The largest data theft in the US history. The highest sentence ever passed for a computer crime. Secret Service. Torture and treachery. Julian Assange’s faint shadow. This story has it all.
It starts with Albert Gonzalez, mastermind of a hacking group that stole almost 90 million credit card numbers in the famous TJX heist. In 2008, he was busted and found guilty of all charges. Then, he did an obvious thing for someone who’s going to stay behind the bars until 2025. He wrote a long petition, claiming he’s innocent.
His defense is so crazy it might just be true. The TJX hacker believed he is actually working for the US government. No, he’s not the tinfoil hat kind of guy – we know that he had a contact with a government agency. In 2003 he was arrested and forced to cooperate with Secret Service. Over the next years, he helped agents to infiltrate the hacking community – he committed many computer related crimes during covert operations, with full approval of his superiors. He was still an active informant in 2005, when the TJX crime took place. Apparently, the agency forgot to notify him that his hacking carte blanche does not apply to this particular action.
To make things even more interesting, Gonzalez has been caught and prosecuted thanks to the information obtained in a highly questionable way. In 2007, one of the top stolen data vendors in the world, a Ukrainian carder, Maksym “Maksik” Yastremskiy, was lured to Turkey and arrested. Then he was apparently beaten until he gave up the password protecting his laptop – his data was later used in the US court. Is torture outsourcing the next big thing?
The Gonzalez controversy comes from the general philosophy of various US agencies. They want to have a tighter control over the Internet – they want to fight piracy, cyber terrorism, dangerous botnets, whistleblowers like Wikileaks, and some of the web content (they eagerly use child pornography as an example, but uncle Sam would also love to crack down on radical sites or anything he doesn’t like). At the same time, United States don’t want to end up in the same league as China. That’s why – instead of radical measures, like nationwide firewall, or blocking content – government agencies turned to subversion. This resulted in many interesting cases, like the one of HBGary, where US Chamber of Commerce paid a third-party company to commit various computer crimes, including data theft and forgery, in order to discredit Wikileaks and Julian Assange. And the officials are hungry for more – Department of Defense is actively trying to enroll the members of hacking community. The use of shady cyber operations is also on the rise. Couple of days ago FBI secured a warrant, allowing them to use a remote kill switch on thousands of computers in order to disable the Coreflood botnet. Sure, the software was malicious, but a dangerous precedent has been set – the government decided it will take care of the content of your computer for you. In fact, they fight malware only to replace it with malware of their own.
The subversive tactics are definitely more subtle than China’s approach – if they work. The problem is, with so many government-approved cyber operations, the grey zone is now very large and it’s sometimes hard to tell if you’re being on the right side or not.
Imagine a city where police has no uniforms and drive ordinary cars. A city where one call from authorities can make anyone a policeman for a day. Yesterday, carrying a weapon and driving on the pavement was illegal for you, but today – you are asked to do just that, and you get paid for it. Oh, and did I mention they sometimes forget to tell you they have revoked your badge? No wonder slip-ups are common.
Of course, it’s not that simple with Albert Gonzalez. The evidence seems to suggest, that he was a cop and a criminal at the very same time. As he helped to jail fellow fraudsters, and earned $75000 a year doing so, he was also running a side project called “get rich or die trying”. I guess it’s due to the unsatisfactory retirement plan Secret Service has for its informers – the “Go Away” pension scheme from “We Don’t Know You” financial services.
In the end, Albert Gonzalez was just a two-faced crook, he stole real money from real people, and sent many of his friends to jail. But the scary thing is, he was locked up mostly because he was too efficient. If his scheme wasn’t as successful, he would still be a Secret Service informer in the hacking community. A fully approved cybercriminal on a payroll from web-obsessed uncle Sam. Plus, evidence against him was obtained by torture. It all makes hard to discern who’s worse – Gonzalez himself, or the people who used him, and then jailed him, with the help of information obtained by treachery and torture.
If you’re out there, hacking for greater justice, be sure to ask your Secret Service or FBI officer for an official work contract. Or at least check if your gray zone is a lighter or darker shade of gray. Otherwise you might end up where Gonzalez is – serving a 20 year sentence and writing long, long petitions that will most likely fall on deaf ears.