(Washington, D.C.) – The key defendant in a U.S. Secret Service investigation into one
of the largest hacking and identity theft cases prosecuted to date in the United States
today pleaded guilty in federal court in Boston. Albert Gonzalez (aka “Segvec”), of
Miami, Florida, pleaded guilty to 19 counts of conspiracy, computer fraud, wire fraud,
access device fraud, and aggravated identity theft for his role in the elaborate scheme.
This high-profile cyber investigation by the Secret Service uncovered the theft and sale of
more than 40 million credit and debit card numbers from numerous U.S. retailers. The
potential losses associated with this case total more than $21 billion.
“Technology has forever changed the way we do business, virtually erasing geographic
boundaries,” said U.S. Secret Service Director Mark Sullivan. “However, this case
demonstrates that even in the cyber world, there is no such thing as anonymity. The
Secret Service, in conjunction with its many law enforcement partners across the United
States and around the world, continues to successfully combat these crimes by adapting
our investigative methodologies. We realize our success in this investigation is due in
part to the cooperation of these partners in more than a dozen international law
enforcement agencies.”
“Although we are seeing network intrusion cases that are increasing in size and
complexity,” Secret Service Assistant Director for investigations Michael Merritt
explained, “the Secret Service continues to seek new and innovative ways to combat this
emerging threat and works closely with our law enforcement partners throughout the
world to resolve these cases.”
Gonzalez was previously arrested by the Secret Service in 2003 for access device fraud in
an unrelated case. During the investigation of both this case and others involving multiple
cyber criminals, the Secret Service uncovered that Gonzalez, who was working as a
confidential informant for the agency, was not only criminally involved in TJX case, but
was the mastermind behind the elaborate fraud scheme.
The indictment, unsealed in August 2008, alleges that Gonzalez and his co-conspirators
obtained the credit and debit card numbers by driving near major retailers searching for
vulnerable wireless networks, or “wardriving,” and hacking into those networks.
Once inside the networks, they installed “sniffer” programs that captured card numbers,
as well as password and account information, as they moved through the retailers’ credit
and debit processing networks. After they collected the data, the conspirators allegedly
concealed the data in encrypted computer servers that they controlled in Eastern Europe
and the United States. They allegedly sold some of the credit and debit card numbers, via
the Internet, to other criminals in the United States and Eastern Europe.
In May 2008, Gonzalez and his co-conspirators also were charged in a related indictment
in the Eastern District of New York. The New York charges allege that the defendants
were engaged in a sophisticated scheme to hack into computer networks run by the Dave
& Buster’s restaurant chain, and stole credit and debit card numbers from at least 11
locations.
The United States Secret Service was originally founded in 1865 for the purpose of
suppressing the counterfeiting of U. S. currency. Over the years it has grown into one of
the premier law enforcement organizations charged with investigating financial crimes.
The Secret Service has taken a lead role in the emerging arena of cyber crime,
establishing working partnerships with the law enforcement and business communities
and academia to address such issues as protection of critical infrastructure, Internet
intrusions and associated fraud.