Former Barclays programmer gets four years for role in TJX attacks
Zaman pleaded guilty to helping Gonzalez gang launder money from data theft scheme
Computerworld - A former Barclays Bank programmer who helped launder money for the mastermind behind the data thefts at TJX Companies Inc. and other retailers was sentenced to four years in prison by a federal court in Boston on Thursday.
Humza Zaman, 33, was also ordered to pay a fine of $75,000 and will be under three years of court supervision upon his release.
Zaman last April had pleaded guilty to a one-count indictment charging him with a litany of offenses, including money laundering, unlawful access to computers, identity theft and wire fraud. Zaman's sentence is due to begin on April 12.
Court papers said Zaman helped Albert Gonzalez, the leader of the criminal gang behind the TJX attacks, launder $600,000 to $800,000 in stolen money. Zaman is believed to have received about 10% of the total for his effort.
Gonzalez was one of 11 individuals arrested in August 2008 in connection with the massive data thefts at TJX, BJ's Wholesale Clubs Inc. and numerous other retailers. In all, Gonzalez and his gang are believed responsible for stealing data more than 130 million credit and debit cards over a six-year period going back to 2003.
Gonzalez, who is from Miami, last year pleaded guilty to his role in the attacks and is awaiting sentencing. Under the terms of a plea agreement with federal prosecutors, Gonzalez will receive a minimum sentence of 17 years in prison.
According to court papers, Zaman's role in the operation was limited to helping Gonzalez repatriate proceeds from the sale and use of stolen credit card data. Gonzalez would often have money sent to a bank account in Latvia, and Zaman would arrange to have the money sent back to the U.S.
At one time, for example, Zaman used ATM cards linked to several fictitious accounts to withdraw more than $38,000 from Gonzalez's Latvian bank account. He then sent the money to Gonzalez, after keeping a 10% cut. Zaman also traveled from New York to California on multiple occasions to meet with an individual who would give him between $100,000 and $250,000 in cash. After taking his cut, Zaman would put the money in Federal Express boxes and ship it to Gonzalez using a fictitious name, the court papers said.
In March 2008, Zaman, who was working at Barclays at the time, sent a copy of the bank's ATM transaction log to Gonzalez to see if it would be of any value to his gang. That data, however, appears never to have been used by the gang, the court papers noted.
In recommending a 46-month sentence for his actions, prosecutors noted that Zaman "incontrovertibly knew that Gonzalez was a major hacker who profited handsomely from identity theft from major corporations." However, there is no evidence to show that Zaman participated in any of the intrusions or knew of their scope.
In a presentencing memo, prosecutors described Zaman as an individual with a normal childhood who read a lot, had a lot of friends and was a member of numerous after-school clubs. Between 1999 and the time of his arrest in March 2009, Zaman progressed through a "series of jobs with increasing responsibility" and saw his annual salary increase from $30,000 to more than $130,000 plus bonuses. However, a lifestyle characterized by partying and the use of expensive recreational drugs meant that Zaman "needed cash beyond his six-figure legitimate income," the memo noted.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- University of North Florida breach exposes data on 107,000 individuals
- Zeus Trojan bust reveals sophisticated 'money mules' operation in U.S.
- GAO slams White House for failing to lead on cybersecurity
- Man charged with attack on Web site of Fox News' Bill O'Reilly
- Heartland breach expenses pegged at $140M -- so far
- IT contractor gets five years for $2M credit union theft
- Democracy would suffer if Google left China, says MIT panel
- Gonzalez accomplice gets five years for hacking TJX
- Threat of cyberattacks from overseas high, federal IT execs say
- Botnets 'the Swiss Army knife of attack tools'
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!