The hacker responsible for the largest data breach in U.S. history was sentenced to 20 years in prison for his crimes. Albert Gonzalez hacked into Heartland Payment Systems computer network and stole tens of millions of credit card and debit card numbers. Heartland is one of the largest payment processors in the country with customers like Visa, Hannaford, American Express and 7-11.

“I am guilty of these crimes … I accept full responsibility for these actions,” Gonzalez said at the sentencing, “I plead for leniency,” he said. “I understand that the road to redemption is going to be long for me,” adding that it was his hope, however, that he would be able to be on that road someday.

Gonzalez, who had buried $1 million dollars of his illegally gained profits in his backyard, had been working as an informant with the U.S. Secret Service but double crossed them. He will also serve two 20 year sentences for his roles in data breaches that affected TJ Maxx, Dave & Busters, Barnes and Nobel, DSW, OfficeMax, and other major retailers. He and the gang of criminals he worked with stole millions more credit and debit card numbers and sold them on the black market.

Heartland lost over $130 million due to the breach and was forced to agree to multi-million dollar settlements with Visa and American Express. It is not yet known what, if any restitution Gonzalez will have to make. A hearing on the matter is scheduled for late June.

Donors to Minnesota Senator Norm Coleman’s campaign reacted angrily to the news that his campaign website hosted a completely unprotected datebase that contained their names, addresses, credit card numbers, and 3 digit security codes. The breach was revealed by the site Wikileaks.org and the Minnesota Independent. Wikileaks sent an email out to the donors, warning them their information had been compromised. It appears Coleman, who is fighting with Democrat Al Franken for the states hotly contested Senate seat, was made aware of the breach in January but never made a statement nor contacted his donors. TheHill.com says it made contact with the campaign, who finally aknowledged the breach and is encouraging them to cancel their credit cards.

 

          Campaign spokesman Cullen Sheehan wrote in an email to supporters that that there was no “evidence that our database was downloaded by any unauthorized party,” but he doesn’t dispute the possibility that security has been breached. Several IT professionals interviewed by the Minnesota Independent in late January revealed they had downloaded the database, which was not password protected. This fact seems to contradict Sheehan’s report about findings by federal authorities looking into the case. They “did not find evidence that our database was downloaded by any unauthorized party.”

Um, Mr. Sheehan? Unless you gave Wikileaks.org permission to download it and post parts of it on its website, or those IT professionals,  it sounds to me like it was downloaded by several unauthorized parties. Ignorance at its best.  The good news is there have been no reports of fraudulent credit card activity linked to the breach.

It never ceases to amaze me how arrogant some hackers and spammers are. Reading about the case of Josh Holly, the person who hacked into Miley Cyrus’ MySpace account, the hacker clearly shows his youth when he argues that he can’t ever be caught. Of course, when I was 19, I too thought I was invincible. We all did. My biggest crime though, was smuggling a briefcase full of beer into my friend’s dorm room. (Unlike Holly though, I was never caught!) He was just too sure of himself and spent a little too much time bragging about his exploits, and people who are a lot smarter than he finally caught up to him. As for me and my friends, we just drank the beer and moved on with our lives.

Holly, also known as “TrainReq”, had hacked into the talented Miss Cyrus’ MySpace and Gmail accounts and stole her personal photos, but according to a recent update on the account on Wired.com, his activities weren’t just limited to cheap thrills. He was, of course, a spammer and had raked in over a hundred thousand dollars, sending out spam from celebrities’ email accounts.

Continue reading Hacker who broke into Miley Cyrus account was a spammer»

A California man has been sentenced to a year in federal prison for hacking into his former employer’s computer system and giving spammers access to the mail server.

Steven Barnes was also ordered to pay a fine of over $54,000. Prosecutors say Barnes hacked into Akimno Systems’ network, turned the mail server into a massive open relay which sent out so much spam that the company’s email service was restricted, deleted its Microsoft Exchange data base, and compromised core boot files. Barnes pleaded guilty to the charges.

Continue reading Former IT Manager Sentenced to One Year in Prison For Hacking Former Employer»