The Great Cyberheist: Inside the life of an identity thief

The New York Times has a fantastic writeup of the criminal activities and investigation of Alberto Gonzalez, a black-hat hacker who masterminded the TJX and Heartland Payment Systems credit card data breaches and who was sentenced to 20 years’ imprisonment earlier this year. The story has a cinematic, but slightly tragic quality:

At the same time that Gonzalez was stealing all this bank-card data, he was assembling an international syndicate. His favored fence was a Ukrainian, Maksym Yastremskiy, who would sell sets of card numbers to buyers across the Americas, Europe and Asia and split the proceeds with him. Gonzalez hired another EFnet friend, Jonathan Williams, to cash out at A.T.M.’s across the country, and a friend of Watt’s in New York would pick up the shipments of cash in bulk sent by Williams and Yastremskiy. Watt’s friend would then wire the money to Miami or send it to a post-office box there set up by James through a proxy. Gonzalez established dummy companies in Europe, and to collect payment and launder money he opened e-gold and WebMoney accounts, which were not strictly regulated (e-gold has since gone out of business). He also rented servers in Latvia, Ukraine, the Netherlands and elsewhere to store the card data and the software he was using for the breaches. Finally, he joined up with two Eastern European hackers who were onto something visionary. Known to him only by their screen names, Annex and Grig, they were colluding to break into American card-payment processors — the very cash arteries of the retail economy.