Feds indict infamous SQL hacker on conspiracy charges

San Francisco (CA) – The US Department of Justice (DoJ) has indicted an infamous hacker for allegedly executing SQL injection attacks against a number of computer networks. According to the DoJ, Albert Gonzales stands accused of conspiring to steal data relating to more than 130 million credit and debit cards.

“In a two-count indictment alleging conspiracy and conspiracy to engage in wire fraud, Gonzales, AKA ‘segvec,’ ‘soupnazi’ and ‘j4guar17,’ is charged, along with two unnamed co-conspirators, with using a sophisticated hacking technique called an ‘SQL injection attack,’ which seeks to exploit computer networks by finding a way around the network’s firewall to steal credit and debit card information,” the DoJ explained in an official statement. “Among the corporate victims named in the indictment are Heartland Payment Systems, a New Jersey-based card payment processor; 7-Eleven Inc., a Texas-based nationwide convenience store chain; and Hannaford Brothers Co. Inc., a Maine-based supermarket chain.”

The indictment – which details the largest alleged credit and debit card data breach in the United States – claims that Gonzales and his co-conspirators began researching various credit and debit card systems in October 2006. The trio then devised a “sophisticated attack” to breach the networks and steal credit/debit card data which was transfered to servers based in California, Illinois, Latvia, the Netherlands and Ukraine. In addition, the indictment alleges that Gonzales and his co-conspirators utilized “sophisticated” hacker techniques to cover their tracks and to avoid detection.

If convicted, Gonzales faces up to 20 years in prison on the wire fraud conspiracy charge and an additional five years in prison on the conspiracy charge, as well as a fine of $250,000 for each charge.

It should be noted that Gonzales was previously indicted by the DoJ for participating in retail hacks involving the theft of data related to 40 million credit cards.

However, the charges announced on August 17 reportedly relate to a “different pattern” of corporate hacking and involve other co-conspirators.