In August, Albert Gonzalez was indicted for the theft of credit and debit card information from Hartland Payment Systems, the largest known breach of its kind, while awaiting trial for a similar attack against TJX, the second largest known breach of its kind. Last week, Gonzalez pleaded guilty to nineteen charges relating to his role in the TJX breach (see Gonzalez's 2008 indictment (.pdf) for list of the various charges).
One of the most interesting facts that has come out about Mr. Gonzalez in the wake of news that he was responsible for the Heartland incident is that he was employed by the Secret Service as an informant in the TJX matter. It appears that Mr. Gonzalez first became an informant when he was arrested in 2003 as the leader of an identity theft ring, and he apparently continued to work as an informant for the government even while he was allegedly committing these thefts.
Interestingly, there are some indications that Mr. Gonzalez may have been aided by another government informant in committing the Heartland attack. The indictment for the Heartland attack lists an unindicted coconspirator by initials only, which means, in the words of Mark Rasch, a former Justice Department cyber crime prosecutor, “[I]t's quite likely that the government is using an informant against Gonzalez, their previous informant.” So, of the four people the government believes to have been involved in the Heartland attack, fully half of the alleged hackers (and the only Americans believed to have been involved in the attack) were apparently employed by the Federal Government to help prevent attacks of just this sort.
- AP, “Man Charged with Stealing 130M Credit Card Numbers in Record Identity Theft”, Devlin Barrett, 8/18/09 (as reprinted in the Chicago Tribune).
- NPR, “Massive ID Theft Charges Betray Government Trust”, Interview of Mark Rasch by Scott Simon, 8/22/09.
- Security, Privacy, and the Law, “Incident of the Week (Year?): Hacker Responsible for Largest Data Breach in U.S. History Indicted” Jeff Bone, 8/18/09.
- Snitching Blog, “Committing Crime While Working for the Government”, Alexandra Natapoff, 8/18/09.