Alleged kingpin of data heists was a computer addict, lawyer says
- 21 August, 2009 06:06
Albert Gonzalez, the man described by federal authorities as the kingpin of a gang responsible for stealing more than 130 million payment cards, is a computer addict constantly looking for ways to challenge his abilities, according to his lawyer.
In a conversation with Computerworld on Wednesday, Rene Palamino, the Miami-based lawyer representing Gonzalez said his client has had an unhealthy obsession with computers since the age of 8.
However, he stopped short of saying it was this obsession that might have pushed Gonzalez to get involved with the alleged crimes.
"He was self-taught," Palamino said of Gonzalez. "He didn't go out in the sandbox or play baseball. The computer was his best friend."
Gonzalez was drawn to look for bigger and bigger tests of his abilities, Palomino said. "One challenge was not enough and he'd move on to another challenge," he said. "It wasn't healthy. It's a sickness. It's a problem that has not been addressed in our society."
Palomino said he hopes to shed some light on computer addiction and to warn parents about the issue.
"[Gonzalez] is not looking to harm anybody physically," he added. "He's not a hardened criminal."
Gonzalez was one of three individuals indicted Monday in federal district court in New Jersey on charges related to the massive data thefts at Heartland Payment Systems, Hannaford Bros. 7-Eleven Inc and two other unidentified retailers. The three are alleged to have stolen data on more than 130 million payment cards from these five companies.
Gonzalez had been indicted twice last year - in Massachusetts and in New York - in connection with the sensational data heists at TJX Companies Inc., Dave & Busters, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW. He is being held without bail in a Brooklyn, N.Y., detention center.
It's unclear how much money Gonzalez made from his "operation get rich or die tryin," but it was apparently enough to support a lavish lifestyle.
Court documents related to his previous indictments described a $75,000 birthday party that was thrown by Gonzalez, and how he once complained about having to manually count more than $340,000 in cash illegally withdrawn from ATM machines.
At the time of his arrest last May, Gonzalez had $1.65 million in bank accounts, a Glock 27 pistol with several rounds of ammunition and numerous PCs, laptop computers and storage devices.
It also was unknown whether Palamino plans on using Gonzalez's computer addiction issue as a defense in court or to drive a plea bargain.
But the mere suggestion that it might evoked a stream of derision and criticism from security experts.
"That contention is pure garbage" said Ira Winkler, president of the Internet Security Advisors Group, and a Computerworld columnist.
"Even if you assume that there was remote validity to that argument, he was negligent in getting treatment," for the addicition, Winkler said.
He also brushed aside Palamino's comments that Gonzalez would never hurt anyone.
"I doubt [Bernard] Madoff would have ever harmed anyone physically, and frankly I would consider Madoff less of a hardened criminal than Gonzales," Winkler said, referring to the convicted mastermind of a Ponzi scheme that stole billions of dollars from clients.
Gonzalez's continued hacking activities despite his previous brushes with the law suggest more of an "addiction to money" than anything else, Winkler said. "Gonzales did not randomly hack things at any opportunity, but repeatedly targeted organizations where he could maximize his financial gain."
Scott Christie, a former federal prosecutor who now leads the information technology group at law firm McCarter & English LLP, was surprised by the claim that Gonzalez is suffering from a computer addiction.
"He's addicted to computers and that somehow forces him to commit crimes, too?" asked Christie, who prosecuted 28 members of the Shadowcrew hacking group in 2004.
Gonzalez was a leading member of the group but was not prosecuted since he had become a government informant the year before. "When you've got nothing for a defense, I guess you've got nothing to lose," Christie said.
Alan Paller, research director at the SANS Institute in Bethesda, Md. also dismissed the notion of computer addiction as an excuse. "So someone who was always interested in money became a bank robber and his addiction to money made him do it?" Paller said.
At the same time, though, Palamino raises a broader issue and one that needs to be addressed at a national level, Paller said.
"People who understand how computers work and learn enough about them to be able to hack have no way at all to advance their interests and skills except to be a hacker," Paller noted. Often, the only place where people with good hacking skills can go is to crime, he said.
"Gun nuts still can't go shoot people and car fanatics still can't use cars to rob banks," added John Pescatore, an analyst with Gartner Inc. in Stamford.
"I do have some faith in our legal system. I believe the 'Twinkie defense' ploy was thrown out in 1979 and hopefully the same thing happens here," he said.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Five trends affecting legal CIOs
CIO Roundtable: The changing face of security
Bitcoin malware count soars as cryptocurrency value climbs
Bouncing Back From CIO Unemployment
Union slams latest fibre-to-premise trial in Tasmania
‘A Little Extra Service’ Raises Customer Satisfaction and Lowers Costs
Companies are responding to the digital generation’s preference for online support, with new channels like Live Chat and Email Management. These mobile-friendly solutions give customers the right answers at the right time, when self-service just isn’t enough, and phone calls are undesirable. Read about these new touch points and the importance of a personalized web self-service.
Cloud-Based Mobile Device Security Streamlines Data Protection
Read this white paper to learn why cloud-based security offers superior protection that meets today’s requirements for identifying and preventing access to malicious sites and applications while reducing management complexity and IT staff time and effort. This whitepaper discusses: • Increased use of mobile devices and the associated risks • Ways to address security challenges • Benefits of cloud-based anti-malware solutions
5 Ways To Be More Productive At Work
Think back to the last time all your employees were in the office, at their desks, on the same day. It’s no surprise that you might struggle, between travel and off-site meetings, remote staff, flexible schedules and sick days. In today's competitive business climate, organisations need to maintain productivity and connectedness with their staff, despite not always being onsite. In this whitepaper, we look at five ways you can improve productivity, no matter where employees are.