“Whatever morality I should have been feeling was trumped by the thrill”
Albert Gonzalez is famous for being the brain behind the biggest credit card theft in history. Between 2005 and 2007, he stole around 180 million credit card and ATM numbers, which he then sold further online, according to ABC News.
Everything started when Gonzalez was 12 years old and bought his first computer, which shortly after got infected by a virus. When a technician came over to fix it, Gonzalez was filled with questions about how it could be done. Since then, Gonzalez’s interest for computers continued to grow and at the age of 14, he managed to hack into NASA, which led to a visit from the FBI at his high school, but no further consequences due to his young age.
Gonzalez graduated from high school and enrolled at Miami Dade Junior College where he studied computer related subjects. Teachers described him as a calm student, being very interested in computers and only likely to socialize with people having the same interest. But even though he studied his favorite topics, he felt bored and restless, and his grades dropped. After less than one semester at college, he decided to drop out, according to Wired.
ShadowCrew and The Secret Service
After the short college experience, Gonzalez moved to Kearny in New Jersey, where his proper hacking career started. He became one of the brains behind ShadowCrew, a group of hackers considered the forerunner of current cybercrime forums and marketplaces.
ShadowCrew was invented in 2002 and during their almost two years of activity, they stole around 1.5 million credit and ATM card numbers, which were sold online. Around 4000 people registered with the Shadowcrew.com website, where they bought stolen account numbers or copies of genuine documents at auction. On the site they could also access tutorials describing the use of cryptography in magnetic strips on credit cards, debit cards and ATM cards so that the numbers could be used, according to Bank Info Security.
But the ShadowCrew success did not last very long. One night in July 2003, a detective at New York City Police Department, investigating a series of car thefts in Manhattan, noticed a suspicious looking young man with a wig and a nose ring entering in a bank. The detective decided to follow the man and saw him withdrawing hundreds of dollars in cash from a variety of different cards. Gonzalez was immediately arrested.
In order to avoid jail, Gonzalez accepted an offer given to him by The United States Secret Service which involved him cooperating with them in order to catch the criminals behind ShadowCrew. Later on, Gonzalez regretted his choice of letting down the other people behind the group, he said “I was 22 and scared”, according to The New York Times.
The betray and the arrest
With Gonzalez’s help, The Secret Service started “Operation Firewall” and managed to arrest 28 people involved in ShadowCrew, which became known as one of the biggest achievements in the history of catching cybercriminals.
Shortly after Operation Firewall, Gonzalez accepted a job as an informant for The Secret Service. The agents described him as helpful, calm and well-spoken. Some of them even started seeing him as a friend, they worked well together and developed a close bond over time, an agent described Gonzalez as a “master of social engineering” and expressed that he never got the impression that Gonzalez was trying to deceive them, but little did he knew…
During the time working for The Secret Service, Gonzalez was not, as by his closest colleagues believed, trying to do the right thing. Instead, he spent his time working on malicious projects on the side. Over the course of several years while working for the government, Gonzalez and some of his hacker friends managed to gain access to around 180 million payment card accounts from customer databases of some of the US’s most well-known corporations, such as OfficeMax, Dave & Buster and T.J. Maxx, stating The New York Times.
Gonzalez referred the success to the fact that many companies did not care enough about cybersecurity at that time, and that data therefore was very easily accessible, unencrypted and unprotected. Gonzales and his friends spent time inside cars outside the shops, where they easily broke into the networks. In the words of the chief prosecutor in Gonzalez’s case “The sheer extent of the human victimization caused by Gonzalez and his organization is unparalleled.”
Gonzalez said that even if the main reason for his actions in the beginning was to gain money, it was later on not so important anymore, he just could not stop. “At first I did it for monetary reasons. The service’s salary wasn’t enough, and I needed the money. By then I did already create the snowball and had to keep doing it. I wanted to quit but couldn’t”. He also said he liked the thrill coming from stealing, “Whatever morality I should have been feeling was trumped by the thrill” Gonzalez said to the reporter at The New York Times.
On May 7 in 2008, Gonzalez was arrested on charges of hacking into the Dave & Buster’s corporate network from a point-of-sale location at a restaurant in Islandia, New York. About 5000 card numbers were stolen due to the action. Gonzalez identity was revealed by The Secret Service through his use of a nickname in an email address linked to the crime, a nickname that was known to the service.
At his sentencing hearing, Gonzalez received a punishment of 20 years in jail, the longest sentence ever handed down to an American for computer crimes, according to IT News. The judge said, “What I found most devastating was the fact that you two-timed the government agency that you were cooperating with, and you were essentially like a double agent.”
During the sentencing, Gonzalez never looked back at the gallery in the courtroom, where his father cried, his mother sat stiff without any movement and his former agency friends lined up for the occasion. He only spoked a few words, saying that he had nobody to blame but himself for the happenings.
One month later, a reporter from The New York Times visited Gonzalez at the Wyatt Detention Center in Central Falls, R.I, and described the once muscular and tanned man as pallid and thin, with red eyes hiding behind the glasses. First, he did not want to talk about the crime with the reporter. Instead, he talked about his ex-girlfriend who stopped visiting, what he was reading, his thoughts on recent high-profile computer breaches and about his childhood and family. He talked a lot about his then five-year-old nephew and his sister, referring to them as always listening to his parents’ advice, something he never did.
Gonzalez spent time at the Metropolitan Detention Center in Brooklyn after leaving Wyatt. An agent at The Secret Service described the facility it as “terrible”. Populated by hardened offenders, it is considered among the last places a nonviolent informant would want to be placed in and on Gonzales 29th birthday, he was threatened to death by another inmate, stating The New York Times.
Currently, Gonzalez is spending his sentence in The Federal Medical Center, a federal prison in Kentucky for inmates requiring medical or mental health care and is considered to offer better conditions than the Metropolitan Detention Center. He is planned to be released in 2025, according to Wired.