The New York Times Magazine devotes its cover and many, many column inches to a profile of the man Times’ writer James Verini describes as “America’s most notorious computer hacker”:
One night in July 2003, a little before midnight, a plainclothes N.Y.P.D. detective, investigating a series of car thefts in upper Manhattan, followed a suspicious-looking young man with long, stringy hair and a nose ring into the A.T.M. lobby of a bank. Pretending to use one of the machines, the detective watched as the man pulled a debit card from his pocket and withdrew hundreds of dollars in cash. Then he pulled out another card and did the same thing. Then another, and another. The guy wasn’t stealing cars, but the detective figured he was stealing something.
Indeed, the young man was in the act of “cashing out,” as he would later admit. He had programmed a stack of blank debit cards with stolen card numbers and was withdrawing as much cash as he could from each account. He was doing this just before 12 a.m., because that’s when daily withdrawal limits end, and a “casher” can double his take with another withdrawal a few minutes later. To throw off anyone who might later look at surveillance footage, the young man was wearing a woman’s wig and a costume-jewelry nose ring. The detective asked his name, and though the man went by many aliases on the Internet — sometimes he was cumbajohny, sometimes segvec, but his favorite was soupnazi — he politely told the truth. “Albert Gonzalez,” he said.
After Gonzalez was arrested, word quickly made its way to the New Jersey U.S. attorney’s office in Newark, which, along with agents from the Secret Service’s Electronic Crimes Task Force, had been investigating credit- and debit-card fraud involving cashers in the area, without much luck. Gonzalez was debriefed and soon found to be a rare catch. Not only did he have data on millions of card accounts stored on the computer back in his New Jersey apartment, but he also had a knack for patiently explaining his expertise in online card fraud. As one former Secret Service agent told me, Gonzalez was extremely intelligent. “He knew computers. He knew fraud. He was good.”
Gonzalez, law-enforcement officials would discover, was more than just a casher. He was a moderator and rising star on Shadowcrew.com, an archetypal criminal cyberbazaar that sprang up during the Internet-commerce boom in the early 2000s. Its users trafficked in databases of stolen card accounts and devices like magnetic strip-encoders and card-embossers; they posted tips on vulnerable banks and stores and effective e-mail scams. Created by a part-time student in Arizona and a former mortgage broker in New Jersey, Shadowcrew had hundreds of members across the United States, Europe and Asia. It was, as one federal prosecutor put it to me, “an eBay, Monster.com and MySpace for cybercrime.”
After a couple of interviews, Gonzalez agreed to help the government so he could avoid prosecution. “I was 22 years old and scared,” he’d tell me later. “When you have a Secret Service agent in your apartment telling you you’ll go away for 20 years, you’ll do anything.”
He was also good-natured and helpful. “He was very respectable, very nice, very calm, very well spoken,” says the Secret Service agent who would come to know Gonzalez best, Agent Michael (a nickname derived from his real name). “In the beginning, he was quiet and reserved, but then he started opening up. He started to trust us.”…
[continues at the New York Times Magazine]