Alleged kingpin of data heists was a computer addict, lawyer says
- 21 August, 2009 06:06
Albert Gonzalez, the man described by federal authorities as the kingpin of a gang responsible for stealing more than 130 million payment cards, is a computer addict constantly looking for ways to challenge his abilities, according to his lawyer.
In a conversation with Computerworld on Wednesday, Rene Palamino, the Miami-based lawyer representing Gonzalez said his client has had an unhealthy obsession with computers since the age of 8.
However, he stopped short of saying it was this obsession that might have pushed Gonzalez to get involved with the alleged crimes.
"He was self-taught," Palamino said of Gonzalez. "He didn't go out in the sandbox or play baseball. The computer was his best friend."
Gonzalez was drawn to look for bigger and bigger tests of his abilities, Palomino said. "One challenge was not enough and he'd move on to another challenge," he said. "It wasn't healthy. It's a sickness. It's a problem that has not been addressed in our society."
Palomino said he hopes to shed some light on computer addiction and to warn parents about the issue.
"[Gonzalez] is not looking to harm anybody physically," he added. "He's not a hardened criminal."
Gonzalez was one of three individuals indicted Monday in federal district court in New Jersey on charges related to the massive data thefts at Heartland Payment Systems, Hannaford Bros. 7-Eleven Inc and two other unidentified retailers. The three are alleged to have stolen data on more than 130 million payment cards from these five companies.
Gonzalez had been indicted twice last year - in Massachusetts and in New York - in connection with the sensational data heists at TJX Companies Inc., Dave & Busters, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW. He is being held without bail in a Brooklyn, N.Y., detention center.
It's unclear how much money Gonzalez made from his "operation get rich or die tryin," but it was apparently enough to support a lavish lifestyle.
Court documents related to his previous indictments described a $75,000 birthday party that was thrown by Gonzalez, and how he once complained about having to manually count more than $340,000 in cash illegally withdrawn from ATM machines.
At the time of his arrest last May, Gonzalez had $1.65 million in bank accounts, a Glock 27 pistol with several rounds of ammunition and numerous PCs, laptop computers and storage devices.
It also was unknown whether Palamino plans on using Gonzalez's computer addiction issue as a defense in court or to drive a plea bargain.
But the mere suggestion that it might evoked a stream of derision and criticism from security experts.
"That contention is pure garbage" said Ira Winkler, president of the Internet Security Advisors Group, and a Computerworld columnist.
"Even if you assume that there was remote validity to that argument, he was negligent in getting treatment," for the addicition, Winkler said.
He also brushed aside Palamino's comments that Gonzalez would never hurt anyone.
"I doubt [Bernard] Madoff would have ever harmed anyone physically, and frankly I would consider Madoff less of a hardened criminal than Gonzales," Winkler said, referring to the convicted mastermind of a Ponzi scheme that stole billions of dollars from clients.
Gonzalez's continued hacking activities despite his previous brushes with the law suggest more of an "addiction to money" than anything else, Winkler said. "Gonzales did not randomly hack things at any opportunity, but repeatedly targeted organizations where he could maximize his financial gain."
Scott Christie, a former federal prosecutor who now leads the information technology group at law firm McCarter & English LLP, was surprised by the claim that Gonzalez is suffering from a computer addiction.
"He's addicted to computers and that somehow forces him to commit crimes, too?" asked Christie, who prosecuted 28 members of the Shadowcrew hacking group in 2004.
Gonzalez was a leading member of the group but was not prosecuted since he had become a government informant the year before. "When you've got nothing for a defense, I guess you've got nothing to lose," Christie said.
Alan Paller, research director at the SANS Institute in Bethesda, Md. also dismissed the notion of computer addiction as an excuse. "So someone who was always interested in money became a bank robber and his addiction to money made him do it?" Paller said.
At the same time, though, Palamino raises a broader issue and one that needs to be addressed at a national level, Paller said.
"People who understand how computers work and learn enough about them to be able to hack have no way at all to advance their interests and skills except to be a hacker," Paller noted. Often, the only place where people with good hacking skills can go is to crime, he said.
"Gun nuts still can't go shoot people and car fanatics still can't use cars to rob banks," added John Pescatore, an analyst with Gartner Inc. in Stamford.
"I do have some faith in our legal system. I believe the 'Twinkie defense' ploy was thrown out in 1979 and hopefully the same thing happens here," he said.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Queensland government to provide 200 services online by 2015
Call Centers Suffer From Big Data Overload
CIO 100: Carsales wins top gong for innovation
How to secure passwords and other critical numbers
Australian National University streamlines IT
Best Practice in BYOD
The key trend affecting enterprise mobility today can be summarized in four letters: BYOD – Bring Your Own Device. As the number of end-users bringing devices into your organization grows, so does the need for an effective Enterprise Mobility Management (EMM) solution. Learn how to manage devices across multiple platforms all from a single, centralised and unified management console. Download for more!
Unleashing the Power of Information
If business-relevant information is not well managed, secured and analysed, it can become an underutilized asset or—worst case—a legal and competitive liability. Nearly all of the IT and business executives who responded to a recent survey recognise this risk, and say they understand the importance of having an enterprise information management (EIM) strategy. Find out more on how to reduce costs, improve competitiveness and avoid risk by making information management an enterprisewide strategic priority.
Jump the wall between the wired network and the wireless one.