A Miami man has been charged with allegedly attempting to steal more than 130 million credit and debit card numbers and account data, according to an indictment released Monday.
The U.S. Department of Justice says Albert Gonzalez, 28, was one of three individuals who allegedly broke into the payments networks of Heartland Payment Systems Inc., Hannaford Brothers Co., 7-Eleven Inc. and two unnamed retailers using hacks that captured sensitive cardholder data and removed traces of the misdeeds. The indictment did not name the two other defendants, who live in Russia.
'The Broader Fight'
Payment processor Heartland announced in January that an unknown amount of credit and debit card data was stolen from the Princeton, N.J.-based company's network. A statement from Heartland praised the prosecutors' work and said the processor would continue to help with the investigation and with "the broader fight against global cyber criminals."
Hannaford, which is based in Scarborough, Maine, said in 2008 its network of 165 grocery stores was breached. The indictment also says Dallas-based 7-Eleven's network was attacked beginning in August 2007.
The three defendants began scheming in 2006 to steal the merchants' data and resell it, the indictment alleges. It also says they disabled programs designed to root out such attacks, tested their malicious software against approximately 20 antivirus software programs and programmed the malware to hide evidence of its presence.
Internet Is A Risk
Several years ago, hackers attacked networks for the notoriety, notes Matt Marshall, vice president of security engineering at Redspin Inc., a Carpinteria, Calif.-based data-security company. "It's really become all about the money," Marshall tells ISO&Agent Weekly. "There is no 'silver bullet' to fix this."
The best way to counter such sophisticated threats is to constantly test a network for vulnerabilities, Marshall says. "Any merchant that has, in this case, an Internet presence is certainly at risk," he says.
If convicted, Gonzalez faces up to 30 years in prison on the wire fraud conspiracy charge and an additional five years on the conspiracy charge, and a $250,000 fine for each charge, the Department of Justice says. He is being held in federal custody.