Identity theft suspect faces decades in jail

The only man named by authorities in what they are calling the largest identity theft in history has agreed to plead guilty to charges in an earlier case, suggesting that the bigger probe is fizzling out.

Albert Gonzalez promised not to contest a prison sentence of between 15 and 25 years, according to a filing on Friday by federal prosecutors in a Boston case over hacks into OfficeMax and other chains and the theft of data from tens of millions of credit and debit cards.

While the filing says those years will be served concurrently with any sentence from the more recent case, a 15-year term would still rank among the longest for any identity-theft suspect. Mr Gonzalez also pledged to forfeit $1.6m, a Miami property and a Glock handgun.

Because the formal plea to 19 criminal counts is due to be entered by September 11, federal authorities apparently believe they have reached the end of significant co-operation from Mr Gonzalez.

His attorney did not return phone calls.

That leaves the US government with little prospect of arresting the two Russian co-conspirators in-dicted with Mr Gonzalez two weeks ago and identified simply as “Hacker 1” and “Hacker 2”.

All three were accused of penetrating computer networks at four retailers and the Heartland Payment Systems, which alone gave them access to 130m card numbers. A breach at 7-Eleven, one of the retailers, consisted of penetrating the network of Citibank-branded ATMs inside the chain’s stores.

The two Russians are prominent hackers, according to people close to the case, and have been involved in compromising thousands of home computers as well as breaching financial systems.

According to a person close to the recent prosecution, the Russians used the online nicknames Grig and Anex.

Grig used that name in posting to what was once the best-known US site for criminal hackers, Shadowcrew, he said.

Don Jackson, a cyber-crime expert at SecureWorks in Atlanta, said there was only one Shadowcrew poster of significance named Grig. He said that Grig went on to help lead two infamous hacking groups – HangUp team and 76Service.

The 76Service group controlled a system dubbed Gozi that in 2007 rented time on thousands of PCs that it had broken into, offering access to other criminals seeking personal financial data.

The Federal Bureau of Investigation sought Russian help, as the agency is in the new case.

Mr Jackson said he doubted Grig would ever face arrest by the Russian authorities because he is probably known to them already.

Charlie Miller, principal analyst at Independent Security Evaluators, a consulting firm, said: “Hopefully, this punishment will serve as a deterrent.”