Inside The Mind Of The Most Epic Credit Card Thief of All Time

Remember the hacks of TJ Maxx and Marshall’s that resulted in hundreds of millions of credit card numbers getting stolen? Here’s an in-depth profile of the 29-year-old mastermind behind them all, now serving a 20-year prison sentence. Too bad the Skull Gang doesn’t take plastic.

The Great Cyberheist [NYT]


Edit Your Comment

  1. chefboyardee says:

    “Too the Skull Gang doesn’t take plastic”

    Consumerist has editors, right? That’s like the 5th thing like this today.

    • DerangedKitsune says:

      I’m thinking not. The sheer amount of gramatical mistakes on this site on a daily basis is a disgrace.

      Okay, the comments don’t have an edit button (and are often tossed off by people who don’t give them much thought), but surely the articles can be changed! I mean, come on! Most pathetic part is that the articles aren’t even that long and could be proofed and corrected in

    • Communist Pope says:

      While they have editors, chances are they don’t have an overall copy editor. And having worked in editing for longer than I care to admit, catching one’s own mistakes isn’t nearly as easy as many seem to think it is.

    • roothorick says:

      More likely, they’ve figured out that just by being popular, they now get free editing through people like you. Ever notice that the typo is always corrected shortly after a comment like this is made?

  2. aloria says:

    “…EFnet, an Internet relay chat network frequented by black hats.”

    Yeah, I stopped reading right there.

    • BuddhaLite says:

      The author must be a protege of John Markoff.

    • bubbs says:

      EFnet was run by blackhats back in the mid 90s like the story said
      ” Watt met Gonzalez when both were teenagers, on EFnet, an Internet relay chat network frequented by black hats.”
      “Once muscular and tan, Gonzalez, who turned 27 and 28 behind bars, was pallid and thin.”

      IRC still is one of the places hackers go to talk.

  3. booboloo says:

    Interesting story but it places too little responsibility on the stores who just cheaped out on security and knew that there were no real consequences for losing customer information.

    • intense_jack says:

      That’s not entirely true. TJ Maxx is still under litigation for the hack in the original article and was fined $41 million at last count. This amount doesn’t reflect the civil damages they’ll get in the pending lawsuits. Some companies, if they’re found to be in major violation, won’t be allowed to process CC’s until they get their shit fixed.
      Some of the other companies that were hacked simply didn’t know enough about proper coding and security – many still don’t. Others don’t set up their networks properly because of either cost or the prohibitive technology required. Most companies still don’t do a security code review on applications (which is where the next security frontier is, in my opinion) despite so many applications opening up security vulnerabilities in the past (RealPlayer anyone?).

    • TasteyCat says:

      Yep, it talks about how he cost them $400 million. No, he didn’t. They cost themselves by leaving the door open because they were too cheap to buy locks. He just walked in.

    • Loias supports harsher punishments against corporations says:

      You forget that this was the early days of these kinds of business databases and there wasn’t much of a standard on how they handled these systems. They are built their digital infrastructure very quickly and then tried to catch up. That’s not much of an excuse, but it’s not that black and white.

  4. SonarTech52 says:

    Wow, that was a long article… Interesting though, might make a good movie..

  5. DigitalShawn says:

    Very interesting read, not long ago RS had an article about this, but not the in-dept interviews with Albert himself.

  6. jiarby says:

    I love hearing how people spending 20 years in jail are “masterminds”! LOL!
    They sound like greedy dumba$$es too lazy to work for an honest living. I will be he wishes now that he was making 30k driving a trash truck or something instead of dodging “da boyz” in the shower for the next 20 years.

    Criminal masterminds are real smart… up until the part where they get caught.

    • andrewe says:

      Well, if you’ve read the article, you’ll see that he was working around the clock and taking drugs to stay awake. The authorities freely noted that he was extremely adept at bringing a crew of people, across several continents, together to pioneer new intrusion techniques. Pretty much the definition of an extremely hard working mastermind. Once found out he continued to break the law while simultaneously working with federal authorities.

      Once he completes his prison sentence I am sure he has enough money stashed away to more than make up for the loss of a 30k a year garbage collection job.

      Care to tell us what you’ve accomplished lately?

  7. Fantoche_de_Chaussette says:

    20 years for a non-violent crime? Really?

    America has 2.5 million prisoners, five times more than just a generation ago.

    One out of 53 American adult males is currently behind prison bars. Our incarceration rate if 5-7 times higher than that of Canada and Western Europe.

    WTF, America? How did we become the the world’s most prison-happy country?

    • KyBash says:

      You’re looking at only part of the numbers. Add in the number of crmes and the percentage of crimes solved, and you’ll see we’re not out of line.

      • OnePumpChump says:

        Out of line with what?

        The US imprisons more people, in absolute and relative terms, than any country in modern history, INCLUDING the USSR under Stalin (well, that one’s close, and only true under some estimates).

        That said, if you can make millions off a crime, it might be worth spending a few years in jail for it, so long as you can keep the money. So for some non-violent crimes, long sentences can make sense.

    • Groanan says:

      Agreed, 20 years for non-violent crimes is ridiculous.

      The punishment for committing financial crimes should be removal of privacy and garnishment of wages.

      Take the money that would be spent on keeping fraudsters/thieves in prison, and instead place them under the watch of an agent, who checks their bank accounts and electronic communications, and who conducts random home inspections. Garnish the wages of the person on probation and have that subsidize the program.

      Leave prisons for those who pose a danger to society due to their inability to refrain from causing physical harm to others.

      • vastrightwing says:

        I have one simple question. Why are none of the top execs of Goldman Sachs/Lehman Bros/Merrill Lynch/BoA in Jail?

        We all know the answer, of course, hypocrisy much?

      • Megalomania says:

        20 years for stealing the financial information from a nontrivial percentage of the population of the entire planet seems pretty low to me, personally. He may be a nonviolent criminal, but the sheer number of people affected and the number of crimes committed merit heavy punishment.

        • Groanan says:

          I am not sure how additional years are additionally punitive.
          Unless the punishment is to be anal rape, or being aged so you can no longer enjoy what you used to enjoy (and perhaps die in prison); both of which I would consider cruel and unusual punishment for non-violent theft.

          Maybe I am just overly caring, but I think if I had a federal agent up my ass for twenty years, and my computer was bugged, with all my financial accounts monitored, and with inspections coming whenever they wished, I would feel very punished.

    • TasteyCat says:

      I agree that America is all too happy to imprison people for longer than the rest of the civilized world for lesser crimes (yet it does nothing to help our crime rate). Luckily we can keep printing trillions of dollars to sell to China to pay for it. But the most notable moron in the story left a country where he was completely safe, and ended up getting 30 years in a Turkish prison, which can only be assumed is a far worse fate.

    • Blueskylaw says:

      Bernie Maddofs crime was also non-violent, so what should he have gotten for stealing $65 BILLION Dollars and the life savings of thousands of people? Five years maybe with time off for good behavior?

  8. humphrmi says:

    I remember when the TJX compromise was announced – they made a big deal about how everyone’s data was safe, it was a very sophisticated breach that their expert security systems missed and wouldn’t miss again.

    Now, I read that it was a simple WiFi sniff combined with a SQL injection, something anyone can accomplish with Google and a laptop.

    Not like I believed them then, but there’s no need to ever believe them (or any other company that is compromised and minimizes it in their press release) again.

    • econobiker says:

      My ex-wife’s debit card got wacked in the TJ Maxx deal. Thing was that they cloned it and spent about $2k during a Saturday in NYC starting with the test $2 transaction at a coffee shop, hitting Bananna Republic for $1700, all meals all day long, and then ending with a few drinks at a bar Sunday morning.

      Then my bank’s security folks (the former AmSouth) tried to turn it on me. “Are you sure no-one had the card?” “Yeah, the card has been in the bottom of a filing cabinet for the last 6 months.” Then they made out like they had never heard of card cloning when I told them that is most likely what had happened. The thing was that we were at the front end of the issue with it happening in 2005 so this probably hadn’t hit all of the security departments of banks yet. It first was reported in the SF Chronicle on line if I remember.

  9. sopmodm14 says:

    they gave him 20 yrs , while his millions of victims have their whole lifetimes to struggle back, all while paying taxes to support this scumbag in jail

    • veronykah says:

      You know you don’t have to pay for charges that are incurred by identity theft right?
      Guess not.

      • Blueskylaw says:

        Some people have to spend hundreds of hours on the phone, writing letters to credit agencies, explaining to lenders why their credit is shot. This is definitely not a crime that is cheap to fix for the victim.

  10. Sakura77 says:

    My Visa check card was one affected by this. I woke up one morning to find charges flying out of my account left and right from the person who bought my information. What a nightmare. I hope the guy rots in jail.

  11. Press1forDialTone says:

    If I had been the judge it would have been 2 -consecutive- life
    terms with no chance of parole and no direct access to any
    technology; yeah hey not even a TV remote…I’m just say’in
    Let’s send a message.

  12. Tightlines says:

    I can’t wait to read the story of all the Wall Street crooks who tanked the economy and are now serving hard time.

    Did I say “serving hard time”? I meant “collecting their bonuses.”

  13. DrLumen says:

    Yes, the guy is a sleaze. Yes, he should be in prison. But, IMHO, 40 years is a bit too long. I believe the companies are as much to blame as this guy. When they keep their CC data in a lean-to on the side of a freeway complete with drive-up window can you really blame anyone but them? From strictly a business standpoint (morals aside) If a bank keeps all their deposits stacked on the sidewalk out front is it really the fault of someone that happens to pick up a stack? The companies he hacked into really don’t care about the hack because it wasn’t their money.

    “30 years in a turkish prison” Oww, OWWW!!! lol

    • econobiker says:

      The companies and the software/hardware/credit processing vendors all share the blame. They want to process transactions quickly to get money but they needed to have respected the customer and should have figured on criminals going after the “money” sources. But these entities did neither.

  14. bruce9432 says:

    The story has got the NYT taint, therefore not worth reading.

  15. IGNORE says:

    Good work. I hope the detective gets a promotion. TOM

  16. aikoto says:

    Mastermind? The guy took advantage of weak wireless traffic. Sounds more like negligence on TJ Maxx’s part than anything.