T.J.Maxx hacker says feds gave him the OK

Albert Gonzalez asks to withdraw his guilty pleas, saying his activities were authorized and directed by U.S. government agents.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read

Albert Gonzalez, the hacker who pleaded guilty to leading one of the largest cases of credit card theft in the U.S., is asking a judge to toss out the pleas, arguing that they were part of his assignments as a paid government informant.

"I still believe that I was acting on behalf of the United States Secret Service and that I was authorized and directed to engage in the conduct I committed as part of my assignment to gather intelligence and seek out international cybercriminals," Gonzalez wrote in a 25-page petition filed March 24 with the U.S. District Court in Massachusetts and published on the Threat Level blog. "I now know and understand that I have been used as a scapegoat to cover someone's mistakes."

"All of this inflated my ego and made me feel very important and made me feel like I was really a part of the Secret Service with the backing and support of the government agency," Gonzalez wrote. "One day I was unknown and nothing and the next day I am being hailed as a genius and giving presentations to Secret Service agents in Washington, D.C. All of this was mind-boggling for me."

He says in his petition that he never would have pleaded guilty if he had known about a "Public Authority" defense, which is used when a defendant argues that a crime was committed with the approval of the government. He blames a defense attorney for not advising him about that. His former attorney, Rene Palomino, told Threat Level that Gonzalez does not have the grounds to withdraw his plea and disputes that the government approved of Gonzalez' crimes.

The Secret Service said it could not comment on Gonzalez' petition.

Gonzalez, sentenced to 20 years in federal prison last month, has confessed to stealing millions of credit and debit card numbers from major companies, including T.J.Maxx, BJ's Wholesale Club, Office Max, Barnes & Noble, Hannaford Bros., and Heartland Payment Systems.

He and others were accused of breaking into systems by wardriving--using a laptop to detect unsecured wireless networks--and then installing sniffer programs to capture data. The data was then used to make clone cards and withdraw cash from ATMs, prosecutors said.

The accused then allegedly sold the credit numbers, encoded the data onto magnetic stripes of blank cards, and used the new cards to withdraw tens of thousands of dollars at a time from ATMs, prosecutors said. They also allegedly concealed and laundered their proceeds by using anonymous Internet-based currencies within the United States and abroad, and by channeling money through bank accounts in Eastern Europe.