The man convicted of being the ringleader of a gang that carried out a string of huge data hacks has been jailed for 20 years by a US court, the longest sentence ever imposed for such a crime.
The convicted man, 28-year old Alberto Gonzalez, was given two concurrent 20-year sentences by US District Court Judge Patti B. Saris for a series of hacking crimes that will set cybercrime benchmarks for years to come.
Between July 2005 and his arrest in May 2008, these include hacking tens of millions of credit card records from US retailer TJ Maxx, convenience chain 7-Eleven, retailers Office Max and DSW, and restaurant chain Dave and Buster's. He was also the founder of card trafficking network, Shadowcrew, which sold stolen data on to contacts in Eastern Europe.
Every time the authorities blinked, the one-time police informant seemed to be connected to another high-profile hack, and he has yet to be sentenced for his involvement in a separate high-profile attack, that of Heartland Payment Systems.
A claim that Gonzalez that he suffered from Asperger's syndrome, left the judge unimpressed, though he did manage a public statement of remorse for his actions.
"I'm guilty not only of exploiting complicated networks, but also of exploiting personal relationships," he is reported to have said as his sister and parents looked on in court. "I've impacted the lives of millions of individuals and I violated the sanctity of my parents' home."
The Department of Justice (DOJ) saw things rather differently.
"Albert Gonzalez was motivated by ego, challenge and greed and was proud of the national attention his computer intrusions and data thefts drew," the DOJ remarked in its sentencing filing.
"They drew that attention because they victimised more people than anyone had ever done before in this country, caused hundreds of millions of dollars in losses, and shook the public's trust in the security of credit and debit card transactions at some of the country's largest institutions."
Several individuals connected to Gonzalez have also been imprisoned in the US and elsewhere under counts relating to the same crimes.
"What's fascinating about this story is that Gonzalez was actually working for the US Secret Service when they became aware of his involvement in the 2007 hack. Clearly security measures need to be strengthened to avoid this ‘double agent' effect happening again," said Graham Cluley of security firm, Sophos.
Taking into account time already served but with parole unlikely, Gonzalez should be released in 2028.
Additional reporting by Nancy Weil of the IDG News Service