A computer hacker accused of masterminding one of the largest cases of identity theft in U.S. history agreed Friday to plead guilty and serve up to 25 years in federal prison for his crimes.
Albert Gonzalez of Miami was charged with conspiracy, wire fraud and aggravated identity theft charges in federal courts in New York and Boston. Court documents filed in federal court in Boston indicate the 28-year-old Gonzalez agreed to plead guilty to 19 counts and combine the two cases in federal court in Massachusetts.
Additional charges against Gonzalez are still pending in New Jersey, but they are not currently part of the plea deal.
The Miami man is accused of swiping the credit and debit card numbers of more than 170 million accounts; officials said Gonzalez was the ringleader of a group that targeted large companies such as T.J. Maxx, Barnes and Noble, Sports Authority and OfficeMax, among others.
Friday’s plea deal on the New York and Massachusetts charges ensures that he will be behind bars for 15 to 25 years. If convicted of all the charges in the plea agreement — and if he had been sentenced to the maximum — he would have received a sentence of several hundred years.
Gonzalez must forfeit his computers, condo, car, and cash; agents seized $1.1 million buried in his parents’ backyard. His girlfriend must give back a Tiffany ring Gonzalez gave her and his father and friends have to return Rolex watches he gave to them.
He also will be restricted in his computer and Internet usage during his five years of post-prison, supervised release. That could be the toughest part of the sentence for a hacker who admitted being obsessed with computers.
Gonzalez, who was known online as “soupnazi,” was born and raised in Miami and got his first computer as a boy. In high school, he used a computer in his school’s library to hack into an Indian government Web site — the FBI was called but Gonzalez was not charged with a crime.
Palomino said Gonzalez was a self-taught computer genius whose interest in technology turned into an addiction. In 2003, Gonzalez was arrested for hacking but not charged because authorities said he became an informant, helping the Secret Service hunt other hackers.
But Gonzalez continued to use his talents in the shadowy online world of data mining. Over the next five years, authorities said, Gonzalez continued to hack into the computer systems of Fortune 500 companies even while providing assistance to the government. A judge allowed him to move from New Jersey back to Florida in 2004, and court documents alleged that Gonzalez hacked into the national restaurant chain Dave & Buster’s.
Gonzalez lived a lavish lifestyle during that time, buying his girlfriend a Tiffany diamond ring, throwing a $75,000 birthday party for himself, and considered investing in a nightclub. Gonzalez allegedly dubbed his hacking operation: “Get Rich or Die Tryin’.”
Court records also show that he gave his father and two of his friends Rolex watches, along with amassing some $2.8 million. He bought a Miami condo and a blue BMW.
In May of 2008, federal authorities arrested Gonzalez while he stayed with his girlfriend at the luxurious National Hotel on Miami Beach. Agents seized $22,000 in cash, lots of computer equipment and a Glock 9 mm handgun from his hotel room.
Indictments in New York and Massachusetts said that Gonzalez and two foreign co-defendants used hacking techniques that involved “wardriving,” or cruising through different areas with a laptop computer and looking for retailers’ accessible wireless Internet signals. Once they located a vulnerable network, the hackers installed “sniffer programs” that captured credit and debit card numbers as they moved through a retailer’s processing computers — then tried to sell the data overseas.
Gonzalez was in the process of negotiating a plea agreement on those charges when, on Aug. 17, 2008, the U.S. Attorney’s office in New Jersey brought additional charges against him. Prosecutors said he targeted customers of convenience store giant 7-Eleven Inc. and supermarket chain Hannaford Brothers Co. Inc. He also targeted Heartland Payment Systems, a New Jersey-based card payment processor.
In the most recent indictment, authorities said Gonzalez and his cohorts used a different technique to hack into corporate networks and secretly place “malware,” or malicious software, that would allow them backdoor access to the networks to steal data later.