Former Barclays programmer gets four years for role in TJX attacks
Zaman pleaded guilty to helping Gonzalez gang launder money from data theft scheme
Computerworld - A former Barclays Bank programmer who helped launder money for the mastermind behind the data thefts at TJX Companies Inc. and other retailers was sentenced to four years in prison by a federal court in Boston on Thursday.
Humza Zaman, 33, was also ordered to pay a fine of $75,000 and will be under three years of court supervision upon his release.
Zaman last April had pleaded guilty to a one-count indictment charging him with a litany of offenses, including money laundering, unlawful access to computers, identity theft and wire fraud. Zaman's sentence is due to begin on April 12.
Court papers said Zaman helped Albert Gonzalez, the leader of the criminal gang behind the TJX attacks, launder $600,000 to $800,000 in stolen money. Zaman is believed to have received about 10% of the total for his effort.
Gonzalez was one of 11 individuals arrested in August 2008 in connection with the massive data thefts at TJX, BJ's Wholesale Clubs Inc. and numerous other retailers. In all, Gonzalez and his gang are believed responsible for stealing data more than 130 million credit and debit cards over a six-year period going back to 2003.
Gonzalez, who is from Miami, last year pleaded guilty to his role in the attacks and is awaiting sentencing. Under the terms of a plea agreement with federal prosecutors, Gonzalez will receive a minimum sentence of 17 years in prison.
According to court papers, Zaman's role in the operation was limited to helping Gonzalez repatriate proceeds from the sale and use of stolen credit card data. Gonzalez would often have money sent to a bank account in Latvia, and Zaman would arrange to have the money sent back to the U.S.
At one time, for example, Zaman used ATM cards linked to several fictitious accounts to withdraw more than $38,000 from Gonzalez's Latvian bank account. He then sent the money to Gonzalez, after keeping a 10% cut. Zaman also traveled from New York to California on multiple occasions to meet with an individual who would give him between $100,000 and $250,000 in cash. After taking his cut, Zaman would put the money in Federal Express boxes and ship it to Gonzalez using a fictitious name, the court papers said.
In March 2008, Zaman, who was working at Barclays at the time, sent a copy of the bank's ATM transaction log to Gonzalez to see if it would be of any value to his gang. That data, however, appears never to have been used by the gang, the court papers noted.
In recommending a 46-month sentence for his actions, prosecutors noted that Zaman "incontrovertibly knew that Gonzalez was a major hacker who profited handsomely from identity theft from major corporations." However, there is no evidence to show that Zaman participated in any of the intrusions or knew of their scope.
In a presentencing memo, prosecutors described Zaman as an individual with a normal childhood who read a lot, had a lot of friends and was a member of numerous after-school clubs. Between 1999 and the time of his arrest in March 2009, Zaman progressed through a "series of jobs with increasing responsibility" and saw his annual salary increase from $30,000 to more than $130,000 plus bonuses. However, a lifestyle characterized by partying and the use of expensive recreational drugs meant that Zaman "needed cash beyond his six-figure legitimate income," the memo noted.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- University of North Florida breach exposes data on 107,000 individuals
- Zeus Trojan bust reveals sophisticated 'money mules' operation in U.S.
- GAO slams White House for failing to lead on cybersecurity
- Man charged with attack on Web site of Fox News' Bill O'Reilly
- Heartland breach expenses pegged at $140M -- so far
- IT contractor gets five years for $2M credit union theft
- Democracy would suffer if Google left China, says MIT panel
- Gonzalez accomplice gets five years for hacking TJX
- Threat of cyberattacks from overseas high, federal IT execs say
- Botnets 'the Swiss Army knife of attack tools'
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts