ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

TJX hacker gets 20-year jail sentence

By | March 25, 2010, 1:44pm PDT

Summary: The mastermind hacker behind the TJX and Hannaford data breaches has been sentenced to 20 years in jail.

Convicted cyber-criminal Albert Gonzalez, the mastermind hacker behind the TJX and Hannaford data breaches, was today sentenced to 20 years in jail.

According to Wired’s Kim Zetter, the sentence relates to hacks into TJX, Office Max, Dave & Busters restaurant chain, Barnes & Noble and a string of other companies.  He still faces sentencing in the Hannaford case.

Gonzalez, 28, who dubbed his criminal enterprise “Operation Get Rich or Die Tryin’,” argued in court filings that his only motive was technical curiosity and an obsession with conquering computer networks. But chat logs the government obtained showed Gonzalez confiding in one of his accomplices that his goal was to earn $15 million from his schemes, buy a yacht and then retire.

The government claimed in its sentencing memo that companies, banks and insurers lost close to $200 million, and that Gonzalez’s credit and debit card thefts “victimized a group of people whose population exceeded that of many major cities and some states.”

Gonzalez’s crimes were committed mostly between 2005 and 2008 while he was drawing a $75,000 salary working for the U.S. Secret Service as a paid undercover informant.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Sentence, Ryan Naraine, Hacker, Hacking, Security

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
33
Comments
Add Your Opinion

Join the conversation!

Just In

RE: TJX hacker gets 20-year jail sentence
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.
View in thread
0 Votes
+ -
Bye bye
klumper 25th Mar 2010
And keep your back covered where you're heading scuzbucket.

Gonzalez?s crimes were committed mostly between 2005 and 2008 while he was drawing a $75,000 salary working for the U.S. Secret Service as a paid undercover informant.

Not even a poor bastard which might have mitigated things. pffftt
0 Votes
+ -
Figures.
AzuMao 25th Mar 2010
The government needs to protect us from itself, as usual.
0 Votes
+ -
Money for nothing
klumper 25th Mar 2010
The government needs to protect us from itself, as usual.

Wha? You mean, for squashing a snitch who chose to overstep the call of duty? You know, agents of the status quo don't like being played for dopes either, right?

Look, the punk has formidable hacking skills he could have put toward something worthwhile as opposed to self-aggrandizement (of the distinctly illegal kind). Instead he chose to pimp agencies that simply pass their losses onto hapless client bases (you and me and little old ladies with pensions) to cover by way of increased premiums and prices.

Not that Hotshot Al could give a hoot. He'd be sunning in the Bahamas, laughing up his sleeve as he strolled to the local bank - and then favorite seaside watering-hole. This crap has become the new American Dream of Wall Street shysters, stooges and scores of small time losers alike - strive for MONEY FOR NOTHING.

Screw that. Be productive, or pay for screwing those who can least afford such losses - yeah, the unwashed working stiffs of the world - be it directly or indirectly.
0 Votes
+ -
My bad. I thought the article said he was part of the government.
AzuMao 25th Mar 2010
0 Votes
+ -
Interesting, isn't it?
Irritated_User Updated - 26th Mar 2010
Interesting, isn't it? Have you noticed how laws that benefit the powerful are 'better' in some way? The sanctions are tougher and we rabble are the more likely ones to break laws; moreover, the 'beneficial' clauses act like affirmative action for those who benefit from them.

If you leave your house unlocked and someone enters and steals something it's just stealing.

On the other hand, if your house is locked and someone breaks in and steals the same object then that's break and enter/burglary--a much more serious crime!

As most computers are effectively unlocked these days, why then was Gonzalez given a sentence equivalent to burglary?

No, the law is not an ass, it was deliberately designed this way. This is what happens when those 'citizens' who are more 'equal' than the rest of us exercise more effective control over the legislature than we ordinary citizens are able to.

It's just another--almost imperceptible--instance of how our democracies are crumbling before us.
0 Votes
+ -
Oh I forgot to mention another example of heavy-handed law.
Irritated_User 26th Mar 2010
Oh I forgot to mention another example of heavy-handed law introduced by the powerful for the purposes of keeping the masses under control: that of the RIAA versus Joel Tenenbaum: http://government.zdnet.com/?p=5183.

Inappropriate heavy-handed law has screwed Tenenbaum into the ground as a warning and example that we masses are not to mess with the likes of the RIAA.

Power is everything, they have it in abundance, we've precious little.
0 Votes
+ -
RE: TJX hacker gets 20-year jail sentence
lovedong 13th Sep
Thank you so much. replica watches
0 Votes
+ -
RE: TJX hacker gets 20-year jail sentence
blackhawk556 25th Mar 2010
what a dork. he had a good job and blew it

dont drop the soap buddy lol
0 Votes
+ -
Looks like a happy ending
Prognosticator 25th Mar 2010
Should have given him 21 years
0 Votes
+ -
victim celebrates
GDF 26th Mar 2010
I think I'll have a little lunch party today to celebrate this. I was one of the millions of victims of the TJX breaches and had to replace my main credit card twice as a result. Each time the process was a major pain in the keister. 20 years seems a little harsh compared to what I went through, but I guess if you multiply that by all the victims it seems more appropriate.
0 Votes
+ -
Who got the other $185 million ?
TxM2xTx 26th Mar 2010
It says he wanted only $15 million and then retire. But companies, banks and insurers lost $200 million. Where did the remaining $185 million go ? Would this sound like some white wash scheme or some other fraud ?

Also I don't see how an insurer can lose money in this case? People probably paid for insurance, were duped by this criminal, and then should have gotten some insurance payouts. Does not mean insurance company lost money because of it. Or am I being naive here ?
0 Votes
+ -
The cost of cracking is larger than the benefit
rarsa Updated - 26th Mar 2010
If someone breaks into your car smashing the window and rips the console to remove the $100 stereo:
What would you say was the benefit for the thief? probably less than $100 as he'll need to sell the stereo in the black market.

What would you say was your loss?
100 Replace Stereo
500 deductible from insurance company
??? in increased insurance premiums
300 in a new alarm and security system for your car
200 your time reporting it and doing all the paper work
...

Do you want me to keep going?

I hope this explains how the loss to the companies is many times larger than the benefit to the cracker.

NOTE: Hacking is a fun and worthy activity (check the dictionary) Cracking and steeling are not.

Hack :Computers. to devise or modify (a computer program), usually skillfully.
0 Votes
+ -
But..
AzuMao 26th Mar 2010
..unless he was purposefully trying to cause damage, why would damage be done "breaking into" a computer?

I mean there is no actual force involved. A better analogy would be finding a legal loophole that allowed you to sue someone who did nothing wrong.
0 Votes
+ -
More analogies
rarsa 26th Mar 2010
A guy picks the lock from your home, sleeps in your bed, watches your TV.

Even if he does not break or steal anything, would you call the police to investigate once you notice it? Do you think he can be charged?

Even more in this case where, as I understand, there was actually data theft.
0 Votes
+ -
Okay, that's an even better analogy.
AzuMao 26th Mar 2010
Just add in "and makes a copy of your credit card number before leaving" and it's perfect.
0 Votes
+ -
Overseas co-conspirators
02Pete 27th Mar 2010
Other coverage indicates that Gonzalez was only one of multiple people involved in committing these crimes. He had co-conspirators in the U.S., Turkey and Russia. He identified ways of hacking into commercial credit card systems used to process credit card payments for purchases, and provided access to others who used the credit card information to steal money. Most of the other $185 million went to Turkey and Russia.
0 Votes
+ -
Ryan, It wasn't his hacking but his craking and steeling
rarsa 26th Mar 2010
He claims that he was just hacking.

He actually got into trouble because he started cracking and stealing.

Please check your dictionary and don't perpetuate the myth that hacking is illegal.

Hacking: Computers. to devise or modify (a computer program), usually skillfully.
0 Votes
+ -
RE: TJX hacker gets 20-year jail sentence
TMANIAC 26th Mar 2010
Good luck to him and his new $1 a day job as pretty boy biatch to Bubba.

Hope the little a'ss hole gets punked 3 times a day.
0 Votes
+ -
This is quite different....
mhbowman@... 26th Mar 2010
from yesterday's responses on how much time he should get.

A lot of talk about how the expense associated with a prison sentence wasn't justifiable, because it was white collar crime.

I'm glad they threw the book at him. Statistics show that he will still serve only a third of his sentence at most.
0 Votes
+ -
yaaaaaaaay
walkerjian@... 26th Mar 2010
may you rot in hell. And may a wire brush be used
regularly to remind you of the just fate awaiting all
hackers crackers and perverts exploiting folks around
the world. Maybe an internet collection should be
started to finance the albert entertainment committee
in jail. Ready for daily scrub alby? Up the ass alby?
gooooood

Now to bring down the music mafiaa, entertainment
mafiaa and medical mafiaa and their stooges in
government and law enforcement.

The brush of truth and justice awaits
0 Votes
+ -
RE: TJX hacker gets 20-year jail sentence
klpoh@... 26th Mar 2010
I think that in addition to very stiff jail sentences the law should be changed to allow his hands to be cut off so that he will not be able to cheat using his computers for the rest of his damn life! Something like what the muslim do to thieves...
0 Votes
+ -
Or not.
AzuMao 26th Mar 2010
Guess what happens when later evidence proves your innocence, but you're hands have already been cut off? They can't just be taped back on with a "sorry", you know.

Anyways, most code nowadays is written hands-free by applying one's cranium to a keyboard, and rolling it side-to-side.
0 Votes
+ -
Nice.
AzuMao 27th Mar 2010
Way to go, whichever mod decided citing documents from the EFF was an act of spam.
0 Votes
+ -
Random Deletions
lehnerus2000 2nd Apr 2010
There has been a lot of that sort of thing recently.

lehnerus2000
0 Votes
+ -
RE: TJX hacker gets 20-year jail sentence
efsane Updated - 9th Apr 2011
Well done! Thank you very much for professional templates and community edition
sesli sohbet sesli chat
0 Votes
+ -
RE: TJX hacker gets 20-year jail sentence
MACKENZI 11th Sep
I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate! nccma cooler
0 Votes
+ -
RE: TJX hacker gets 20-year jail sentence
PEARLINEI 12th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post. this thread is amazing i like your work and i appreciate you that you have share a useful stuff thanks for sharing the i shop abatwa
0 Votes
+ -
RE: TJX hacker gets 20-year jail sentence
RHIANNONA 13th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post.Bookmarking now thanks please consider a follow up post. power sa shop
0 Votes
+ -
RE: TJX hacker gets 20-year jail sentence
SATURNINA 14th Sep
I think the representation of this article is actually superb one. This is my first visit to your site. Thanks a lot and keep sharing the information. Keep updating the information for all of us. Thanks ZDNet Government was launched as the brand's first industry vertical, with a mission to cater to IT professionals in the public secto I agree with your post. However, do you have any sources I can cite for my paper wheel car com bury
0 Votes
+ -
RE: TJX hacker gets 20-year jail sentence
TOCCAR 25th Sep
Well welcome, hopefully you can become a vital member of the community and really help to push far ahead of google. Which Im sure the development team would love. This will of course earn you alot points too and get you on the leaders board. z d n e t t h a n k Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas.
0 Votes
+ -
RE: TJX hacker gets 20-year jail sentence
MCKNIGH 26th Sep
Thanks nice info z d n e t I really liked your current article write more..let me add you to its favorite The articles you have on zdnet s i t e are always so enjoyable to read. Good work and I bookmarked it.
0 Votes
+ -
RE: TJX hacker gets 20-year jail sentence
MEJIAHA 30th Sep
Fantastic news about the new release.I positively enjoying each little bit of it and I have you b o o k m a r k e d to check out new stuff you weblog post.Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas
0 Votes
+ -
RE: TJX hacker gets 20-year jail sentence
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix