Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Alleged kingpin of data heists was a computer addict, lawyer says

Security analysts scoff, say Gonzalez more likely 'addicted to money'

Albert Gonzalez, the man described by federal authorities as the kingpin of a gang responsible for stealing more than 130 million payment cards, is a computer addict constantly looking for ways to challenge his abilities, according to his lawyer.

In a conversation with Computerworld on Wednesday, Rene Palamino, the Miami-based lawyer representing Gonzalez said his client has had an unhealthy obsession with computers since the age of 8.

However, he stopped short of saying it was this obsession that might have pushed Gonzalez to get involved with the alleged crimes.

"He was self-taught," Palamino said of Gonzalez. "He didn't go out in the sandbox or play baseball. The computer was his best friend."

Gonzalez was drawn to look for bigger and bigger tests of his abilities, Palomino said. "One challenge was not enough and he'd move on to another challenge," he said. "It wasn't healthy. It's a sickness. It's a problem that has not been addressed in our society."

Palomino said he hopes to shed some light on computer addiction and to warn parents about the issue.

"[Gonzalez] is not looking to harm anybody physically," he added. "He's not a hardened criminal."

Gonzalez was one of three individuals indicted Monday in federal district court in New Jersey on charges related to the massive data thefts at Heartland Payment Systems, Hannaford Bros. 7-Eleven Inc and two other unidentified retailers. The three are alleged to have stolen data on more than 130 million payment cards from these five companies.

Gonzalez had been indicted twice last year - in Massachusetts and in New York - in connection with the sensational data heists at TJX Companies Inc., Dave & Busters, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW. He is being held without bail in a Brooklyn, N.Y., detention center.

It's unclear how much money Gonzalez made from his "operation get rich or die tryin," but it was apparently enough to support a lavish lifestyle.

Court documents related to his previous indictments described a $75,000 birthday party that was thrown by Gonzalez, and how he once complained about having to manually count more than $340,000 in cash illegally withdrawn from ATM machines.

At the time of his arrest last May, Gonzalez had $1.65 million in bank accounts, a Glock 27 pistol with several rounds of ammunition and numerous PCs, laptop computers and storage devices.

It also was unknown whether Palamino plans on using Gonzalez's computer addiction issue as a defense in court or to drive a plea bargain.

But the mere suggestion that it might evoked a stream of derision and criticism from security experts.

"That contention is pure garbage" said Ira Winkler, president of the Internet Security Advisors Group, and a Computerworld columnist.

"Even if you assume that there was remote validity to that argument, he was negligent in getting treatment," for the addicition, Winkler said.

He also brushed aside Palamino's comments that Gonzalez would never hurt anyone.

"I doubt [Bernard] Madoff would have ever harmed anyone physically, and frankly I would consider Madoff less of a hardened criminal than Gonzales," Winkler said, referring to the convicted mastermind of a Ponzi scheme that stole billions of dollars from clients.

Gonzalez's continued hacking activities despite his previous brushes with the law suggest more of an "addiction to money" than anything else, Winkler said. "Gonzales did not randomly hack things at any opportunity, but repeatedly targeted organizations where he could maximize his financial gain."

Scott Christie, a former federal prosecutor who now leads the information technology group at law firm McCarter & English LLP, was surprised by the claim that Gonzalez is suffering from a computer addiction.

"He's addicted to computers and that somehow forces him to commit crimes, too?" asked Christie, who prosecuted 28 members of the Shadowcrew hacking group in 2004.

Gonzalez was a leading member of the group but was not prosecuted since he had become a government informant the year before. "When you've got nothing for a defense, I guess you've got nothing to lose," Christie said.

Alan Paller, research director at the SANS Institute in Bethesda, Md. also dismissed the notion of computer addiction as an excuse. "So someone who was always interested in money became a bank robber and his addiction to money made him do it?" Paller said.

At the same time, though, Palamino raises a broader issue and one that needs to be addressed at a national level, Paller said.

"People who understand how computers work and learn enough about them to be able to hack have no way at all to advance their interests and skills except to be a hacker," Paller noted. Often, the only place where people with good hacking skills can go is to crime, he said.

"Gun nuts still can't go shoot people and car fanatics still can't use cars to rob banks," added John Pescatore, an analyst with Gartner Inc. in Stamford.

"I do have some faith in our legal system. I believe the 'Twinkie defense' ploy was thrown out in 1979 and hopefully the same thing happens here," he said.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Barnes & Noble, Gartner, Internet Security Advisors Group, LP, McCarter & English, OfficeMax, SANS Institute
References show all
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: hackers, security, data breach, cyber security, hacking
Latest Blog Posts
Whitepapers
  • eBook - Flash Buyers Guide
    This paper provides a guide for evaluating and selecting the best all-flash storage for your enterprise class environment. The detailed content covers all product classes and where they can be best applied to your circumstances, as well as what the key elements are for each to avoid potential pitfalls in the selection process.
    Learn more »
  • The Three Essential Steps to Successful Cloud Migration
    Businesses and enterprises have quickly realised the power and efficiency of cloud computing, but migrating to the cloud can be a challenging process. This guide leads you through the three key steps you should take to assess your workload, select the most appropriate cloud model and ensure your cloud provider’s migration methodology stacks up.
    Learn more »
  • Case Study: Steel Blue
    Read how Perth-based safety footwear manufacturer, Steel Blue, was able to cut costs with shipping and improve efficiency while meeting the growing demand for their products as they expanded their national and export markets and increased their local market share, all thanks to a new ERP system.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments

Computerworld
ARN
Techworld
CMO