In August, Albert Gonzalez was indicted for the theft of credit and debit card information from Hartland Payment Systems, the largest known breach of its kind, while awaiting trial for a similar attack against TJX, the second largest known breach of its kind. Last week, Gonzalez pleaded guilty to nineteen charges relating to his role in the TJX breach (see Gonzalez's 2008 indictment (.pdf) for list of the various charges).

One of the most interesting facts that has come out about Mr. Gonzalez in the wake of news that he was responsible for the Heartland incident is that he was employed by the Secret Service as an informant in the TJX matter. It appears that Mr. Gonzalez first became an informant when he was arrested in 2003 as the leader of an identity theft ring, and he apparently continued to work as an informant for the government even while he was allegedly committing these thefts.

Interestingly, there are some indications that Mr. Gonzalez may have been aided by another government informant in committing the Heartland attack. The indictment for the Heartland attack lists an unindicted coconspirator by initials only, which means, in the words of Mark Rasch, a former Justice Department cyber crime prosecutor, “[I]t's quite likely that the government is using an informant against Gonzalez, their previous informant.” So, of the four people the government believes to have been involved in the Heartland attack, fully half of the alleged hackers (and the only Americans believed to have been involved in the attack) were apparently employed by the Federal Government to help prevent attacks of just this sort.

Links: