It’s 2015—another year for law enforcement agencies to find and arrest some of the most dangerous hackers. With this optimism for the New Year at heart, we now focus in on the story of yet another notorious cyber criminal brought to justice: Albert Gonzalez.
Gonzalez, who is known as “Segvec,” “Soupnazi” and “J4guar” among Internet circles, is an experienced hacker who first came into contact with authorities when he was arrested for operating Shadowcrew.com, an underground cybercriminal market whose users traffic in stolen credit card data and share information about banks, retailers, and other corporations vulnerable to cyber attacks.
Rather than send a hacker of Gonzalez’s expertise to prison, the Secret Service chose instead to offer him $75,000 a year for his services as an informant.
In a secret mission codenamed “Operation Firewall,” Gonzalez set up a secure VPN on Shadowcrew.com that was in actuality wiretapped by the Secret Service. With the help of his efforts, the operation ultimately succeeded in arresting 28 members of the site in October 2004.
Following the sting, Gonzalez changed his online handle to “Segvec”—he was known as “CumbaJohny” during Operation Firewall—and moved to Miami, where he started an identity-theft ring of his own creation called “Operation Get Rich or Die Tryin’.”
Via the assistance of carder Maksym Yastremskiy and programmer Aleksandr Suvorov, Gonzalez was able to hack into the computer networks of a number of companies, including TJX Cos., Dave & Busters, and Office Maxx. He also later admitted to trying to gain unauthorized access to the servers at Hannaford Brothers, 7-Eleven Inc., and others.
Perhaps most notorious among his exploits, Gonzalez used an SQL injection attack to exploit a database vulnerability at Heartland Payment Systems, Inc., leading to the breach of 134 million credit cards.
Gonzalez was ultimately arrested by federal authorities for his crimes. He pleaded guilty to all charges and received a 20-year prison sentence.
The U.S. government has since revealed that Gonzalez was still working as an informant for the Secret Service at the time of his hacks. This led the hacker, who is currently serving out his prison sentence, to file a petition with the U.S. District Court for the District of Massachusetts. In the court document, Gonzalez used the claim that he was still acting according to the directives of the Secret Service to ask that he withdraw his guilty plea and have his sentence vacated.
As of this writing, Gonzalez’s motion is still pending.