In what was called the largest and most complex identity theft case ever charged, Gonzalez and his co-conspirators stole more than 40 million credit and debit card numbers from U.S. retailers including TJX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority and Dave & Busters and sold them for fraudulent use. In addition, they engaged in ATM fraud by encoding the data on the magnetic stripes of blank cards and withdrawing tens of thousands of dollars at a time from ATMs.
"Technology has forever changed the way we do business, virtually erasing geographic boundaries," said Director Mark Sullivan of the U.S. Secret Service. "However, this case demonstrates that even in the cyber world, there is no such thing as anonymity."
According to the indictments to which Gonzalez pleaded guilty, he and his co-conspirators broke into the retail credit card payment systems using sniffer programs as well a technique known as "wardriving." Wardriving involves driving around in a car with a laptop computer looking for the accessible wireless networks of retailers.
Gonzalez faces charges in both Massachusetts and New York with a minimum sentence of 15 years in prison and a maximum of 25 years. He also faces heavy fines and forfeiture of personal property. Sentencing is scheduled for December 8, 2009.
