Posted on January 4, 2010 by Anthony Lake

"J4guar17" a/k/a "Soupnazi" a/k/a Super Hacker Albert Gonzalez Pleads Guilty to One of the Largest Data Thefts in U.S. History

Once again demonstrating the massive potential for crime created by our digital age, 28 year-old Albert Gonzalez pled guilty to two counts of conspiracy to gain unauthorized access to payment card networks last week in the U.S. District Court for the District of New Jersey according to a DOJ press release. Gonzalez was charged with hacking into the computer networks of major financial and retail organizations and stealing data on tens of millions of credit cards and debit cards, in one of the largest data breaches in U.S. history. He gained unauthorized access to the payment card networks of New Jersey-based, Heartland Payment Systems; Texas-based convenience store chain 7-Eleven; and Hannaford Brothers Co. Inc., a Maine-based supermarket chain. He was indicted in New Jersey in August 2009. In September 2009, Gonzalez also pled guilty in the U.S. Distric Court for the District of Massachusetts to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft for hacking into retailers including TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority. In the same month, he pled guilty to a count of conspiracy to commit wire fraud for hacking into the system of Dave and Buster's, a restaurant chain, in the U.S. District Court for the Eastern District of New York.

Gonzalez had several servers, or "hacking platforms," and would give access to the servers to other hackers. Gonzalez and others would use the platforms to store malicious software, or "malware," in launching attacks on their victims. Gonzalez's plea agreement states that it was forseeable that Gonzalez and his co-conspirators would have used the malware to steal tens of millions of credit and debit card numbers, affecting more than 250 financial institutions.

Gonzalez tested malware by running multiple anti-virus programs in an attempt to ascertain if the programs detected the malware. According to information in the plea agreement, it was foreseeable to Gonzalez that his co-conspirators would use malware to Gonzalez was indicted in New Jersey in August 2009 for this criminal conduct. His plea agreement provides for a sentence of imprisonment between 17 and 25 years. He is scheduled to be sentenced in the Massachusetts, New York and New Jersey cases in March.

The charges against Gonzalez are staggering in their scope. They also demonstrate that would-be cybercriminals should consider their online aliases carefully, as they may resurface in a Federal indictment, as in the case of Albert Gonzalez a/k/a "j4guar17" a/k/a "soupnazi," etc.

Tags: , , , , , , , , , , , , , , , , , , , , , , ,
Posted on July 22, 2008 by Anthony Lake

Border Searches Reach Laptops, BlackBerrys, Cellphones

As set forth in a detailed article in the National Law Journal, the Fourth Circuit and Ninth Circuit Court of Appeals have recently affirmed decisions upholding warrantless, suspicionless searches of laptop computers at international airports. See United States v. Arnold, 523 F.3d 941 (9th Cir. 2008), petition for reh'g en banc filed, No. 06-50581 (9th Cir. June 2, 2008); United States v. Ickes, 393 F.3d 501 (4th Cir. 2005). Courts have compared warrantless searches of laptops in customs inspections at a border or international airport to warrantless searches of luggage, suitcases, briefcases, pockets, papers and filmsat such locations.The government's power to conduct border searches is plenary, and does not require a warrant, probable cause or reasonable suspicion. See United States v. Montoya de Hernandez, 478 U.S. 531, 538 (1985). The United States Supreme Court has suggested that only some types of searches of persons, or searches carried out in a particularly "offensive" manner, might be unconstitutional. See Montoya,at 538-40; United States v. Ramsay , 431 U.S. 606, 618 n.13 (1977). No district court has yet ruled on whether the government must possess reasonable suspicion to search electronic data at the border, since all cases thus far in which the issue has arisen have held that reasonable suspicion to search existed (all have so far involved child pornography). See United States v. Irving, 434 F.3d 401 (2d Cir. 2005); United States v. Bunty, No. 07-641, 2008 WL 2371211, at *3 (E.D. Pa. June 10, 2008); United States v. McAuley, No. DR-07-CR-786(1), 2008 WL 2387979, at *4-*6 (W.D. Texas June 6, 2008). Defendants have attempted to distinguish computers from other personal property because of the massive amounts of data they can hold, invoking the First Amendment for expressive material, so far to no avail.

Other countries including the United Kingdom, Canada, Australia and China have conducted similar searches. All these cases have caused companies growing concern about how to protect their confidential information from the prying eyes of government agents. Several are putting policies in place to limit the electronic information officers and employees may take with them when they travel.

Congress may be preparing to take action, however. In June the Senate Judiciary Committee's Subcommittee on the Constitution held a hearing on border laptop searches entitled "Laptop Searches and Other Violations of Privacy Faced by Americans Returning from Overseas Travel." Subcommittee Chairman Senator Russ Feingold of Wisconsin expressed the view that the border-search exception to the warrant requirement should be limited. Witnesses before the Subcommittee recommended legislation requiring reasonable suspicion for laptop searches and probable cause for seizure of data, limits on the duration and location of such searches, and more express policies regarding searches and seizures by  United States Customs and Border Patrol.
Tags: , , , , , , , ,