Former Barclays programmer gets four years for role in TJX attacks
Zaman pleaded guilty to helping Gonzalez gang launder money from data theft scheme
Computerworld - A former Barclays Bank programmer who helped launder money for the mastermind behind the data thefts at TJX Companies Inc. and other retailers was sentenced to four years in prison by a federal court in Boston on Thursday.
Humza Zaman, 33, was also ordered to pay a fine of $75,000 and will be under three years of court supervision upon his release.
Zaman last April had pleaded guilty to a one-count indictment charging him with a litany of offenses, including money laundering, unlawful access to computers, identity theft and wire fraud. Zaman's sentence is due to begin on April 12.
Court papers said Zaman helped Albert Gonzalez, the leader of the criminal gang behind the TJX attacks, launder $600,000 to $800,000 in stolen money. Zaman is believed to have received about 10% of the total for his effort.
Gonzalez was one of 11 individuals arrested in August 2008 in connection with the massive data thefts at TJX, BJ's Wholesale Clubs Inc. and numerous other retailers. In all, Gonzalez and his gang are believed responsible for stealing data more than 130 million credit and debit cards over a six-year period going back to 2003.
Gonzalez, who is from Miami, last year pleaded guilty to his role in the attacks and is awaiting sentencing. Under the terms of a plea agreement with federal prosecutors, Gonzalez will receive a minimum sentence of 17 years in prison.
According to court papers, Zaman's role in the operation was limited to helping Gonzalez repatriate proceeds from the sale and use of stolen credit card data. Gonzalez would often have money sent to a bank account in Latvia, and Zaman would arrange to have the money sent back to the U.S.
At one time, for example, Zaman used ATM cards linked to several fictitious accounts to withdraw more than $38,000 from Gonzalez's Latvian bank account. He then sent the money to Gonzalez, after keeping a 10% cut. Zaman also traveled from New York to California on multiple occasions to meet with an individual who would give him between $100,000 and $250,000 in cash. After taking his cut, Zaman would put the money in Federal Express boxes and ship it to Gonzalez using a fictitious name, the court papers said.
In March 2008, Zaman, who was working at Barclays at the time, sent a copy of the bank's ATM transaction log to Gonzalez to see if it would be of any value to his gang. That data, however, appears never to have been used by the gang, the court papers noted.
In recommending a 46-month sentence for his actions, prosecutors noted that Zaman "incontrovertibly knew that Gonzalez was a major hacker who profited handsomely from identity theft from major corporations." However, there is no evidence to show that Zaman participated in any of the intrusions or knew of their scope.
In a presentencing memo, prosecutors described Zaman as an individual with a normal childhood who read a lot, had a lot of friends and was a member of numerous after-school clubs. Between 1999 and the time of his arrest in March 2009, Zaman progressed through a "series of jobs with increasing responsibility" and saw his annual salary increase from $30,000 to more than $130,000 plus bonuses. However, a lifestyle characterized by partying and the use of expensive recreational drugs meant that Zaman "needed cash beyond his six-figure legitimate income," the memo noted.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- University of North Florida breach exposes data on 107,000 individuals
- Zeus Trojan bust reveals sophisticated 'money mules' operation in U.S.
- GAO slams White House for failing to lead on cybersecurity
- Man charged with attack on Web site of Fox News' Bill O'Reilly
- Heartland breach expenses pegged at $140M -- so far
- IT contractor gets five years for $2M credit union theft
- Democracy would suffer if Google left China, says MIT panel
- Gonzalez accomplice gets five years for hacking TJX
- Threat of cyberattacks from overseas high, federal IT execs say
- Botnets 'the Swiss Army knife of attack tools'
Read more about Security in Computerworld's Security Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts