Image: Albert Gonzalez
Wired.com / Handout  /  EPA
Albert Gonzalez, 28, was indicted Aug. 18 on charges that he carried out the largest hacking and identity-theft case in US history.
updated 8/27/2009 6:31:07 PM ET 2009-08-27T22:31:07

An accused computer hacker charged in what prosecutors call the largest cases of identity theft in U.S. history has been negotiating a plea deal with the federal government, people close to the case said Thursday.

Albert Gonzalez, who once helped the U.S. Secret Service hunt hackers, has been weighing a deal to plead guilty on two of the three cases against him, two people told The Associated Press. They spoke on condition of anonymity because they were not authorized to discuss the plea talks.

Gonzalez, 28, is charged with swiping the credit and debit card numbers of more than 170 million accounts.

Gonzalez' lawyer, Rene Palomino Jr. of Miami, said that he is "intending to finalize the case as early as Friday."

"My client is extremely remorseful as to what has happened," Palomino told the AP Thursday.

The two sides are working on a plea that would resolve charges filed against Gonzalez in New York and Boston. When the Boston charges were filed last year, prosecutors called it the largest single corporate identity theft ever: stealing the details of some 40 million accounts.

Yet even after he was jailed, authorities continued to unravel his alleged scams. Earlier this month, federal prosecutors in New Jersey filed new charges against Gonzalez, accusing him of a separate identity theft swindle that dwarfed the others: some 130 million customer accounts.

Gonzalez was arrested in 2003 for hacking but not charged because authorities said he became a Secret Service informant.

Over the next five years, authorities said, Gonzalez continued to hack into the computer systems of Fortune 500 companies even while providing assistance to the government. A judge allowed him to move from New Jersey back to Florida in 2004, and court documents alleged that Gonzalez hacked into the national restaurant chain Dave & Buster's.

He was arrested again in 2008 in Miami, as he was staying at a luxury hotel on the beach.

Officials said Gonzalez devised a sophisticated attack to penetrate computer networks, steal credit and debit card data, and send that information to computer servers in California, Illinois, Latvia, the Netherlands and Ukraine.

Prosecutors allege Gonzalez was the ringleader of hackers in the first round of stealing 40 million credit card numbers from retailers like T.J. Maxx, Barnes & Noble, Sports Authority and OfficeMax.

One of their techniques apparently involved "wardriving," or cruising through different areas with a laptop computer and looking for retailers' accessible wireless Internet signals. Once they located a vulnerable network, the hackers installed "sniffer programs" that captured credit and debit card numbers as they moved through a retailer's processing computers — then tried to sell the data.

In the latest charges against Gonzalez, authorities said he and two Russian conspirators used a different technique to hack into corporate networks and secretly place "malware," or malicious software, that would allow them backdoor access to the networks to steal data later.

Palomino, his defense lawyer, has said his client had a computer addiction.

"Albert is not a mean-spirited individual, he desires no physical harm on anybody and he wouldn't hurt a fly," Palomino told the AP in an earlier interview. "He's really not a bad guy. He just got way in over his head."

© 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments