Alleged kingpin of data heists was a computer addict, lawyer says
- 21 August, 2009 06:06
Albert Gonzalez, the man described by federal authorities as the kingpin of a gang responsible for stealing more than 130 million payment cards, is a computer addict constantly looking for ways to challenge his abilities, according to his lawyer.
In a conversation with Computerworld on Wednesday, Rene Palamino, the Miami-based lawyer representing Gonzalez said his client has had an unhealthy obsession with computers since the age of 8.
However, he stopped short of saying it was this obsession that might have pushed Gonzalez to get involved with the alleged crimes.
"He was self-taught," Palamino said of Gonzalez. "He didn't go out in the sandbox or play baseball. The computer was his best friend."
Gonzalez was drawn to look for bigger and bigger tests of his abilities, Palomino said. "One challenge was not enough and he'd move on to another challenge," he said. "It wasn't healthy. It's a sickness. It's a problem that has not been addressed in our society."
Palomino said he hopes to shed some light on computer addiction and to warn parents about the issue.
"[Gonzalez] is not looking to harm anybody physically," he added. "He's not a hardened criminal."
Gonzalez was one of three individuals indicted Monday in federal district court in New Jersey on charges related to the massive data thefts at Heartland Payment Systems, Hannaford Bros. 7-Eleven Inc and two other unidentified retailers. The three are alleged to have stolen data on more than 130 million payment cards from these five companies.
Gonzalez had been indicted twice last year - in Massachusetts and in New York - in connection with the sensational data heists at TJX Companies Inc., Dave & Busters, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW. He is being held without bail in a Brooklyn, N.Y., detention center.
It's unclear how much money Gonzalez made from his "operation get rich or die tryin," but it was apparently enough to support a lavish lifestyle.
Court documents related to his previous indictments described a $75,000 birthday party that was thrown by Gonzalez, and how he once complained about having to manually count more than $340,000 in cash illegally withdrawn from ATM machines.
At the time of his arrest last May, Gonzalez had $1.65 million in bank accounts, a Glock 27 pistol with several rounds of ammunition and numerous PCs, laptop computers and storage devices.
It also was unknown whether Palamino plans on using Gonzalez's computer addiction issue as a defense in court or to drive a plea bargain.
But the mere suggestion that it might evoked a stream of derision and criticism from security experts.
"That contention is pure garbage" said Ira Winkler, president of the Internet Security Advisors Group, and a Computerworld columnist.
"Even if you assume that there was remote validity to that argument, he was negligent in getting treatment," for the addicition, Winkler said.
He also brushed aside Palamino's comments that Gonzalez would never hurt anyone.
"I doubt [Bernard] Madoff would have ever harmed anyone physically, and frankly I would consider Madoff less of a hardened criminal than Gonzales," Winkler said, referring to the convicted mastermind of a Ponzi scheme that stole billions of dollars from clients.
Gonzalez's continued hacking activities despite his previous brushes with the law suggest more of an "addiction to money" than anything else, Winkler said. "Gonzales did not randomly hack things at any opportunity, but repeatedly targeted organizations where he could maximize his financial gain."
Scott Christie, a former federal prosecutor who now leads the information technology group at law firm McCarter & English LLP, was surprised by the claim that Gonzalez is suffering from a computer addiction.
"He's addicted to computers and that somehow forces him to commit crimes, too?" asked Christie, who prosecuted 28 members of the Shadowcrew hacking group in 2004.
Gonzalez was a leading member of the group but was not prosecuted since he had become a government informant the year before. "When you've got nothing for a defense, I guess you've got nothing to lose," Christie said.
Alan Paller, research director at the SANS Institute in Bethesda, Md. also dismissed the notion of computer addiction as an excuse. "So someone who was always interested in money became a bank robber and his addiction to money made him do it?" Paller said.
At the same time, though, Palamino raises a broader issue and one that needs to be addressed at a national level, Paller said.
"People who understand how computers work and learn enough about them to be able to hack have no way at all to advance their interests and skills except to be a hacker," Paller noted. Often, the only place where people with good hacking skills can go is to crime, he said.
"Gun nuts still can't go shoot people and car fanatics still can't use cars to rob banks," added John Pescatore, an analyst with Gartner Inc. in Stamford.
"I do have some faith in our legal system. I believe the 'Twinkie defense' ploy was thrown out in 1979 and hopefully the same thing happens here," he said.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
How Web Security Improves Productivity and Compliance
In this white paper, we will look at how secure web gateways, one type of information security technology, can provide benefits to many departments within any business or government agency. Download now.
Mobility Apps: What every developer should know
Learn how others have delivered industry-leading, multi-platform management and security solutions. In this whitepaper, we look how app developers can develop, deploy and manage apps that enterprises can rely on today and into the future. Click to download!
Moving to a Private Cloud? Infrastructure Really Matters!
The Cloud isn’t about locality. It is about quality of service delivery, cost, and whether the services consumed satisfy our objectives. For the enterprise, you need to select the right QoS to mitigate the inherent risks or you face the problem of losing data and the ability to execute operationally. Read on.