Accused credit card hacker lived large in Miami
Industry analysts marveled at the scope of the operation — which Gonzalez allegedly dubbed “Get Rich or Die Tryin’.” One compared it to a hackers’ version of the 1980s gangster movie “Scarface.”
J Pat Carter/AP
MIAMI BEACH, Florida
Nestled near a row of sultry, silvery-green palm trees and an infinity pool, room 1508 at the National Hotel on South Beach is a portrait of Art Deco luxury. It is also where, on May 7, 2008, federal agents seized two computers, $22,000 in cash and a Glock 9 gun from a man known on the Internet as “soupnazi.”
His real name is Albert Gonzalez, and he was with his girlfriend when federal agents arrived. Just as the setting was not run-of-the-mill, neither was the arrest. Gonzalez was charged with hacking into business computer networks and stealing credit and debit card accounts — and in an embarrassing twist, he had once been an informant for the U.S. Secret Service.
This week, Gonzalez, 28, was indicted in New Jersey on more federal charges. Now the biggest credit card hacks of the decade — totaling 170 million accounts — have been pinned on Gonzalez.
Industry analysts marveled at the scope of the operation — which Gonzalez allegedly dubbed “Get Rich or Die Tryin’.” One compared it to a hackers’ version of the 1980s gangster movie “Scarface.”
“Albert Gonzalez is definitely the Tony Montana of credit card theft,” said Sean Arries, a computer security expert at the Miami-based Internet technology company Terremark.
Gonzalez has been in custody since his 2008 arrest in Miami Beach. He awaits federal trials in New York and Massachusetts, along with the New Jersey charges. If convicted he faces life in prison.
Gonzalez’s lawyer, Rene Palomino Jr., wouldn’t address the charges in detail, saying that the case is in a “very delicate stage” and that Gonzalez is trying to resolve it. The attorney said Gonzalez and federal prosecutors were close to reaching a plea deal in the New York and Massachusetts cases this week, before the New Jersey indictment was added.
People who know Gonzalez say he is a nerdy, shy man who got mixed up in a shadowy world.
“Albert is not a mean-spirited individual, he desires no physical harm on anybody and he wouldn’t hurt a fly,” said Palomino, who first met his client when Gonzalez was an 8-year-old altar boy. “He’s really not a bad guy. He just got way in over his head.”
Gonzalez’s father, Alberto, came to the U.S. from Cuba on a handmade raft in the 1970s, Palomino said. The elder Gonzalez, who was a landscaper, got married and had a daughter before Albert was born in June 1981. The family put down roots in a modest, tan stucco home bought for $54,000 in a working-class enclave southwest of Miami’s downtown.
“As a little kid, he was nice, we used to play hide-and-go seek,” said neighbor Vanessa Pedrianes, 25. “When he got older, he was a little bit nerdier than the other kids. He was really smart.”
Gonzalez’s parents bought him a computer when he was 8, said Palomino, who was in charge of Gonzalez’s Lutheran youth group. When the computer got a virus, Palomino said, the boy was so angry that he set out to learn everything about his machine.
“The kid is a self-taught genius,” Palomino said. “Albert never had a normal childhood. He had no friends. His best friend was his computer. He would spend hours on the computer.”
Gonzalez never took a computer class in high school, Palomino said. The boy also didn’t go to college. As a teenager, he had a minor brush with the law — a marijuana possession charge in 1999 was dismissed — but his computer savvy allowed him to get a job at a New Jersey firm right out of high school, Palomino said, though he didn’t elaborate on what the position was.
It’s unclear what transpired between the time Gonzalez got that job and his first federal arrest. In 2003, Gonzalez was arrested for hacking but not charged because authorities said he became an informant, helping the Secret Service hunt other hackers.
Palomino said Gonzalez should have gotten therapy then for what he says was a computer “addiction” — but that authorities used him like a machine to ferret out hackers.
Yet over the next five years, authorities said, Gonzalez continued to hack into the computer systems of Fortune 500 companies even while providing assistance to the government. A judge allowed him to move from New Jersey back to Florida in 2004, and court documents alleged that Gonzalez hacked the computer network of the national restaurant chain Dave & Buster’s.
He lived lavishly from the proceeds, court records show. Gonzalez threw a $75,000 birthday party for himself, complained that he had to count $340,000 in 20-dollar bills by hand because his money counter broke and considered investing in a nightclub.
In 2005, Gonzalez bought a one-bedroom condo for $118,000 near his parents, in a squat, three-story building populated with retirees and recent immigrants. Whether Gonzalez actually lived there is a mystery — no one in the building remembers seeing him.
Around that time, federal agents said, Gonzalez devised a sophisticated attack to penetrate computer networks, steal credit and debit card data, and send that information to computer servers in California, Illinois, Latvia, the Netherlands and Ukraine.
The Justice Department said Gonzalez and others used that attack to mine companies’ computers for approximately 40 million credit card numbers. At the time, that was believed to be the biggest such theft ever, and punctured the electronic defenses of such retailers as T.J. Maxx, Barnes & Noble, Sports Authority and OfficeMax.
Prosecutors allege Gonzalez was the ringleader of the hackers in that case.
One of their techniques apparently involved “wardriving,” or cruising through different areas with a laptop computer and looking for retailers’ accessible wireless Internet signals. Once they located a vulnerable network, the hackers installed “sniffer programs” that captured credit and debit card numbers as they moved through a retailer’s processing computers — then tried to sell the data.
In the latest indictment, authorities say Gonzalez and two Russian conspirators used a different technique to hack into corporate networks and secretly place “malware,” or malicious software, that would allow them backdoor access to the networks to steal data later.
James Lewis, a senior fellow at the Center for Strategic and International Studies, points out that if Gonzalez’s co-defendants are in or near Russia, where capturing or extraditing them is difficult, he is the only one of them likely to face trial.
“It’s relatively common in these crimes for the masterminds to live overseas and have a partner in the United States,” said Lewis. “At the end of the day, Gonzalez was the bagman.”
These days, Gonzalez is in a Brooklyn jail. He has access to a computer only when his lawyer visits, to review evidence for his trial.
———
AP news researcher Julie Reed contributed to this report.