Accused credit card hacker lived large in Miami

August 20, 2009 By TAMARA LUSH , Associated Press Writer

(AP) -- Nestled near a row of sultry, silvery-green palm trees and a 205-foot-long infinity pool, room 1508 at the National Hotel on South Beach is a portrait of Art Deco luxury. It is also where, on May 7, 2008, federal agents seized two computers, $22,000 in cash and a Glock 9 gun from a man known on the Internet as "soupnazi."

His real name is Albert Gonzalez, and he was with his girlfriend when federal agents arrived. Just as the setting was not run-of-the-mill, neither was the arrest. Gonzalez was charged with hacking into business computer networks and stealing credit and debit card accounts - and in an embarrassing twist, he had once been an informant for the U.S. Secret Service.

This week, Gonzalez, 28, was indicted in New Jersey on more federal charges. Now the biggest credit card hacks of the decade - totaling 170 million accounts - have been pinned on Gonzalez.

Industry analysts marveled at the scope of the operation - which Gonzalez allegedly dubbed "Get Rich or Die Tryin'." One compared it to a hackers' version of the 1980s gangster movie "Scarface."

"Albert Gonzalez is definitely the Tony Montana of credit card theft," said Sean Arries, a expert at the Miami-based company Terremark.

Gonzalez has been in custody since his 2008 arrest in Miami Beach. He awaits federal trials in New York and Massachusetts, along with the New Jersey charges. If convicted he faces life in prison.

Gonzalez's lawyer, Rene Palomino Jr., wouldn't address the charges in detail, saying that the case is in a "very delicate stage" and that Gonzalez is trying to resolve it. The attorney said Gonzalez and federal prosecutors were close to reaching a plea deal in the New York and Massachusetts cases this week, before the New Jersey indictment was added.

People who know Gonzalez say he is a nerdy, shy man who got mixed up in a shadowy world.

"Albert is not a mean-spirited individual, he desires no physical harm on anybody and he wouldn't hurt a fly," said Palomino, who first met his client when Gonzalez was an 8-year-old altar boy. "He's really not a bad guy. He just got way in over his head."

Gonzalez's father, Alberto, came to the U.S. from Cuba on a handmade raft in the 1970s, Palomino said. The elder Gonzalez, who was a landscaper, got married and had a daughter before Albert was born in June 1981. The family put down roots in a modest, tan stucco home bought for $54,000 in a working-class enclave southwest of Miami's downtown.

"As a little kid, he was nice, we used to play hide-and-go seek," said neighbor Vanessa Pedrianes, 25. "When he got older, he was a little bit nerdier than the other kids. He was really smart."

Gonzalez's parents bought him a computer when he was 8, said Palomino, who was in charge of Gonzalez's Lutheran youth group. When the computer got a virus, Palomino said, the boy was so angry that he set out to learn everything about his machine.

"The kid is a self-taught genius," Palomino said. "Albert never had a normal childhood. He had no friends. His best friend was his computer. He would spend hours on the computer."

Gonzalez never took a computer class in high school, Palomino said. The boy also didn't go to college. As a teenager, he had a minor brush with the law - a marijuana possession charge in 1999 was dismissed - but his computer savvy allowed him to get a job at a New Jersey firm right out of high school, Palomino said, though he didn't elaborate on what the position was.

It's unclear what transpired between the time Gonzalez got that job and his first federal arrest. In 2003, Gonzalez was arrested for hacking but not charged because authorities said he became an informant, helping the Secret Service hunt other hackers.

Palomino said Gonzalez should have gotten therapy then for what he says was a computer "addiction" - but that authorities used him like a machine to ferret out hackers.

Yet over the next five years, authorities said, Gonzalez continued to hack into the computer systems of Fortune 500 companies even while providing assistance to the government. A judge allowed him to move from New Jersey back to Florida in 2004, and court documents alleged that Gonzalez hacked the of the national restaurant chain Dave & Buster's.

He lived lavishly from the proceeds, court records show. Gonzalez threw a $75,000 birthday party for himself, complained that he had to count $340,000 in 20-dollar bills by hand because his money counter broke and considered investing in a nightclub.

In 2005, Gonzalez bought a one-bedroom condo for $118,000 near his parents, in a squat, three-story building populated with retirees and recent immigrants. Whether Gonzalez actually lived there is a mystery - no one in the building remembers seeing him.

Around that time, federal agents said, Gonzalez devised a sophisticated attack to penetrate computer networks, steal credit and debit card data, and send that information to computer servers in California, Illinois, Latvia, the Netherlands and Ukraine.

The Justice Department said Gonzalez and others used that attack to mine companies' computers for approximately 40 million numbers. At the time, that was believed to be the biggest such theft ever, and punctured the electronic defenses of such retailers as T.J. Maxx, Barnes & Noble, Sports Authority and OfficeMax.

Prosecutors allege Gonzalez was the ringleader of the hackers in that case.

One of their techniques apparently involved "wardriving," or cruising through different areas with a laptop computer and looking for retailers' accessible wireless Internet signals. Once they located a vulnerable network, the hackers installed "sniffer programs" that captured credit and debit card numbers as they moved through a retailer's processing computers - then tried to sell the data.

In the latest indictment, authorities say Gonzalez and two Russian conspirators used a different technique to hack into corporate networks and secretly place "malware," or malicious software, that would allow them backdoor access to the networks to steal data later.

James Lewis, a senior fellow at the Center for Strategic and International Studies, points out that if Gonzalez's co-defendants are in or near Russia, where capturing or extraditing them is difficult, he is the only one of them likely to face trial.

"It's relatively common in these crimes for the masterminds to live overseas and have a partner in the United States," said Lewis. "At the end of the day, Gonzalez was the bagman."

These days, Gonzalez is in a Brooklyn jail. He has access to a computer only when his lawyer visits, to review evidence for his trial.


AP news researcher Julie Reed contributed to this report.
©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Explore further: Tsunami created swells worldwide

Related Stories

Tsunami created swells worldwide

August 27, 2005

Last year's Indian Ocean tsunami was so powerful it circled the globe twice and high waves were recorded in Halifax, Nova Scotia, and Peru, an analysis shows.

Biotech breakthrough could end biodiesel's glycerin glut

June 26, 2007

With U.S. biodiesel production at an all-time high and a record number of new biodiesel plants under construction, the industry is facing an impending crisis over waste glycerin, the major byproduct of biodiesel production. ...

Research yields pricey chemicals from biodiesel waste

June 30, 2008

In a move that promises to change the economics of biodiesel refining, chemical engineers at Rice University have unveiled a set of techniques for cleanly converting problematic biofuels waste into chemicals that fetch a ...

Prosecutors say man stole 130M credit card numbers

August 17, 2009

(AP) -- Federal prosecutors on Monday charged a Miami man with the largest case of credit and debit card data theft ever in the United States, accusing the one-time government informant of swiping 130 million accounts on ...

Indictment of card hacker unlikely to end thefts

August 18, 2009

(AP) -- This week's indictment of a hacker believed responsible for the biggest retail-store data breaches in U.S. history doesn't necessarily make shoppers safer from having their credit card numbers plundered.

Recommended for you

Inferring urban travel patterns from cellphone data

August 29, 2016

In making decisions about infrastructure development and resource allocation, city planners rely on models of how people move through their cities, on foot, in cars, and on public transportation. Those models are largely ...

How machine learning can help with voice disorders

August 29, 2016

There's no human instinct more basic than speech, and yet, for many people, talking can be taxing. 1 in 14 working-age Americans suffer from voice disorders that are often associated with abnormal vocal behaviors - some of ...

Apple issues update after cyber weapon captured

August 26, 2016

Apple iPhone owners on Friday were urged to install a quickly released security update after a sophisticated attack on an Emirati dissident exposed vulnerabilities targeted by cyber arms dealers.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.