Gonzalez Agrees To Plead Guilty On All Counts, Surrender Almost $2.8 Million
Written by Evan SchumanAlbert Gonzalez, who the federal government has accused of breaking into the payment card databases of TJX, Hannaford, 7-Eleven, Target, J.C. Penney and a laundry list of other major retailers, has agreed to plead guilty to all of the charges against him from Boston and a single count from New York, as StorefrontBacktalk reported on Thursday (Aug. 27). The plea agreement was filed on Friday (Aug. 28). His plea deal does not–at this time–include the New Jersey charges.
In exchange for an agreement to plead guilty to all counts of the Boston indictment and one count of the New York indictment, the government has agreed to drop all of the remaining New York counts.
In the Gonzalez plea bargain, the agreed-to sentencing recommendation—which calls for at least 15 years in prison and “no more than 25 years” in prison—does not seem much more lenient than he would have faced at trial. Even with as extensive a cyber attack as these, most U.S. courts wouldn’t go anywhere near “more than 25 years” in cases where no one was physically hurt and the defendant wasn’t accused of real violence or threatening violence.
But a jury is a tricky animal and, technically, the counts he is pleading guilty to have a cumulative maximum sentence of 193 years in prison. That said, most judges and juries have–thus far–regarded these assaults as white collar crimes where no consumers were individually hurt, neither physically nor financially. It’s not clear what he would truly have risked at trial.
In the first celebrated case of cyber crime–the case of Robbert Tappen Morris launching the first major Internet worm in 1988–the defendant received no jail time, although the law permitted a much more strict sentence. But one critical difference here is that Morris was trying to profit–or, dare I say, steal–with his worm. It was literally an experiment that went haywire. Judges tend to be less sympathetic to a self-admitted thief.
The fines are a different matter. In a financial case like this one, jurors generally have no hesitation to order that all monies be given back and that the defendant may be ordered to pay even more. But the $2.78 million he’s being asked to surrender—all but $1.65 million had already been seized and the government wants the defendant to agree to let them keep it—is likely as much as the court would have gotten at trial, given that it’s unlikely the plea deal would let him keep any more than was absolutely necessary.
Beyond the money, the government got Gonzalez to agree to let them keep his Miami condominium, a blue 2006 BMW 330I, three laptops, a Glock 27 firearm, a Nokia cell phone, a currency counter, a Sharp PDA, a 300-GByte Maxtor external hard drive and gifts to his colleagues: a Tiffany diamond ring and three Rolex watches.
The plea agreement came out of the U.S. Attorney’s Office in Boston, but another document says that it will also cover New York.
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
