Page last updated at 07:15 GMT, Saturday, 27 March 2010

US credit card hacker sentenced

Albert Gonzalez (file)
Albert Gonzalez blamed "curiosity and addiction" for his crimes

Computer hacker Albert Gonzalez has been jailed for 20 years in the US for his part in stealing the details of more than 130m credit and debit cards.

One judge described the crime as "the largest and most costly example of computer hacking in US history".

The 28-year-old pleaded guilty to three cases of fraud at his trial last year.

Gonzalez was sentenced to 20 years for the first two cases on Thursday, and 20 years and one day on Friday for the third. The terms will run concurrently.

The judge in the third case said he had to serve the extra 24 years because the crime had been committed when he was working for the US Secret Service as an informant, reportedly receiving as much as $75,000 a year.

As part of a plea agreement, Gonzalez also agreed to hand over $1m that he had buried in his parents' garden, a condo in his hometown of Miami, a car, a diamond ring and several expensive watches.

'Powerful message'

Gonzalez was accused last August, along with two Russian co-conspirators, of hacking into the payment systems of retailers.

Hackers continue to put up a persistent and very real threat to enterprise systems
Amichai Shulman

They targeted more than 250 US companies including payment processor Heartland Payment Systems, food and drink store 7-Eleven and American supermarket Hannaford Brothers Co.

Gonzalez was found to have used SQL injection attacks to exploit weaknesses in payment software programmes and access data, stealing millions of customer card details.

He blamed "curiosity and addiction" for his crimes.

Assistant Attorney General Lanny Breuer of the Department of Justice said that on a daily basis "cyber criminals try to steal the debit and credit card numbers of unsuspecting American consumers."

"These sentences - some of the longest ever imposed for hacking crimes - send a powerful message to hackers around the globe that US law enforcement will not allow them to breach American computer networks and payment systems, or illegally obtain identities."

Amichai Shulman, chief technology officer of cyber security firm Imperva, warned that hackers "continue to put up a persistent and very real threat to enterprise systems".

"The current data security spend is focused on enterprise networks, yet the Gonzalez attacks took distinct advantage of weaknesses in the database and applications. This is an industry-wide problem."

Print Sponsor

US man 'stole 130m card numbers'
18 Aug 09 |  Business
Q&A: Card fraud
19 Mar 09 |  UK
Online fraudsters 'steal 3.3bn'
24 Nov 08 |  Technology
Cybercrime threat rising sharply
31 Jan 09 |  Davos 2009
How secure is your card info?
06 Aug 08 |  Technology

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Sign in

BBC navigation

Copyright © 2019 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific