Gonzalez's lawyer to contend he was not the kingpin of Heartland, Hannaford breaches
Damon Patrick Toey was the real leader of those attacks, Gonzalez's counsel says
Computerworld - The attorney for Albert Gonzalez, the man indicted Monday on charges related to the massive data thefts at Heartland Payment Systems and four other retailers, claims it was another member of Gonzalez's gang who was the real leader of the heists.
In an interview with the New York Times, Gonzalez's lawyer, Rene Palomino, said he was prepared to argue that the person who organized the break-ins at Heartland and elsewhere was really Damon Patrick Toey of Miami.
Palomino said Toey is the individual who was identified only as "P.T," an unindicted co-conspirator in Monday's indictment papers. Palomino also told the Times that one of the unnamed Russian conspirators mentioned in the indictment is an individual named Maksym Yastremski, who is currently serving a 30-year sentence in a Turkish prison.
Toey was one of 11 individuals, including Gonzalez, who were indicted last year on charges related to the data thefts at TJX Companies Inc., Dave & Busters, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.
Court documents associated with those indictments describe Toey as the individual whom Gonzalez relied on to launch SQL injection attacks against various Web servers and databases handling payment card data. Prosecutors have alleged that the same method was used in the data heists for which Gonzalez was indicted on Monday.
Toey pleaded guilty to his involvement in TJX and the other hackings last year and is scheduled to be sentenced in November on those charges. Yastremski was also one of those indicted last year in connection with those breaches. Prosecutors have described Yastremskiy as one of the biggest resellers of stolen payment card data to be ever targeted by the Secret Service.
Gonzalez was indicted in New Jersey on Monday on charges that he was responsible for the data thefts at Heartland, Hannaford Bros., 7-Eleven Inc., and two other unidentified retailers. Federal authorities alleged Gonzalez, who used the online nicknames soupnazi and segvec, masterminded an international operation that stole a staggering 130 million payment cards. Two unidentified Russian citizens were also indicted. Gonzalez, currently in a Brooklyn detention center, was indicted last year in New York and Massachusetts in connection with the breaches at TJX and elsewhere.
The Times article says Gonzalez was close to reaching a "comprehensive plea agreement" with federal prosecutors in Massachusetts and New York, when he was hit with the indictments in New Jersey this week. Prior to those indictments, Gonzalez had been "very close" to accepting responsibility for the crimes he had been charged with last year in return for a prison sentence of around 20 years or so, theTimes quoted Palomino as saying.
In a conversation with Computerworld this morning, Palomino said that he hopes to hammer out a new agreement with prosecutors over the next several weeks that will cover charges in all three indictments . "We're trying to work out one small detail that's left," he said. Attempts to confirm Palomino's comments to the Times were not successful.
Massive data thefts
- Update: Mastermind of TJX, Heartland breaches to plead guilty
- Alleged data-heist kingpin is a computer addict, lawyer says
- Gonzalez's lawyer to contend he was not the kingpin of Heartland, Hannaford breaches
- Hacking kingpin negotiating plea deal with feds
- Three indicted for hack attacks on Heartland, Hannaford
- TJX data breach: At 45.6M card numbers, it's the biggest ever
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- Pragmatic Endpoint Management: Empowering an SMB Workforce in the Age of Mobility Lacking the time for proper training and education, SMB administrators often resort to taking shortcuts to keep their environment running.This paper discusses the...
- Gartner Magic Quadrant for Application Security The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced Web applications and dynamic languages, are forcing...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Cybercrime and Hacking White Papers | Webcasts