Albert Gonzalez, a former government informant charged last year with hacking into credit card systems of nearly a dozen major retailers, along with the U.S.’s largest credit/debit card processing firm, is set to be sentenced for pleading guilty to the hack. His lawyers say he should get no more than 15 years, the government wants 25.
I want to see more than just a prison sentence, personally, because my credit/debit information was among the 200 million that were stolen by Gonzalez as he hacked. Proceeds from his hacking include cars, jewelry, houses, in addition to a luxury lifestyle that included trips, designer clothing, and stays at fancy hotels. All on my dime (and the dimes of others that were ripped off). While that money didn’t come directly from my bank account, I (and everyone else who shops) is paying for this as prices increase to cover the losses these companies suffered in the hack. And not only did he make money, he was also a repeat offender. He had been caught hacking in 2003 and turned government informer in order to avoid prosecution and jail time, then continued his hacking activities while providing information to the government about other hackers’ activities!
No, a term in jail is not enough. Gonzalez should be banned from computers for life. Even after he’s served his time, he will re-offend, I’m sure of that. There aren’t enough firewalls and security in place to keep this guy out of servers if he can get access to a computer. This was more than him just trying out a “proof of concept” about hacking. He stole all of that information and used it for personal gain, and even tried to sell portions of his accumulated information overseas as well. There is not enough in a jail sentence, in my mind. What this guy did, and what he taught others, makes all of us more vulnerable to theft in the future. And there’s not a lot we can do about it; this is not a cash-based society any more. I use my debit card hundreds of times a month. I rarely write checks, and rarely use cash for anything other than small purchases (like my morning Diet Coke from the gas station on the way to work). If people like Mr. Gonzalez can continue to gain footholds in gaining our plastic information, and not face any long-term consequences, then we all continue to be at risk.
And while we should expect that retailers and credit/debit card processors will continue to exercise due-diligence in keeping our information safe, we cannot call that any kind of guarantee. We just have to continue to be diligent. And make punishment for hacking a harsh and irrevocable measure that will make hacking a lot less enticing to criminals in the first place.
What punishment do you think Mr. Gonzalez should get?