Gonzalez's lawyer to contend he was not the kingpin of Heartland, Hannaford breaches
Damon Patrick Toey was the real leader of those attacks, Gonzalez's counsel says
Computerworld - The attorney for Albert Gonzalez, the man indicted Monday on charges related to the massive data thefts at Heartland Payment Systems and four other retailers, claims it was another member of Gonzalez's gang who was the real leader of the heists.
In an interview with the New York Times, Gonzalez's lawyer, Rene Palomino, said he was prepared to argue that the person who organized the break-ins at Heartland and elsewhere was really Damon Patrick Toey of Miami.
Palomino said Toey is the individual who was identified only as "P.T," an unindicted co-conspirator in Monday's indictment papers. Palomino also told the Times that one of the unnamed Russian conspirators mentioned in the indictment is an individual named Maksym Yastremski, who is currently serving a 30-year sentence in a Turkish prison.
Toey was one of 11 individuals, including Gonzalez, who were indicted last year on charges related to the data thefts at TJX Companies Inc., Dave & Busters, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.
Court documents associated with those indictments describe Toey as the individual whom Gonzalez relied on to launch SQL injection attacks against various Web servers and databases handling payment card data. Prosecutors have alleged that the same method was used in the data heists for which Gonzalez was indicted on Monday.
Toey pleaded guilty to his involvement in TJX and the other hackings last year and is scheduled to be sentenced in November on those charges. Yastremski was also one of those indicted last year in connection with those breaches. Prosecutors have described Yastremskiy as one of the biggest resellers of stolen payment card data to be ever targeted by the Secret Service.
Gonzalez was indicted in New Jersey on Monday on charges that he was responsible for the data thefts at Heartland, Hannaford Bros., 7-Eleven Inc., and two other unidentified retailers. Federal authorities alleged Gonzalez, who used the online nicknames soupnazi and segvec, masterminded an international operation that stole a staggering 130 million payment cards. Two unidentified Russian citizens were also indicted. Gonzalez, currently in a Brooklyn detention center, was indicted last year in New York and Massachusetts in connection with the breaches at TJX and elsewhere.
The Times article says Gonzalez was close to reaching a "comprehensive plea agreement" with federal prosecutors in Massachusetts and New York, when he was hit with the indictments in New Jersey this week. Prior to those indictments, Gonzalez had been "very close" to accepting responsibility for the crimes he had been charged with last year in return for a prison sentence of around 20 years or so, theTimes quoted Palomino as saying.
In a conversation with Computerworld this morning, Palomino said that he hopes to hammer out a new agreement with prosecutors over the next several weeks that will cover charges in all three indictments . "We're trying to work out one small detail that's left," he said. Attempts to confirm Palomino's comments to the Times were not successful.
Massive data thefts
- Update: Mastermind of TJX, Heartland breaches to plead guilty
- Alleged data-heist kingpin is a computer addict, lawyer says
- Gonzalez's lawyer to contend he was not the kingpin of Heartland, Hannaford breaches
- Hacking kingpin negotiating plea deal with feds
- Three indicted for hack attacks on Heartland, Hannaford
- TJX data breach: At 45.6M card numbers, it's the biggest ever
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- How WAN Optimization Helps Enterprises Reduce Costs If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Cybercrime and Hacking White Papers | Webcasts