The December 2022 issue of IEEE Spectrum is here!

Close bar

An indictment was returned against three individuals who are charged with being responsible for five corporate data breaches, including the single largest reported data breach in U.S. history, the US Justice Department (DOJ) announced yesterday.

The indictment alleges that the co-conspirators hatched a scheme in which more than 130 million credit and debit card numbers together with account information were stolen from Heartland Payment Systems, Inc., based in Princeton, N.J., 7-Eleven, Inc., and Hannaford Brothers Co. In addition, two unidentified corporate victims were allegedly hacked by the co-conspirators.

According to the DOJ press release, between October 2006 and May 2008, Albert Gonzalez, 28, of Miami, Fla., acted with two unnamed co-conspirators to identify large corporations, often by scanning the list of Fortune 500 companies and exploring corporate websites. Upon identifying a potential victim, Gonzalez and his co-conspirators sought to identify vulnerabilities, both by physical observation and by online exploration.

The DOJ says that the alleged hackers would go to the retail locations of their potential victims in an attempt to identify the type of point-of-sale machines utilized by the victim companies. After reconnaissance of the computer systems was completed, information would be uploaded to servers which served as hacking platforms. These servers, located in New Jersey and around the world, were used by the co-conspirators to store information critical to the hacking schemes and to subsequently launch the hacking attacks.

Gonzalez was previously indicted in the Eastern District of New York on May 12, 2008, and the District of Massachusetts on August 5, 2008, for his involvement in different conspiracies relating to data breaches of companies such as TJX Companies, Dave & Busters, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.  He has been in jail since May 2008 when he was arrested in conjunction with hacking into Dave & Busters.

Gonzalez was also previously arrested in New Jersey in 2003 for his role in ATM and debit card fraud. However, the Wall Street Journal reports, Gonzalez wasn't prosecuted because he agreed to become an informant for the US Secret Service following his arrest.

If convicted, Gonzalez faces up to 30 years in prison on the wire fraud conspiracy charge and an additional five years in prison on the conspiracy charge, as well as a fine of $250,000 for each charge.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
Vertical
A plate of spaghetti made from code
Shira Inbar
DarkBlue1

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less
{"imageShortcodeIds":["31996907"]}