzalez. He attended high school in Miami, Florida, and eventually moved to New York before settling in New Jersey.
During Gonzalez’s criminal career, he created a group of hackers called ShadowCrew. The crew stole 1.5 million credit card numbers and sold passports, IDs, insurance cards, and banking information at auction. ShadowCrew reportedly had 4000 registered users on the website. Once registered, users could watch tutorials and take courses on how to steal sensitive information from unsuspecting victims. The Secret Service estimates that ShadowCrew stole up to $4.3 million. Gonzalez was also the mastermind behind the TJX hacking, which included the theft of 45.6 million credit and debit cards from 2005-2007.
The end of the line:
Gonzalez’s crime spree came to an end on May 7, 2008. His charges resulted from hacking into Dave & Buster’s corporate systems where he stole 5000 credit card numbers. The United States government subsequently charged Gonzalez with two more federal indictments: one for the TJX hack, and another for a Heartland Payment case where Gonzalez stole 130 million card numbers from Citibank ATMs located at local 7-Eleven convenience stores. Upon arrest, the Secret Service found over $1 million buried in the backyard of Gonzalez’s Miami home.
In the end, the courts sentenced Gonzalez to twenty years as part of a plea deal if he agreed to plead guilty to all 19 counts. Three co-defendants also received sentencing: Stephen Watt who received two years in prison and $250,000, Damon Patrick Toey who received five years in prison, and Christopher Scott who received seven years in prison. Gonzalez is up for parole in 2025.