Police hacker informer stole 130 million credit card details

Posted

A US hacker who once informed on the criminal underworld for the secret service has been working with Russian criminals to carry out a series of digital burglaries, prosecutors say.

The indictment of Albert Gonzalez, 28 claims that, along with two Russians, made off with more than 130 million credit and debit card numbers from late 2006 to early 2008.

Prosecutors called it the largest case of computer crime and identity theft ever prosecuted.

The targets were the computer networks of Heartland Payment Systems, a payment processor in Princeton,  7-Eleven, Hannaford Brothers, a regional supermarket chain and two other retailers.

The stolen credit and debit card numbers were then sold online, and some were used to make unauthorized purchases and withdrawals from banks.

Gonzalez has been in jail since May 2008, when he was arrested as part of a data theft at the Dave & Buster’s restaurant chain and is still awaiting trail on other cases of thefts of credit and debt cards.

But what has surprised investigators is that Gonzalez once worked with them. In 2003, after being arrested in New Jersey in a computer crime, he helped the Secret Service and federal prosecutors in New Jersey identify his former conspirators. However once free he reconnected with his old associates and got back into the game.

The New York Times  said that he used a shopping list of Fortune 500 companies. The online attacks took advantage of flaws in the SQL programming language.   Gonzalez used “sniffer” programs on corporate networks which intercepted credit card transactions as they were made and transmitted the numbers to servers he leased in the United States, the Netherlands and Ukraine.