TJX Hacker Admits To More Hacking Charges

Notorious hacker Albert Gonzalez, who has already coughed up to hacking TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority, has now also pleaded guilty to cracking the networks of Heartland Payment Systems, 7-11 and Hannaford Brothers.

The hacks netted Gonzalez access to data from tens of millions of credit and debit cards.

Gonzalez previously pleaded guilty in September to hacking into the systems of “major U.S. retailers including TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority” and the Dave & Buster’s restaurant chain, the Department of Justice said in a news release 29 December. “The case is one of the largest data breaches ever investigated and prosecuted in the United States.” More than 40 million credit and debit card numbers were stolen as a result of the hacking activity.

“Based on the terms of the [29 December] plea agreement, Gonzalez will not seek a prison term under 17 years and the government will not seek a prison term of more than 25 years,” the DOJ said. In his previous convictions, Gonzalez faces a minimum of 15 years and a maximum of 25 years in prison. The sentences will run concurrently.

“The conviction of Gonzalez, and the unravelling of one of the most complex and large-scale identity theft cases in history, should serve as a reminder to hacker organisations that the Department of Justice will vigorously investigate and prosecute cyber-crimes, regardless of their sophistication and global reach,” US Attorney for the District of Massachusetts Carmen Milagros Ortiz said in a statement.

According to the DOJ, “Gonzalez leased or otherwise controlled several servers … and gave access to these servers to other hackers, knowing that they would use them to store malicious software … and launch attacks against corporate victims. Malware used against several of the corporate victims was also found on a server controlled by Gonzalez. Gonzalez tested malware by running multiple antivirus programs in an attempt to ascertain if the programs detected the malware. According to information in the plea agreement, it was foreseeable to Gonzalez that his co-conspirators would use malware to steal tens of millions of credit and debit card numbers, affecting more than 250 financial institutions.”

“The Department of Justice will not allow computer hackers to rob consumers of their privacy and erode the public’s confidence in the security of the marketplace,” Assistant Attorney General Lanny Breuer said. “Criminals like Albert Gonzalez who operate in the shadows will be caught, exposed and held to account. Indeed, with timely reporting of data breaches and high-tech investigations, even the most sophisticated hacking rings can be uncovered and dismantled, as our prosecutors and agents demonstrated in this case.”