Computer hacker Albert Gonzalez deserves a quarter-century behind bars for leading a gang of cyberthieves who stole tens of millions of credit and debit card numbers from a transaction processor and several giant retail chains, federal prosecutors argued in a court filing Thursday night.
"[T]he sentences would be the longest ever imposed in an identity theft case and among the longest imposed for a financial crime, which is appropriate because Gonzalez was at the center of the largest and most costly series of identity thefts in the nation's history," wrote Boston-based Assistant U.S. Attorney Stephen Heymann. "He knowingly victimized a group of people whose population exceeded that of many major cities and some states."
The government also disputed a defense claim that Gonzalez suffers from Asperger's disorder, a mild form of autism that was grounds for a slightly reduced sentence in a previous hacking prosecution.
Gonzalez, 28, is set for sentencing next week on three indictments covering virtually every headline-making bank-card theft in recent years, including intrusions at TJX, DSW Shoe Warehouse, Office Max, Hannaford Brothers, 7-Eleven, and Heartland Payment Systems, which alone exposed magstripe data on 130 million credit and debit cards. He performed the intrusions while an informant for the Secret Service.
The hacker's plea agreements contemplate a total prison term of between 17 and 25 years.
In December, Gonzalez's lawyer, Martin Weinberg, argued for the low end of the sentencing range, pointing out that Gonzalez cooperated with the government against his U.S. co-conspirators and two Eastern European hackers known as "Grigg" and "Annex." Weinberg also argued that Gonzalez was driven by a psychological obsession with computers, submitting a report by a defense-paid psychiatrist that found the hacker's behavior consistent with Asperger's disorder.
Over defense objections, a federal judge allowed a government-paid psychiatrist to also examine the hacker, and that expert came to a different conclusion, noting that Gonzalez appears to have no problems forging social and romantic relationships.
"I found considerable evidence of Mr. Gonzalez's substance abuse and probable antisocial personality disorder," wrote Dr. Mark Mills, in a report (.pdf) also filed Thursday. "I found no evidence of Asperger's disorder or internet addiction."
Heymann added that Gonzalez's leadership role also belies the Asperger's claim. "Those with Asperger’s are almost by definition not leaders," he wrote. "Instead they are followers, often perceived as peripheral, isolated and strange."
To bolster its argument, the government included excerpts of chat logs showing Gonzalez coolly negotiating with "Maksik," the Ukrainian carder who resold Gonzalez's stolen card data to the underground.
"He was not a psychologically incapacitated lost soul," wrote Heymann.
Gonzalez is set for sentencing Thursday in U.S. District Court in Boston for the TJX, Office Max, DSW and Dave & Buster's breaches. He appears in front of a different judge the next day for sentencing on the Heartland, Hannaford and 7-Eleven thefts. Threat Level's Kim Zetter will be in the courtroom to report on both hearings.
Additional disclosures in the government brief (.pdf) include:
It took Gonzalez two years to find someone to decrypt the PIN codes for 11 million debit and cards he stole in the 2003 to 2004 Office Max breach.
Gonzalez told Maksik his goal was to earn $15 million from his scheme, buy a yacht and retire.
Outside consultants from General Dynamics nearly hacked Gonzalez while he was in TJX's network ("after those faggots at general dynamics almost owned me with 0day while I was owning tjx I don’t want to risk anything").
The government filing acknowledged for the first time that Gonzalez, while a Secret Service informant, provided assistance to Michigan hacker Brian Salcedo in a 2003 intrusion into the Lowe's hardware store chain. Salcedo told Threat Level that Gonzalez pressured him to go through with the attack, which ultimately netted Salcedo a then-record nine-year prison term.
Photo of Albert Gonzalez courtesy of law enforcement
See Also:
- Record 13-Year Sentence for Hacker Max Vision
- TJX Hacker 'Will Never Commit Any Crime Again'
- Document Reveals TJX Hacker's Assistance to Prosecutors
- TJX Hacker Was Awash in Cash; His Penniless Coder Faces Prison
- Indicted Federal Informant Allegedly Strong-Armed Hacker Into Caper That Drew 9-Year Sentence
