Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:04,910 --> 00:00:10,810 In this episode of American Greed, it's called Operation Get Rich or Die Trying. 2 00:00:11,130 --> 00:00:13,570 The biggest ID theft in U .S. history. 3 00:00:13,930 --> 00:00:19,250 A mysterious ring of social outcasts with an insatiable appetite for sex, 4 00:00:19,550 --> 00:00:21,750 and your encrypted information. 5 00:00:22,510 --> 00:00:27,730 There's a very fine line between exploiting a system to check it out or 6 00:00:27,730 --> 00:00:29,730 exploiting a system for gain. 7 00:00:29,950 --> 00:00:32,170 They were looking for data any way they could get it. 8 00:00:32,750 --> 00:00:36,870 They steal credit card numbers and make a fortune by selling them on the black 9 00:00:36,870 --> 00:00:39,910 market. It just kept building upon itself. 10 00:00:40,250 --> 00:00:45,630 500 ,000 numbers, then a million numbers, up to 130 million numbers. 11 00:00:45,890 --> 00:00:49,030 You or I might be a victim of this crime, and we would never know. 12 00:00:49,750 --> 00:00:55,710 Victims lose millions, but no one pays a greater price than one of the gang's 13 00:00:55,710 --> 00:00:57,970 own. It just cracked under the pressure. 14 00:01:12,490 --> 00:01:18,050 In May 2008, federal agents in full SWAT gear fan out across South Florida. 15 00:01:18,270 --> 00:01:24,230 They raid private homes, condos, even a suite at Miami's posh National Hotel. 16 00:01:24,790 --> 00:01:30,490 We received multiple search warrants for numerous houses, cars, for safety 17 00:01:30,490 --> 00:01:34,870 deposit boxes, for servers, even individuals in case they had possessed 18 00:01:34,870 --> 00:01:37,710 drives or media in their pockets or in their backpacks. 19 00:01:38,190 --> 00:01:42,930 Agents seize more than a dozen computers and obtain search warrants for servers 20 00:01:42,930 --> 00:01:47,970 overseas. On those servers, they find millions of credit card numbers. 21 00:01:48,390 --> 00:01:54,730 Their victims were a whole range from small banks and credit unions to some of 22 00:01:54,730 --> 00:01:58,970 the largest retailers, well -known restaurant chains, and some of the 23 00:01:58,970 --> 00:02:01,150 credit card processors in the United States. 24 00:02:01,790 --> 00:02:06,230 The scheme's mastermind is 26 -year -old Albert Gonzalez. 25 00:02:07,040 --> 00:02:11,500 The problem with hackers is that those who might be inclined to try to make 26 00:02:11,500 --> 00:02:14,080 money off of their skills is that they don't know anything about the criminal 27 00:02:14,080 --> 00:02:17,480 underworld. And the criminal underworld might not know that much about hacking, 28 00:02:17,600 --> 00:02:19,240 but he could bridge both worlds. 29 00:02:20,040 --> 00:02:25,300 I've always thought of him as a forerunner, sort of criminal industry 30 00:02:25,300 --> 00:02:26,300 this whole area. 31 00:02:26,400 --> 00:02:33,280 For Gonzalez, who also goes by the handles Soup Nazi, Kumbhajani, and 32 00:02:33,320 --> 00:02:35,140 anonymity is key. 33 00:02:35,980 --> 00:02:39,720 Most individuals will have more than one handle. So on one particular forum, 34 00:02:39,760 --> 00:02:42,780 you'll be known as a certain individual. On another forum, you'll be known as 35 00:02:42,780 --> 00:02:46,000 something else. In some places, you'll have a number. It'll be a sequence 36 00:02:46,000 --> 00:02:49,180 number, a non -sequence number, depending upon what you're doing. 37 00:02:49,840 --> 00:02:53,480 These criminals can communicate to one another anonymously, so a lot of times 38 00:02:53,480 --> 00:02:57,100 the co -conspirators may not know each other in real life, but they communicate 39 00:02:57,100 --> 00:03:00,900 via instant messaging, and they can assist each other in their crimes. 40 00:03:01,880 --> 00:03:04,640 But Gonzalez is no ordinary criminal. 41 00:03:05,320 --> 00:03:09,780 He'll soon be known as the most cunning cyber crook in American history. 42 00:03:12,800 --> 00:03:16,420 Albert Gonzales spends his childhood in South Florida. 43 00:03:16,780 --> 00:03:23,440 His father came to America from Cuba on a homemade raft in the 1970s. And they 44 00:03:23,440 --> 00:03:26,400 raised him in a working class neighborhood in Miami. 45 00:03:27,700 --> 00:03:32,240 Gonzales earns allowance working for his father's landscaping business. 46 00:03:32,760 --> 00:03:34,500 Albert grew up in a very... 47 00:03:34,800 --> 00:03:39,500 politically conservative home, church -going Catholics, in a working -class 48 00:03:39,500 --> 00:03:45,240 environment. And he was a very sweet, good -natured boy, outgoing. 49 00:03:45,600 --> 00:03:51,940 But all that changed when Albert was about 12 years old, and he bought his 50 00:03:51,940 --> 00:03:56,160 computer. At first, his hobby seems innocent enough. 51 00:03:56,360 --> 00:03:59,620 He just absolutely loved it, and he wanted to spend all his time with it. 52 00:03:59,980 --> 00:04:05,040 But before long, Gonzalez's fascination with computers becomes an obsession. 53 00:04:05,800 --> 00:04:10,400 His grades started dropping. His mom begged him to see a psychologist, and he 54 00:04:10,400 --> 00:04:11,660 absolutely refused. 55 00:04:12,260 --> 00:04:17,240 He falls in with a group of hackers called the Keebler Elves Gang, and they 56 00:04:17,240 --> 00:04:19,860 into NASA and the Indian government's website. 57 00:04:20,360 --> 00:04:21,519 It was about... 58 00:04:21,870 --> 00:04:26,510 Being able to pick those locks and get those bragging rights to be able to say, 59 00:04:26,630 --> 00:04:31,530 see, I did this. I might just be a teenager, and I might be powerless in 60 00:04:31,530 --> 00:04:33,810 real world, but online, I'm like a god. 61 00:04:34,570 --> 00:04:39,910 After graduating in 1999, Gonzalez enrolls in community college. 62 00:04:40,430 --> 00:04:44,130 Albert dropped out of Miami Dade Community College after less than a 63 00:04:44,130 --> 00:04:50,010 and moved to New York to take a job with a dot -com company, which very quickly 64 00:04:50,010 --> 00:04:51,010 went under. 65 00:04:51,260 --> 00:04:56,400 Then he took a job with Siemens in their IT department, but they very quickly 66 00:04:56,400 --> 00:04:59,420 relocated to Pennsylvania, and he opted not to move with them. 67 00:05:00,600 --> 00:05:05,200 Jobless, he begins dabbling in drugs and illegal online activity. 68 00:05:06,060 --> 00:05:10,080 He was in New York sort of feeling like he had hit rock bottom and not really 69 00:05:10,080 --> 00:05:13,900 knowing what his options were. What he did know was that he was really good at 70 00:05:13,900 --> 00:05:17,260 hacking, and he had access to... 71 00:05:17,870 --> 00:05:22,150 this internet carding forum that he was well aware of called Shadow Crew, and 72 00:05:22,150 --> 00:05:25,210 that seemed like as good a career option as any. 73 00:05:25,530 --> 00:05:31,530 In 2002, black market carding websites like Shadow Crew are beginning to crop 74 00:05:31,530 --> 00:05:36,620 up. You go to these forums. You can buy or sell credit and debit card 75 00:05:36,620 --> 00:05:38,820 information. You can buy access to retailers. 76 00:05:39,180 --> 00:05:43,060 You can even hire people to launder your money off of these web pages. 77 00:05:43,500 --> 00:05:50,160 These carding forums have no boundaries, and criminals from every continent join 78 00:05:50,160 --> 00:05:51,700 them and participate in them. 79 00:05:52,500 --> 00:05:54,740 Using the alias Kumbhajani... 80 00:05:55,100 --> 00:05:58,360 Gonzalez quickly becomes a shadow crew site administrator. 81 00:05:58,720 --> 00:06:04,740 He helps crooks sell more than a million stolen cards for between $10 and $15 a 82 00:06:04,740 --> 00:06:06,500 piece. It's millions. 83 00:06:06,880 --> 00:06:10,480 I mean, we're not talking about somebody making a couple of thousand or five, 84 00:06:10,560 --> 00:06:13,580 ten, fifteen thousand. We're talking about millions and millions of dollars. 85 00:06:13,580 --> 00:06:18,560 they steal a debit card number and a PIN, and they can re -encode that on 86 00:06:18,560 --> 00:06:22,740 plastic, walk up to an ATM, put the PIN in, and clean out the account. 87 00:06:24,540 --> 00:06:27,960 Shadow crew members call these cash -out trips. 88 00:06:28,760 --> 00:06:33,020 Once that ATM is out, you go to the next one, and you continue to do that until 89 00:06:33,020 --> 00:06:35,680 you're either out of cards or the ATMs are out of money. 90 00:06:36,120 --> 00:06:40,940 It's a cash -out trip that would be Gonzalez's unlikely downfall. 91 00:06:41,300 --> 00:06:47,800 In 2003, New York police officers see a young man loading card after card into a 92 00:06:47,800 --> 00:06:49,560 nearby ATM machine. 93 00:06:52,750 --> 00:06:58,210 During the arrest, officers discover he's cyber criminal Albert Gonzalez, and 94 00:06:58,210 --> 00:06:59,870 they turn him over to the Secret Service. 95 00:07:00,310 --> 00:07:06,410 The Secret Service is responsible for investigating cyber crime, and they very 96 00:07:06,410 --> 00:07:10,810 quickly recognized Albert's potential in helping them to bust other cyber 97 00:07:10,810 --> 00:07:15,970 criminals. There are places that a cooperating defendant in the cyber world 98 00:07:15,970 --> 00:07:20,510 bring you that you can't go on your own, and that is the value of working with 99 00:07:20,510 --> 00:07:25,780 them. The Secret Service flips Gonzalez and pays him $75 ,000 a year to help 100 00:07:25,780 --> 00:07:27,740 with Operation Firewall. 101 00:07:28,160 --> 00:07:32,360 It wasn't as if we were all sitting around a table together and he was 102 00:07:32,520 --> 00:07:37,740 hearing, understanding our strategies, our techniques. His role was to continue 103 00:07:37,740 --> 00:07:42,580 as administrator of the site, typing on a computer, communicating with his 104 00:07:42,580 --> 00:07:48,060 individuals. The successful undercover sting nets 28 Shadow Crew members. 105 00:07:48,910 --> 00:07:53,550 It was a benchmark investigation, benchmark prosecution, and everything 106 00:07:53,550 --> 00:07:54,770 every step of the way. 107 00:07:55,390 --> 00:07:59,410 Authorities say the thieves they arrested had cost more than $4 million 108 00:07:59,410 --> 00:08:00,410 losses. 109 00:08:00,830 --> 00:08:05,670 After Operation Firewall, the Secret Service cuts Gonzalez loose and he 110 00:08:05,670 --> 00:08:06,670 to Miami. 111 00:08:07,270 --> 00:08:09,690 Once a hacker, always a hacker. 112 00:08:10,530 --> 00:08:15,010 Legitimacy for him was not really an option at that point because... 113 00:08:15,760 --> 00:08:20,860 Albert had gained so much insight while working for the feds, and he was not a 114 00:08:20,860 --> 00:08:23,260 person to pass on an opportunity. 115 00:08:24,120 --> 00:08:29,660 Next on American Greed, Gonzalez forms his own gang with a plan to make 116 00:08:29,660 --> 00:08:33,299 millions. He called it Operation Get Rich or Die Trying. 117 00:08:33,539 --> 00:08:38,179 It certainly was a very ominous title, and it certainly foreshadowed what was 118 00:08:38,179 --> 00:08:39,179 come. 119 00:08:53,800 --> 00:08:54,920 Miami, Florida. 120 00:08:55,320 --> 00:09:01,200 It's a playground for the world's wealthiest and for those aspiring to 121 00:09:01,200 --> 00:09:04,660 all, like 23 -year -old hacker Albert Gonzalez. 122 00:09:05,320 --> 00:09:11,240 In October 2004, Gonzalez turns rat and helps the Secret Service bring down 123 00:09:11,240 --> 00:09:14,640 Shadow Crew, the biggest cybercrime bust to date. 124 00:09:15,060 --> 00:09:20,220 But all the while, he's plotting Operation Get Rich or Die Trying. 125 00:09:20,830 --> 00:09:25,290 I think it's safe to say the Secret Service had no idea that Albert was 126 00:09:25,290 --> 00:09:30,430 both sides, that he was becoming a master criminal while at the same time 127 00:09:30,430 --> 00:09:32,150 working as a snitch for them. 128 00:09:32,790 --> 00:09:39,270 His overall business plan was to break into a series of major 129 00:09:39,270 --> 00:09:45,070 retailers, obtain their credit and debit card information, and then either to 130 00:09:45,070 --> 00:09:49,530 sell them or in fact use other members of his gang to... 131 00:09:49,840 --> 00:09:54,980 cash them out to go to ATMs and use them as essentially cows and milk them until 132 00:09:54,980 --> 00:09:55,980 they were dry. 133 00:09:56,820 --> 00:10:01,760 Gonzalez enlists the help of several hackers he'd met online years before. 134 00:10:02,200 --> 00:10:06,300 They started off as teenage friends trying to get into government sites, 135 00:10:06,560 --> 00:10:13,500 military sites, and very quickly that changed from hacking for fun and 136 00:10:13,500 --> 00:10:15,440 to hacking for profit. 137 00:10:15,720 --> 00:10:22,700 A number of the collaborators of Albert Gonzalez had significant day 138 00:10:22,700 --> 00:10:28,900 jobs. They were doing security intrusion work, earning tens of thousands or, in 139 00:10:28,900 --> 00:10:32,680 at least one case, in excess of $100 ,000 a year in salary. 140 00:10:33,800 --> 00:10:40,620 Stephen Watt, Patrick Toohey, Chris Scott, and Jonathan James become 141 00:10:40,620 --> 00:10:41,740 hack pack. 142 00:10:42,020 --> 00:10:45,000 Stephen Watt was a coding genius. 143 00:10:45,260 --> 00:10:47,440 He graduated from high school at 16. 144 00:10:48,190 --> 00:10:53,590 He graduated from college at age 19 and went on to take a job in the IT 145 00:10:53,590 --> 00:10:58,130 department of Morgan Stanley, a Wall Street investment banking firm in 146 00:10:58,130 --> 00:10:59,130 Manhattan. 147 00:10:59,870 --> 00:11:04,350 Gonzalez meets Patrick Toohey on a shadow crew cash -out trip in 2003. 148 00:11:05,870 --> 00:11:10,290 He came from a household with a shifting cast of characters and had turned to 149 00:11:10,290 --> 00:11:16,030 hacking as a way to kind of funnel his alienation, his rage. 150 00:11:16,780 --> 00:11:20,940 Patrick would do anything that Albert asked, from the coding to the cash -out 151 00:11:20,940 --> 00:11:24,780 trips and anything in between. He probably would have picked up Albert's 152 00:11:24,780 --> 00:11:25,860 cleaning if he asked him to. 153 00:11:26,800 --> 00:11:30,060 Chris Scott and Jonathan James round out the gang. 154 00:11:30,700 --> 00:11:36,980 Chris Scott was a depressed, overweight geek from Miami 155 00:11:36,980 --> 00:11:42,880 who had been ejected from his high school for disabling all of the 156 00:11:42,880 --> 00:11:43,880 with the virus. 157 00:11:44,220 --> 00:11:49,060 Chris's greatest strength was probably that he was best friends with Jonathan 158 00:11:49,060 --> 00:11:55,100 James, who was probably the most famous hacker at the time. He was very well 159 00:11:55,100 --> 00:12:01,680 known. At 16, Jonathan James stakes his claim to fame by serving six months for 160 00:12:01,680 --> 00:12:06,900 hacking into NASA and Defense Department computers, becoming the youngest hacker 161 00:12:06,900 --> 00:12:07,900 ever sentenced. 162 00:12:08,200 --> 00:12:12,080 Together, Gonzalez and his crew become a tight -knit band of brothers. 163 00:12:12,810 --> 00:12:19,050 These guys are driven by a lot of the same things that we're driven by. They 164 00:12:19,050 --> 00:12:25,550 have an ego, they like challenge, and of course they like money and everything 165 00:12:25,550 --> 00:12:26,870 you can get from money. 166 00:12:27,430 --> 00:12:32,810 Operation Get Rich starts small, using a technique called war driving. 167 00:12:33,190 --> 00:12:38,230 So we've just gone by a really nice place that was not very well encrypted. 168 00:12:39,180 --> 00:12:44,340 Chris Roberts is a gray hat hacker, an Internet security expert specializing in 169 00:12:44,340 --> 00:12:45,340 fraud. 170 00:12:45,640 --> 00:12:49,200 As we're driving along here, we're still pulling in a lot of wireless access 171 00:12:49,200 --> 00:12:50,640 points, a lot of systems. 172 00:12:50,920 --> 00:12:53,640 Some are encrypted, some aren't very well encrypted. 173 00:12:53,940 --> 00:12:59,280 And we've pulled in 800 access points and almost 500 computers and systems 174 00:12:59,280 --> 00:13:00,119 are attached to them. 175 00:13:00,120 --> 00:13:06,540 Like Roberts, the hack pack uses a Wi -Fi antenna to find unencrypted or 176 00:13:06,540 --> 00:13:08,060 vulnerable networks. 177 00:13:08,910 --> 00:13:12,570 We're able to just listen in and see what kind of wireless systems are 178 00:13:12,570 --> 00:13:16,010 advertising, no different than a radio. As you drive along with a radio, you go 179 00:13:16,010 --> 00:13:17,330 in and out of signal strengths. 180 00:13:17,870 --> 00:13:19,610 This is basically the same thing. 181 00:13:20,390 --> 00:13:26,530 Chris Scott and Jonathan James tune in to one store at a time along US 1 in 182 00:13:26,530 --> 00:13:31,130 Miami. They'll have pulled into every single one of these retail areas, slowly 183 00:13:31,130 --> 00:13:35,290 driven through to see what wireless access points were advertising. 184 00:13:36,120 --> 00:13:39,040 and then to see which ones were encrypted or which ones were not 185 00:13:39,880 --> 00:13:46,760 The first one that they found was BJ's Wholesale Club, where they parked 186 00:13:46,760 --> 00:13:52,760 and downloaded all of the credit and debit card numbers as they were being 187 00:13:52,760 --> 00:13:54,980 swiped. by the customers. 188 00:13:55,640 --> 00:14:00,020 Gonzalez forwards thousands of card numbers to Patrick Toohey and other 189 00:14:00,020 --> 00:14:03,820 associates. So at that point in time, you need a little device which is a card 190 00:14:03,820 --> 00:14:06,760 reader and a writer, and you also need some blank credit cards. 191 00:14:07,420 --> 00:14:13,820 They then encode the information onto blanks, and runners cash them out at 192 00:14:14,880 --> 00:14:19,480 Gonzalez, who was raised a Catholic, feels a slight twinge of guilt. 193 00:14:20,200 --> 00:14:24,080 He told Patrick, we're going to hell for this. And he really meant it. 194 00:14:24,720 --> 00:14:28,800 But he made himself feel better by telling himself that once the fraud was 195 00:14:28,800 --> 00:14:32,720 detected, then the credit card companies would restore people's money and all 196 00:14:32,720 --> 00:14:33,720 would be fine. 197 00:14:34,160 --> 00:14:37,540 But war driving and cashing out is risky. 198 00:14:38,020 --> 00:14:42,640 I physically have to put myself in a position where I might be videotaped. I 199 00:14:42,640 --> 00:14:44,240 might be caught on a surveillance camera. 200 00:14:44,640 --> 00:14:48,080 Somebody might be clever enough to work out that these stores are getting hit. 201 00:14:48,560 --> 00:14:52,640 Albert Gonzalez himself had learned that cashing out was a dangerous mechanism 202 00:14:52,640 --> 00:14:56,080 because he himself had been arrested while cashing out. 203 00:14:56,320 --> 00:15:00,440 Gonzalez knows there's a better way to generate higher volume with less 204 00:15:00,440 --> 00:15:06,540 exposure. He's associating with elite carters and hackers in Eastern Europe 205 00:15:06,540 --> 00:15:10,760 other places, so he's trying to refine his techniques and make them even better 206 00:15:10,760 --> 00:15:11,760 and less risky. 207 00:15:12,270 --> 00:15:17,910 To do this, Gonzalez needs a program called a sniffer code, which he lacks 208 00:15:17,910 --> 00:15:19,270 technical skills to write. 209 00:15:19,630 --> 00:15:23,070 That program then, on its own, will look around your computer. 210 00:15:23,630 --> 00:15:26,890 It'll look around for your social, it'll look around for your credit cards, 211 00:15:27,030 --> 00:15:29,330 it'll look around for your banking information, basically whatever I've 212 00:15:29,330 --> 00:15:30,330 programmed it to do. 213 00:15:30,570 --> 00:15:34,370 And then it will call back to me and say, here's all the information, have a 214 00:15:34,370 --> 00:15:35,370 nice day. 215 00:15:35,850 --> 00:15:40,990 Gonzalez calls on Stephen Watt, who fires off the code in ten hours, free of 216 00:15:40,990 --> 00:15:46,500 charge. It was really the key to this being the cybercrime of the century. 217 00:15:47,160 --> 00:15:52,500 Once the sniffer code is installed, they can access, copy, and download data 218 00:15:52,500 --> 00:15:55,480 remotely. And it starts to pour in. 219 00:15:55,720 --> 00:15:58,780 Obviously, when you're attacking a system, when you're gathering data, you 220 00:15:58,780 --> 00:15:59,880 somewhere to put this information. 221 00:16:00,600 --> 00:16:03,700 You're not going to want to put it right on your computer, because if your 222 00:16:03,700 --> 00:16:07,880 computer gets lost, stolen, taken, or seized, you've just handed somebody a 223 00:16:07,880 --> 00:16:08,880 amount of evidence. 224 00:16:09,050 --> 00:16:12,330 Gonzalez needs a safe place to stash the data. 225 00:16:12,870 --> 00:16:18,930 Patrick Toohey had set up servers in Latvia, Singapore, China, and Ukraine to 226 00:16:18,930 --> 00:16:21,850 store all of these reams and reams, mountains of data. 227 00:16:22,410 --> 00:16:27,010 But in storage, the numbers near their expiration dates and they diminish in 228 00:16:27,010 --> 00:16:28,010 value. 229 00:16:28,330 --> 00:16:32,730 So he calls on an international crime lord to expedite distribution. 230 00:16:34,010 --> 00:16:36,230 Maxi Khrushchev is a Ukrainian national. 231 00:16:36,750 --> 00:16:40,490 who was the biggest wholesaler of credit and debit cards around the world. 232 00:16:41,830 --> 00:16:48,250 Yastrzemski sells the card numbers for between $150 and $300 a pop, of which 233 00:16:48,250 --> 00:16:49,470 Gonzalez takes half. 234 00:16:50,050 --> 00:16:53,890 Yastrzemski would sell those cards via the Internet or in these carding forums 235 00:16:53,890 --> 00:16:59,010 or portals to other lower -level salespeople who would then turn around 236 00:16:59,010 --> 00:17:00,010 them again. 237 00:17:00,320 --> 00:17:04,460 Yastrzemski distributes the profits to Gonzalez through online currency 238 00:17:04,460 --> 00:17:11,440 exchanges. Soon, packages containing up to $370 ,000 are piling up 239 00:17:11,440 --> 00:17:12,819 at Gonzalez's Dropbox. 240 00:17:13,200 --> 00:17:17,859 He actually complained to Stephen Watt that once his money counter broke from 241 00:17:17,859 --> 00:17:22,500 overuse, and he complained that he had to count manually $340 ,000. 242 00:17:23,930 --> 00:17:29,850 By the summer of 2005, Gonzalez begins to indulge in his new lifestyle as a 243 00:17:29,850 --> 00:17:34,050 mogul. It was completely over the top. I would say much of the profits from 244 00:17:34,050 --> 00:17:36,730 Operation Get Rich or Guy Trying went right up their noses. 245 00:17:37,230 --> 00:17:43,150 Gonzalez and his crew book a $5 ,000 a night suite at the Lowe's Hotel in South 246 00:17:43,150 --> 00:17:48,830 Beach. When they were in Miami, they would make this insane concoction called 247 00:17:48,830 --> 00:17:49,950 magic milkshake. 248 00:17:50,280 --> 00:17:55,880 which was cookies and cream, Haagen -Dazs ice cream, skim milk, magic 249 00:17:56,320 --> 00:18:02,300 LSD, and ecstasy, all blended together to create just the most 250 00:18:02,300 --> 00:18:06,180 extreme, insane experience ever. 251 00:18:07,860 --> 00:18:13,420 Gonzalez also throws himself an extravagant party to celebrate his 252 00:18:13,420 --> 00:18:14,420 New York City. 253 00:18:16,480 --> 00:18:21,600 Lay out a drug buffet on the coffee table. So C for Coke, E for ecstasy. 254 00:18:22,220 --> 00:18:24,520 They had the best champagne. 255 00:18:24,720 --> 00:18:26,260 They had the best designer drugs. 256 00:18:26,560 --> 00:18:31,160 They had the most beautiful women there. It was like life as they would design 257 00:18:31,160 --> 00:18:37,160 it. Despite this drug -fueled lifestyle, Gonzalez never loses control of his 258 00:18:37,160 --> 00:18:39,520 business. He was always reachable. 259 00:18:40,060 --> 00:18:44,440 He slept with his laptop next to him. He brought his laptop with him on 260 00:18:44,440 --> 00:18:47,260 vacation, to the gym. He always had it with him. 261 00:18:48,360 --> 00:18:53,420 Next on American Greed, Operation Get Rich or Die Tryin' gets more 262 00:18:53,420 --> 00:18:56,660 sophisticated, and the hackers up the ante. 263 00:18:56,980 --> 00:19:01,940 The idea that these guys were able to slip past all of these levels of 264 00:19:01,940 --> 00:19:03,620 security was just incredible. 265 00:19:04,060 --> 00:19:07,380 And the hackers take one company to the brink. 266 00:19:07,790 --> 00:19:12,030 What do you do when you're facing the worst possible thing that can happen to 267 00:19:12,030 --> 00:19:13,030 your company? 268 00:19:24,890 --> 00:19:30,870 By 2005, Albert Gonzalez and his crew have successfully hacked into several 269 00:19:30,870 --> 00:19:33,750 retailers along US -1 in South Florida. 270 00:19:35,060 --> 00:19:40,700 These big box stores send data to corporate servers, which Gonzalez knows 271 00:19:40,700 --> 00:19:41,860 real goldmine. 272 00:19:42,620 --> 00:19:45,920 It's very much a case of like, well, hang on, if I can do it to these couple 273 00:19:45,920 --> 00:19:51,980 individuals in a store, or if I can do it to these couple of stores, can I do 274 00:19:51,980 --> 00:19:55,600 to more stores? Can I do it to a series of stores? Can I do it to a bigger 275 00:19:55,600 --> 00:20:00,040 store? And then you go to, can I actually get the core centralized 276 00:20:00,040 --> 00:20:01,040 then it's like, wow, okay. 277 00:20:01,370 --> 00:20:04,710 If I can get the core system, who processes all the data? I can go for the 278 00:20:04,710 --> 00:20:09,010 mother load at that point. He orders his crew to perform reconnaissance on 279 00:20:09,010 --> 00:20:10,010 potential targets. 280 00:20:10,330 --> 00:20:14,850 They identified them in a variety of ways. Christopher Scott simply going up 281 00:20:14,850 --> 00:20:19,170 down Route 1 with his computer, seeing where there were vulnerable access 282 00:20:19,170 --> 00:20:24,690 points, going down the list of Fortune 500 companies, identifying companies 283 00:20:24,690 --> 00:20:27,790 shared a common credit card processing system. 284 00:20:28,360 --> 00:20:31,760 We're identifying ones that had vulnerable payment systems. 285 00:20:32,680 --> 00:20:36,580 So they'd walk in, maybe make a purchase, or just walk in and look to 286 00:20:36,580 --> 00:20:40,100 point -of -sales terminal the stores were using so they could reverse 287 00:20:40,100 --> 00:20:43,840 how to break into the corporate networks through these different point -of 288 00:20:43,840 --> 00:20:44,840 -sales terminals. 289 00:20:45,040 --> 00:20:51,260 That July, they hit TJX Companies, the publicly traded parent of Marshalls and 290 00:20:51,260 --> 00:20:52,400 TJ Maxx. 291 00:20:52,840 --> 00:20:57,800 Christopher Scott breaks into two vulnerable wireless access points at two 292 00:20:57,800 --> 00:21:02,980 Marshall stores along Route 1 in Florida. Within a matter of weeks, he's 293 00:21:02,980 --> 00:21:09,380 move from there into one of the major payment card processing servers that TJX 294 00:21:09,380 --> 00:21:10,380 is using. 295 00:21:10,490 --> 00:21:13,530 You have access at that point in time to the corporate site because now you have 296 00:21:13,530 --> 00:21:18,050 all of these stores that are sending their daily, weekly, monthly batches all 297 00:21:18,050 --> 00:21:19,210 the way up to the corporate location. 298 00:21:19,850 --> 00:21:24,430 Chris Scott, Gonzales' foot soldier, explores the network. 299 00:21:24,910 --> 00:21:30,050 He gets increasing amounts of rights or privileges to move around the system and 300 00:21:30,050 --> 00:21:36,950 discovers a storage location that has 40 or 50 million payment card numbers. 301 00:21:37,090 --> 00:21:39,330 They download that batch of data. 302 00:21:40,000 --> 00:21:41,480 But Gonzalez isn't satisfied. 303 00:21:41,900 --> 00:21:47,380 He wants access to all the numbers coming into TJX, not just the numbers in 304 00:21:47,380 --> 00:21:54,020 storage. In May 2006, Chris Scott installs and configures a VPN, or 305 00:21:54,020 --> 00:21:55,500 Virtual Private Network. 306 00:21:56,270 --> 00:21:59,990 Albert's crew had set up a virtual private network, which is a secure 307 00:21:59,990 --> 00:22:03,590 between TJX's server and one of Albert's servers. 308 00:22:03,890 --> 00:22:07,590 So whenever they wanted to, they could just tap that keg, open up the 309 00:22:07,590 --> 00:22:12,630 connection, and let the data stream from TJX's server right onto Albert's. 310 00:22:13,350 --> 00:22:18,710 Scott then installs a snipper code, the program that copies numbers while 311 00:22:18,710 --> 00:22:19,710 they're being processed. 312 00:22:19,910 --> 00:22:24,730 It turns out that there's a very tiny window of time when the... 313 00:22:25,160 --> 00:22:28,960 Credit and debit card numbers aren't being encrypted when it happens to be in 314 00:22:28,960 --> 00:22:30,580 the open as it's being processed. 315 00:22:30,800 --> 00:22:35,380 And it's during that period that they make a photocopy of it all for 316 00:22:36,280 --> 00:22:42,820 Using the handle 201679996, Gonzalez instant messages 317 00:22:42,820 --> 00:22:46,360 Maxim Yastrzemski, his Ukrainian partner in crime. 318 00:22:47,020 --> 00:22:49,620 In that chat, he mentioned the sniffer code. 319 00:22:49,940 --> 00:22:52,920 Soon, Yastrzemski could expect more data. 320 00:22:54,760 --> 00:23:00,020 Business is booming for Gonzalez, whose crew downloads more than 45 million card 321 00:23:00,020 --> 00:23:01,900 numbers through December 2006. 322 00:23:03,020 --> 00:23:06,860 If you shopped at any of these retail stores during that period of time, 323 00:23:06,860 --> 00:23:09,840 a very good chance that your credit card or debit card was compromised. 324 00:23:10,360 --> 00:23:16,540 That Christmas, more than 18 months after Gonzalez's crew first hit TJX, the 325 00:23:16,540 --> 00:23:20,040 retail giant detects suspicious software on its systems. 326 00:23:20,660 --> 00:23:23,960 Alarm bells sound, and the feds begin to investigate. 327 00:23:24,570 --> 00:23:28,870 We didn't know if it was one individual, if it was several different groups 328 00:23:28,870 --> 00:23:30,710 doing these compromises. 329 00:23:30,910 --> 00:23:34,710 What did we know from the forensics as to where it was going? Did it look like 330 00:23:34,710 --> 00:23:38,770 anybody else that we'd ever seen? All of these things were being carefully 331 00:23:38,770 --> 00:23:43,110 followed out, wholly, I'm embarrassed to say, unsuccessfully. 332 00:23:44,050 --> 00:23:46,130 By January 2007... 333 00:23:47,120 --> 00:23:51,520 Gonzalez has pulled in more than 45 million credit and debit card numbers 334 00:23:51,520 --> 00:23:55,300 TJX, and he decides to get out of the corporate system. 335 00:23:55,780 --> 00:23:58,820 The trouble is beginning to brew half a world away. 336 00:23:59,320 --> 00:24:03,540 The Secret Service had been conducting a totally separate and totally unrelated 337 00:24:03,540 --> 00:24:10,320 investigation into Maxim Yastrzemski for his international sale of credit and 338 00:24:10,320 --> 00:24:11,380 debit card numbers. 339 00:24:11,740 --> 00:24:15,460 Turkish authorities arrest Maxim Yastrzemski that July. 340 00:24:16,280 --> 00:24:23,120 That leads to the seizure of a laptop computer, which the Turks provide to the 341 00:24:23,120 --> 00:24:24,120 Secret Service. 342 00:24:24,180 --> 00:24:29,180 When they opened up his computer, they found all kinds of things, including 343 00:24:29,180 --> 00:24:34,580 of chat logs with an American who went by an obscure string of numbers. 344 00:24:35,600 --> 00:24:41,880 201 -67 -9996 is passing on a piece of software and 345 00:24:41,880 --> 00:24:46,790 says... It's one that I modified for use in TJX. 346 00:24:47,110 --> 00:24:53,310 And that starts the investigation of who 201 is and how Maxim Yastrzemski 347 00:24:53,310 --> 00:24:57,150 relates to TJX and to other investigations. 348 00:24:58,150 --> 00:25:03,330 They find further chats about a breach of Dave & Buster's, the entertainment 349 00:25:03,330 --> 00:25:09,130 chain. Maszak Yastrzemski said he had another hacker who was into a company 350 00:25:09,130 --> 00:25:10,970 named D &B in the United States. 351 00:25:11,610 --> 00:25:17,390 Yastrzemski had asked 201 to provide a sniffer code to capture Dave and 352 00:25:17,390 --> 00:25:18,390 credit card data. 353 00:25:18,750 --> 00:25:23,630 That sniffer program was the same sniffer that was utilized in the TJX 354 00:25:23,630 --> 00:25:30,030 that was our first clue that 201 -67996 may have been involved with TJX. The 355 00:25:30,030 --> 00:25:31,830 feds followed these leads for months. 356 00:25:32,570 --> 00:25:38,070 Just as Gonzales heads into the final phase of Operation Get Rich, with 357 00:25:38,070 --> 00:25:42,430 Yastrzemski behind bars, Gonzales decides to keep a closer eye on his 358 00:25:42,430 --> 00:25:45,950 associates, especially Patrick Toohey, his right -hand man. 359 00:25:46,330 --> 00:25:51,090 It was more important than ever that he exert as much control as possible over 360 00:25:51,090 --> 00:25:52,090 all of the variables. 361 00:25:52,410 --> 00:25:56,210 In August, Gonzales moves Toohey into his Miami condo. 362 00:25:56,470 --> 00:26:00,050 It's a far cry from the hotel suites they've partied in before. 363 00:26:00,890 --> 00:26:04,230 It was a dump. In part, it was because he wanted to live under the radar, 364 00:26:04,270 --> 00:26:08,010 because he understood from his experience with law enforcement that 365 00:26:08,010 --> 00:26:10,030 money is one of those things that gives you away. 366 00:26:10,370 --> 00:26:13,490 It's different, though, from some of the hackers we've seen in Eastern Europe 367 00:26:13,490 --> 00:26:17,830 where they'll buy a restaurant, they'll buy a housing project or complex, 368 00:26:17,950 --> 00:26:20,010 they'll buy million -dollar apartments. 369 00:26:20,350 --> 00:26:21,810 That wasn't this crew here. 370 00:26:22,110 --> 00:26:27,790 They might buy a few nice computers or recreational items, but they're not 371 00:26:27,790 --> 00:26:29,630 living in the million -dollar apartments in Manhattan. 372 00:26:30,840 --> 00:26:35,800 By late fall, Operation Get Rich progresses from more driving to more 373 00:26:35,800 --> 00:26:37,640 complicated web -based hacks. 374 00:26:38,440 --> 00:26:43,140 Gonzalez conspires with TUI and two Russians to commit a series of other 375 00:26:43,140 --> 00:26:47,960 intrusions using a diabolical plan known as a SQL injection attack. 376 00:26:48,440 --> 00:26:54,440 SQL injection attack is an internet -based attack on a website that's 377 00:26:54,440 --> 00:26:58,940 -driven. So the most important difference is you don't need that 378 00:26:58,940 --> 00:27:00,080 proximity anymore. 379 00:27:00,670 --> 00:27:06,130 to conduct these types of remote hacks into systems. You can be sitting in 380 00:27:06,130 --> 00:27:11,570 and do a SQL injection, internet -based attack on a computer system in 381 00:27:11,570 --> 00:27:12,570 California. 382 00:27:13,090 --> 00:27:19,410 Coming up, Gonzalez and his co -conspirators go to the motherlode and 383 00:27:19,410 --> 00:27:23,330 credit card processing company, their biggest prize yet. 384 00:27:23,530 --> 00:27:25,290 They were in a position to... 385 00:27:26,179 --> 00:27:32,880 accessed tens of millions of payment card numbers quickly, and that was a 386 00:27:32,880 --> 00:27:36,460 goose. So the hack is the credit card processing company. It's like the Holy 387 00:27:36,460 --> 00:27:37,720 Grail at that point in time. 388 00:27:40,680 --> 00:27:47,660 By December 2007, 389 00:27:48,060 --> 00:27:52,680 Operation Get Rich or Die Tryin' has entered its most ambitious phase yet. 390 00:27:53,280 --> 00:27:57,860 Albert Gonzalez and his co -conspirators target several companies, including 391 00:27:57,860 --> 00:28:01,820 Heartland Payment Systems, one of the world's largest payment processors. 392 00:28:02,440 --> 00:28:08,140 We process for about 250 ,000 locations in America and a few in Canada, 393 00:28:08,320 --> 00:28:12,320 and we process about 4 billion transactions a year. 394 00:28:12,760 --> 00:28:17,660 Bob Carr is the founder, chairman, and chief executive officer of Heartland 395 00:28:17,660 --> 00:28:18,660 Payment Systems. 396 00:28:19,340 --> 00:28:25,300 There's no doubt that people who process billions of transactions are the mother 397 00:28:25,300 --> 00:28:27,200 load of data, that's for sure. 398 00:28:27,560 --> 00:28:32,640 When we were doing our initial public offering of stock on the roadshow, the 399 00:28:32,640 --> 00:28:36,380 question everyone asked is, what keeps you awake at night? And my answer was 400 00:28:36,380 --> 00:28:37,900 always getting breached. 401 00:28:38,360 --> 00:28:43,020 But Carr is totally unaware that his worst nightmare is coming true. 402 00:28:44,140 --> 00:28:47,620 Gonzalez and Patrick Toohey invisibly hack into Heartland. 403 00:28:48,060 --> 00:28:50,060 using a sequel injection attack. 404 00:28:50,600 --> 00:28:53,540 If I were to walk up to you on the street and say, can you tell me the 405 00:28:53,740 --> 00:28:54,760 you'd tell me the time. 406 00:28:55,060 --> 00:28:57,900 But if I were to walk up to you on the street and say, can you tell me your 407 00:28:57,900 --> 00:29:01,340 name, address, social security number and mother's maiden name, then you're 408 00:29:01,340 --> 00:29:02,099 going to do that. 409 00:29:02,100 --> 00:29:05,060 You're smart enough to know the difference between information you 410 00:29:05,060 --> 00:29:06,880 out and information you shouldn't give out. 411 00:29:07,400 --> 00:29:08,540 Whereas with... 412 00:29:08,830 --> 00:29:13,190 A website that's subjected to a SQL injection attack, it's not programmed to 413 00:29:13,190 --> 00:29:16,950 correctly recognize which commands it should obey and which commands it should 414 00:29:16,950 --> 00:29:23,150 ignore. They install a sniffer code to copy data in small, well -timed chunks. 415 00:29:23,690 --> 00:29:27,430 From there, it was a matter of having that sniffing software work and send the 416 00:29:27,430 --> 00:29:31,150 payment card information, the credit and debit card information out to... 417 00:29:31,600 --> 00:29:34,740 Hacking platforms in foreign countries and in the United States that could be 418 00:29:34,740 --> 00:29:39,280 used to receive and store the card data that was stolen, but also the malware, 419 00:29:39,500 --> 00:29:41,180 the software that was used to sell it. 420 00:29:42,120 --> 00:29:45,480 For months, the hackers tap into Heartland's network. 421 00:29:46,160 --> 00:29:49,280 You don't want to turn the spigot on the whole way and just drain the thing 422 00:29:49,280 --> 00:29:53,540 immediately. You want to take a little bit of time and keep on taking it. 423 00:29:53,800 --> 00:29:58,360 They access more than 130 million credit and debit card numbers. 424 00:29:58,700 --> 00:30:00,160 These bad guys spent. 425 00:30:00,620 --> 00:30:04,580 Hours and hours and hours for months and months and months trying to figure out 426 00:30:04,580 --> 00:30:09,040 and customize an attack that would get through and get into our payments 427 00:30:09,040 --> 00:30:10,620 network, and they were able to do that. 428 00:30:11,580 --> 00:30:16,240 Back at the Secret Service, agents have been combing through Maxim Yastrzemski's 429 00:30:16,240 --> 00:30:17,240 computer. 430 00:30:17,640 --> 00:30:21,740 They find chats referring to someone with the initials CJ. 431 00:30:22,600 --> 00:30:24,880 CJ is short for Kumbhajani. 432 00:30:25,420 --> 00:30:31,140 which is the name we had Gonzalez use when he was an informant in Operation 433 00:30:31,140 --> 00:30:37,260 Firewall. It's a very small connection, very much at the periphery, but we had 434 00:30:37,260 --> 00:30:41,100 one or two of those little indications start to unravel. 435 00:30:41,840 --> 00:30:45,960 They also learn the Ukrainian crime lord has been chatting with a mysterious 436 00:30:45,960 --> 00:30:52,700 American, 201 -67 -9996, who was somehow involved in the 437 00:30:52,700 --> 00:30:54,180 TJX hack. 438 00:30:55,150 --> 00:31:01,990 201 -679 -996 is connected to an email address, supnazi at 439 00:31:01,990 --> 00:31:03,330 efnet .ru. 440 00:31:03,630 --> 00:31:09,050 And the Secret Service recognizes that email address as one that has been used 441 00:31:09,050 --> 00:31:14,850 previously by Albert Gonzalez. For the first time, there was a major lead. 442 00:31:16,490 --> 00:31:18,730 Shockwaves ripple through the Secret Service. 443 00:31:18,990 --> 00:31:21,510 Is Gonzalez playing both sides? 444 00:31:22,540 --> 00:31:27,460 While Albert is masterminding this incredible cybercrime, he is still 445 00:31:27,460 --> 00:31:28,620 an informant for the Fed. 446 00:31:29,860 --> 00:31:34,420 Agents move quickly to secure warrants to arrest Gonzalez and his crew. 447 00:31:34,800 --> 00:31:36,020 And by now... 448 00:31:36,270 --> 00:31:39,010 Gonzalez knows the heat is coming down. 449 00:31:39,430 --> 00:31:43,010 When you were involved with someone that gets arrested, you're going to be more 450 00:31:43,010 --> 00:31:47,490 apprehensive. And we had seen in the chats that 201 person being apprehensive 451 00:31:47,490 --> 00:31:48,490 about that situation. 452 00:31:49,010 --> 00:31:55,970 So he most likely knew from reading public information about our cases, 453 00:31:55,970 --> 00:31:58,250 things that we were closing in. 454 00:31:58,750 --> 00:32:03,070 On May 7, 2008, after nearly a year -long investigation, 455 00:32:04,010 --> 00:32:06,150 The feds go after their informant. 456 00:32:06,370 --> 00:32:11,350 These young kids had access to documents that would allow them to immediately 457 00:32:11,350 --> 00:32:12,350 flee the country. 458 00:32:12,490 --> 00:32:17,450 And we were very, very concerned that Gonzalez was going to be one of those, 459 00:32:17,450 --> 00:32:20,090 once he was gone, we would never get him back. 460 00:32:22,610 --> 00:32:29,390 About 150 agents scour Gonzalez's condo, his parents' house, and several other 461 00:32:29,390 --> 00:32:30,390 residences. 462 00:32:30,910 --> 00:32:32,790 From Gonzalez's condominium. 463 00:32:33,160 --> 00:32:39,340 There was multiple computers and media that was seized, a large quantity of 464 00:32:39,340 --> 00:32:41,720 from Gonzalez's parents' residence. 465 00:32:41,940 --> 00:32:46,080 We seized a number of computers, documents, a money counter. 466 00:32:46,680 --> 00:32:49,240 But Gonzalez is nowhere to be found. 467 00:32:50,040 --> 00:32:53,960 When they arrived at the place where they thought Albert Gonzalez would be, 468 00:32:53,960 --> 00:32:56,080 his parents' house or his girlfriend's house, he was neither. 469 00:32:56,460 --> 00:32:58,480 And that's when the panic began. 470 00:32:59,420 --> 00:33:03,980 On a tip, they search a suite at the National Hotel in Miami's South Beach, 471 00:33:04,300 --> 00:33:10,900 where they find Gonzalez, along with two laptops, $22 ,000 in cash, and a Glock 472 00:33:10,900 --> 00:33:11,980 27 handgun. 473 00:33:12,960 --> 00:33:16,400 They arrest Gonzalez and Christopher Scott that same day. 474 00:33:16,980 --> 00:33:19,340 Patrick Toohey is arrested soon after. 475 00:33:19,620 --> 00:33:24,080 Patrick knew he was sunk. He knew that he and the entire operation, they were 476 00:33:24,080 --> 00:33:27,080 just dead meat. He started talking immediately. 477 00:33:27,900 --> 00:33:32,720 After Albert discovered that Patrick was cooperating, Albert himself became very 478 00:33:32,720 --> 00:33:37,320 cooperative, and he led them to a lot of information, including he told them 479 00:33:37,320 --> 00:33:39,700 where the money was buried in his parents' backyard. 480 00:33:40,900 --> 00:33:45,500 Investigators return to Albert's childhood home, where they search the 481 00:33:45,840 --> 00:33:48,880 They find a barrel buried beneath a palm tree. 482 00:33:49,160 --> 00:33:55,200 Once the earth was unsealed, inside was over $1 million of vacuum -packed cash. 483 00:33:55,820 --> 00:34:01,420 Gonzalez has stashed $1 .1 million in plastic bags for safekeeping. 484 00:34:02,000 --> 00:34:05,820 Soon, the feds unearth more secrets about the case. 485 00:34:06,220 --> 00:34:11,480 When we executed those search warrants, one of the individuals spoke and said 486 00:34:11,480 --> 00:34:14,719 that Albert Gonzalez used the nickname Segveg. 487 00:34:15,040 --> 00:34:21,020 And that was the evidence we were looking for to get us over the edge and 488 00:34:21,020 --> 00:34:22,080 able to indict him. 489 00:34:22,500 --> 00:34:27,260 Segveg. The handle Gonzalez used during chats with Yastrzemski about Dave and 490 00:34:27,260 --> 00:34:32,239 Busters clinches it for the feds. Finally, really, we're starting to 491 00:34:32,239 --> 00:34:36,000 understand all these data breaches we had seen happen over the years. It was 492 00:34:36,000 --> 00:34:37,000 really exciting. 493 00:34:37,020 --> 00:34:38,020 It was shocking. 494 00:34:38,560 --> 00:34:43,820 A few weeks later, the criminal complaint against Gonzalez is posted 495 00:34:43,820 --> 00:34:45,260 it rocks the hacking underworld. 496 00:34:46,250 --> 00:34:48,750 This is a very close community of hackers. 497 00:34:49,010 --> 00:34:52,330 These are people you have to remember who are very alienated from the rest of 498 00:34:52,330 --> 00:34:55,170 society. They feel that all they have is each other. 499 00:34:55,949 --> 00:35:01,470 24 -year -old Jonathan James, Gonzalez's former war driver, was shocked to learn 500 00:35:01,470 --> 00:35:04,950 that his boss has been working for the Secret Service since 2003. 501 00:35:05,690 --> 00:35:08,890 There's just been this nice set of clicky groups, and you can trust 502 00:35:08,970 --> 00:35:11,090 and now you're like, well, whose side are you on? 503 00:35:11,680 --> 00:35:16,780 James, who had become famous for hacking as a teen, believes his friends will 504 00:35:16,780 --> 00:35:17,780 rat him out. 505 00:35:18,440 --> 00:35:23,780 Coming up, James takes matters into his own hands, and Operation Get Rich or Die 506 00:35:23,780 --> 00:35:25,840 Tryin' takes a deadly turn. 507 00:35:26,420 --> 00:35:31,380 He did not want to have that kind of heat on him again, and the idea that 508 00:35:31,380 --> 00:35:34,320 were now turning on each other, it was intolerable to him. 509 00:35:44,840 --> 00:35:51,080 In May 2008, with Albert Gonzalez and his hack pack behind bars, the feds 510 00:35:51,080 --> 00:35:52,300 to shore up their case. 511 00:35:52,780 --> 00:35:56,800 But Jonathan James, one of Gonzalez's war drivers, is still free. 512 00:35:57,140 --> 00:36:02,320 And he jumps to the conclusion that Gonzalez is going to set him up. He said 513 00:36:02,320 --> 00:36:07,620 that he was sure that he was going to be the scapegoat for this crime, given his 514 00:36:07,620 --> 00:36:12,600 notoriety, and also given that he knew that Albert... 515 00:36:12,910 --> 00:36:16,550 was a government cooperator, and he was sure that Albert was going to pin the 516 00:36:16,550 --> 00:36:17,550 crime on him. 517 00:36:17,670 --> 00:36:19,970 James pens a letter titled Storytime. 518 00:36:20,230 --> 00:36:23,170 In it, he says he had nothing to do with the hats. 519 00:36:23,690 --> 00:36:27,650 He couldn't bear the idea that they were all betraying each other. Once these 520 00:36:27,650 --> 00:36:29,870 hackers turned on each other, they had nobody left. 521 00:36:30,550 --> 00:36:34,970 Remember, it's not whether you win or lose, it's whether I win or lose. And 522 00:36:34,970 --> 00:36:40,370 sitting in jail for 20, 10, or even 5 years for a crime I didn't commit is not 523 00:36:40,370 --> 00:36:41,430 me winning. 524 00:36:42,230 --> 00:36:43,230 I die free. 525 00:36:44,250 --> 00:36:50,470 Minutes later, he picks up a handgun, points it to his temple, and pulls the 526 00:36:50,470 --> 00:36:51,470 trigger. 527 00:36:51,830 --> 00:36:57,010 If he, in fact, played a part in this crime, he played a very small part, and 528 00:36:57,010 --> 00:37:00,850 it's not clear whether he would have been indicted had he not killed himself. 529 00:37:02,410 --> 00:37:07,330 The feds file more indictments against Gonzalez and his crew in August 2008. 530 00:37:08,300 --> 00:37:12,480 And for the first time, the scope of the crime becomes clear. 531 00:37:12,900 --> 00:37:16,980 We had to keep replacing our press releases. This is the most significant, 532 00:37:17,240 --> 00:37:21,100 largest data breach we've had. It just kept building upon itself. 533 00:37:21,600 --> 00:37:24,260 500 ,000 numbers, then a million numbers. 534 00:37:24,860 --> 00:37:29,140 The first indictment is filed in New York for the Dave and Buster's breach. 535 00:37:29,840 --> 00:37:31,420 The second in Massachusetts. 536 00:37:32,320 --> 00:37:38,120 for the hacks into TJX companies, BJ's Wholesale Club, OfficeMax, and several 537 00:37:38,120 --> 00:37:39,120 other businesses. 538 00:37:39,780 --> 00:37:44,900 But despite being in jail, Gonzalez is still wreaking havoc on the outside. 539 00:37:45,460 --> 00:37:50,760 In October 2008, credit card companies warned Heartland Payment Systems of 540 00:37:50,760 --> 00:37:52,100 suspicious activity. 541 00:37:52,660 --> 00:37:58,220 We hired forensics companies to help try to find it. We got a report that there 542 00:37:58,220 --> 00:38:00,940 were no problems found, so we thought we were in the clear. 543 00:38:01,370 --> 00:38:05,650 When forensics companies tell you that they can't find anything and they do 544 00:38:05,650 --> 00:38:09,710 for a living, you get some sense of comfort that there's not a problem. 545 00:38:10,370 --> 00:38:17,050 Three months go by, and in January 2009, Heartland chiefs get the call they've 546 00:38:17,050 --> 00:38:18,050 been dreading. 547 00:38:18,250 --> 00:38:23,750 Someone had found data in our system that could not be explained, data that 548 00:38:23,750 --> 00:38:24,750 did not create. 549 00:38:24,770 --> 00:38:29,210 In the next couple of days, we learned that there was malware that was creating 550 00:38:29,210 --> 00:38:30,210 this data. 551 00:38:30,270 --> 00:38:34,850 And that turned out to be the card numbers that were put into files that 552 00:38:34,850 --> 00:38:39,790 compressed. I knew it would be disastrous for a lot of the stockholders 553 00:38:39,790 --> 00:38:40,850 company, including me. 554 00:38:41,870 --> 00:38:45,210 Heartland goes public with news of the breach days later. 555 00:38:45,650 --> 00:38:50,250 Another big story at 6. A credit card processing company gets hacked into. 556 00:38:50,690 --> 00:38:55,990 The company's stock plummets from about $16 a share to less than $4. 557 00:38:56,530 --> 00:38:58,510 But the loss is really much greater. 558 00:38:59,120 --> 00:39:04,920 We've reported losses of $139 million that we've paid out or booked that we 559 00:39:04,920 --> 00:39:10,980 pay out. So we suffered a net $110 million loss, and we still don't know if 560 00:39:10,980 --> 00:39:15,540 we're finished. We probably are not, but we think the bulk of it is behind us. 561 00:39:15,740 --> 00:39:18,500 In focus this evening, security in cyberspace. 562 00:39:18,740 --> 00:39:23,300 A lot of people will look at Heartland, and they don't want to be the next 563 00:39:23,300 --> 00:39:24,300 headline on CNBC. 564 00:39:24,500 --> 00:39:27,120 So they're going to be quite careful, too. 565 00:39:27,830 --> 00:39:30,990 improve the standards and make sure that they're defending themselves. 566 00:39:31,410 --> 00:39:37,390 In August 2009, Gonzalez, Patrick Toohey, and two unnamed Russian hackers 567 00:39:37,390 --> 00:39:41,850 indicted in New Jersey for conspiring to break into Heartland and several other 568 00:39:41,850 --> 00:39:46,110 companies. Software has sort of a digital fingerprint, a kind of digital 569 00:39:46,350 --> 00:39:50,010 And in the process of investigating it, if it has that same DNA, there's a link 570 00:39:50,010 --> 00:39:51,570 between those two victim sites. 571 00:39:51,870 --> 00:39:53,970 And what we ended up with was... 572 00:39:54,480 --> 00:39:57,920 enough similarities between the five victim sites to know that we were 573 00:39:57,920 --> 00:39:59,560 with one hacking crew. 574 00:39:59,800 --> 00:40:04,600 But much about the case remains a mystery, like how many credit card 575 00:40:04,600 --> 00:40:05,519 were stolen. 576 00:40:05,520 --> 00:40:11,940 There were tens of millions more at TJX and in excess of 100 million at 577 00:40:11,940 --> 00:40:16,280 Heartland that could have been taken, but nobody knows the exact number. 578 00:40:16,600 --> 00:40:21,220 And how much money Gonzalez and his crew ultimately earned from their hacks. 579 00:40:21,920 --> 00:40:24,020 They're young kids. They spent a lot of money. 580 00:40:24,320 --> 00:40:29,480 They spent a lot of money on partying, a lot of money on drugs, fun nights out, 581 00:40:29,600 --> 00:40:35,640 spending $80 ,000. So it's hard for us to know if they didn't just spend most 582 00:40:35,640 --> 00:40:36,640 it, too. 583 00:40:37,180 --> 00:40:43,100 Prosecutors do know that victims lose at least $400 million, and restitution is 584 00:40:43,100 --> 00:40:45,020 set at $172 million. 585 00:40:45,520 --> 00:40:51,240 Gonzalez, with his team, committed the largest identity theft. 586 00:40:51,840 --> 00:40:55,240 ever prosecuted in the United States and perhaps the world. 587 00:40:55,440 --> 00:41:02,180 The dollar loss was so large that it changed the behavior of corporations as 588 00:41:02,180 --> 00:41:06,660 they realized that they had to increase the level of security because there was 589 00:41:06,660 --> 00:41:08,820 a large dollar risk involved. 590 00:41:09,120 --> 00:41:14,060 So it was changing to the whole culture in the size of what he did. 591 00:41:14,800 --> 00:41:19,840 Patrick Tuohy, Stephen Watt, Chris Scott and Maxim Yastrzemski. 592 00:41:20,430 --> 00:41:22,990 all served multi -year sentences in prison. 593 00:41:24,250 --> 00:41:29,510 And as for Gonzalez... He agreed to plead guilty to all of them and 594 00:41:29,510 --> 00:41:33,850 received a 20 -year sentence to run on each of them at the same time. 595 00:41:34,290 --> 00:41:40,690 Restitution well in excess of $100 million and forfeiture of jewelry, 596 00:41:40,890 --> 00:41:46,410 computers, and over a million dollars in cash that had been dug up in his 597 00:41:46,410 --> 00:41:47,410 parents' backyard. 598 00:41:48,040 --> 00:41:52,300 At sentencing, Gonzalez's attorney argues these were not crimes of greed. 599 00:41:52,700 --> 00:41:57,960 Rather, that Gonzalez suffers from Asperger's syndrome, a mild form of 600 00:41:58,200 --> 00:42:00,540 which could explain his addiction to computers. 601 00:42:01,360 --> 00:42:07,400 People with Asperger's are unable to relate to other people. Whereas Albert 602 00:42:07,400 --> 00:42:09,160 a natural leader. 603 00:42:09,380 --> 00:42:15,920 He, by definition, could relate to other people, size them up, negotiate with 604 00:42:15,920 --> 00:42:20,100 them. squeeze work product out of them. He was the exact opposite of somebody 605 00:42:20,100 --> 00:42:21,100 with Asperger's. 606 00:42:21,420 --> 00:42:25,360 Court -appointed psychologists find no evidence of the disorder. 607 00:42:25,900 --> 00:42:31,800 These guys spent a lot of time on their computers, but so does about half to two 608 00:42:31,800 --> 00:42:35,040 -thirds of all the students at nearby MIT. 609 00:42:35,360 --> 00:42:39,480 So the fact that you spend a lot of time on your computer as a kid, that you 610 00:42:39,480 --> 00:42:43,240 communicate with others on your computers, does not justify crime. 611 00:42:44,340 --> 00:42:50,370 In the end, What begins as teenagers hacking for fun soon becomes the 612 00:42:50,370 --> 00:42:54,710 cybercrime in history, an operation that lives up to its name. 613 00:42:55,290 --> 00:43:00,990 When Albert called this caper Operation Get Rich or Die Trying, I'm sure he 614 00:43:00,990 --> 00:43:02,910 didn't actually intend for anyone to die. 57200