August 17, 2009 -- A former informant for the Secret Service was one of three men charged today with stealing credit and debit card information from 130 million American accounts in the largest data breach in U.S. history. The former informant, Albert Gonzalez of Florida, was alleged to have been the ringleader of the hacking operation, officials told ABCNews.com
Gonzalez and two other unidentified hackers believed to be from Russia have been charged with hacking into Heartland Payment Systems, 7-11 and Hannaford Brothers Company. Heartland announced the series of intrusions on Inauguration Day earlier this year and reported them to authorities.
Gonzalez has previously been charged in a case involving the restaurant chain Dave & Busters, where almost 5,100 credit card numbers had been taken from their computer systems. Also known as "Segvec", "SoupNazi," and "j4guar17," Gonzalez was previously charged in that case with wire fraud conspiracy along with Maksym Yastremskiy. Yastremskiy, who hails from Kharkov, Ukraine, and several associates were indicted in the U.S., accused of installing sniffing software at the restaurant chain Dave & Busters. The indictment in that case was overseen by the U.S. Attorney's Office in the Eastern District of New York.
Gonzalez, according to Justice Department officials, is believed to be the ring leader of a prolific hacking network that spans over five years of serious criminal activity. In a statement today, Acting U.S. Attorney Ralph J. Marra Jr said, the investigation "marks the continued success of law enforcement in tracking down cutting edge hacking schemes committed by hackers working together across the globe."
Gonzalez was originally arrested in 2003 by the U.S. Secret Service and began working with the agency as an informant. Federal investigators say they later learned that the hacker had been tipping off other hackers on how to evade detection of security and law enforcement worldwide. It was this investigation, authorities say, that led them to learn that Gonzalez was also involved in a data breach of the TJX Corporation, which involved up to 45 million credit card numbers being targeted.
After concluding that Gonzalez had become a rogue informant, officials say they decided to charge him in the TJX case in an indictment out of the U.S. Attorney's Office from Boston. That breach compromised cards processed at the corporation which includes discount stores in the U.S. such as T.J. Maxx, Marshalls and the T.K. Maxx chain in Europe. Gonzalez was charged along with 10 other defendants for also hacking into BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.
The new charges returned by a grand jury out of New Jersey allege that Gonzalez provided "sniffer" software used to intercept the credit and debit card numbers for the Russian hackers. The indictment also mentions an unindicted coconspirator only identified as P.T, who is believed to split his time between Virginia Beach and Miami.
The indictment alleges that P.T and Gonzalez would visit retail store locations and conduct surveillance to locate their computer servers to gain access to the store's corporate headquarters. "Gonzalez and P.T. would travel to retail stores of potential corporate victims, both to identify the payment processing systems that the would-be victims used at their point of sale terminals (e.g., "checkout" computers) and to understand the potential vulnerabilities of those systems," the indictment alleges.
It is unclear how many of the compromised numbers resulted in fraudulent transactions, Robert Siciliano, an identity theft expert and consultant in Boston told ABC News. "I can't imagine that with so many cards compromised that there would be no fraudulent purchases," said Siciliano. He added that the companies involved do not have to disclose if cards were actually used. "It's not in the best interest of retailers to disclose this either, since the purchases would have to be nullified," he said.
The charging documents also allege that Gonzalez and the other hackers openly discussed targeting Hannaford Brothers supermarkets In reference to a March 2007 internet chat, the indictment alleges that Gonzalez and the other hackers openly "participated in a discussion over an internet messaging service in which one of the participants stated 'planning my second phase against Hannaford.'"
Dave and Buster's Case
The hackers used a series of computers they leased and established in New Jersey, California, Illinois, Latvia, the Netherlands and Ukraine as part of their hacking platform, according to the indictment. It also alleges that "Gonzalez, HACKER 1, HACKER 2, and P.T. would conceal their efforts to hack into the corporate victims' networks by, among other things, leasing the hacking platforms under false names, communicating over the Internet using more than one messaging screen name, storing data related to their attacks on multiple hacking platforms, disabling programs that logged inbound and outbound traffic over the hacking platforms."
The indictment also alleges that the hackers hid their tracks, "through the use of 'proxies' the Internet Protocol addresses from which their attacks originated."
Gonzalez is facing trial next month for the Dave and Buster's case in New York and trial in 2010 for the TJX case in Boston.
A Secret Service spokesman acknowledged that Gonzalez had been an informant in other cases but declined to provide specifics of his previous work for the agency. Gonzalez' attorney did not immediately return a call from ABC News.