Jun02
Gonzalez, TJX and the FS-ISAC Conference posted by Rick Howard
Filed in: Gonzalez
A couple of weeks ago I presented at the annual FS-ISAC (Financial Sector - Information Sharing and Analysis Center) conference held in Saint Petersburg Florida. I know. It is a tough gig. Somebody has to do the hard jobs around here.
The FS-ISAC is one of several ISACs "mandated" by the US Government to facilitate information sharing between companies within the same business sector. Other prominent ISACs are the IT-ISAC and the Multi-State ISAC.
During the talk, I got to the part where I was discussing the Albert Gonzalez case. If you have been sleeping under a rock for the past year, Gonzalez is the guy that masterminded the TJX breaches. The US Government just recently sentenced him to 20 years for his efforts. It turns out though that he was also involved in some of the most nefarious cyber activity of the past decade in one shape or another.
For example, he was the snitch used by the USSS (United States Secret Service) in Operation Firewall back in 2004 where the feds snatched some 28+ underground carders. He was also a member of the infamous Darkmarket forum; the forum where FBI Agent Mularski infiltrated for two years and resulted in the arrest of some 56 underground carders. It is iDefense speculation that Gonzalez used Darkmarket to exchange credit card numbers with one of his main TJX accomplices: Maksym Yastremskiy. The USSS used Yastremskiy as the linchpin in the case to tie everything back to Gonzalez.
At this point in the presentation, I was telling the part of the story where the feds were paying Gonzalez an annual salary to be a "consultant" for them. You see, they did not know that he was secretly going behind their backs to do the TJX job while he earned $70K a year for being an informant. That was not a typo. They paid Gonzalez $70K a year.
But that is not the good part. This is the good part.
At this point in the presentation, one of the FS-ISAC leaders stopped me cold and said that he wanted to make an announcement. In the interest of full disclosure, he wanted the audience to know that, in fact, Albert Gonzalez presented at this very same conference not five years ago as part of his federal consultancy gig. The USSS brought him in to give the FS-ISAC membership a view from the hacker's mind. This was about the same time that Gonzalez was launching his TJX scheme.
How cool is that?
As you might imagine, this little nugget of information brought the house down. I was almost wiping tears from my eyes because I was laughing so much. I could not have planned it better if I was making it all up.
