

The Great Cyberheist - LANYC
http://www.nytimes.com/2010/11/14/magazine/14Hacker-t.html?ref=technology

======
teye
Shadowcrew was an awesome place. You could get pretty much anything there. The
marketplace was built on reputation -- you'd send a new offering to the senior
members, who'd review you.

The coolest guy there was MacGyver. He knew everything about everything. You'd
ask for feedback on the new SSN cards you were selling and he'd casually drop
that the SSA used band printers back when your card would have been issued, so
there should be little marks here or there.

From what I could tell, he never profited from any activity there, but being a
senior member and receiving goods for review, receiving credit card blanks and
numbers was enough to put him away. By the time it occurred to me I could send
him a letter in prison, he was already out.

Sure, he was indirectly contributing to illegal activity, but to a kid looking
for fake ID info, he was a god.

------
blaines
This article is long, but really good, it reads like a movie.

Gonzalez not only hacked computer networks, but also personal networks. He may
not have been great at code, but he was definitely good at navigating social
structures. Gonzalez was certainly a great hacker, but not necessarily good.

I'll be keeping my eye out for author James Verini in the future, this was a
great read.

~~~
ojbyrne
Not to mention keeping an eye out for the movie. It would be awesome, and
perhaps the commercial success of The Social Network will make it more likely.

------
harpastum
It seems odd to me that both _'can barely write simple code'_ and _'it is
hard, if not impossible...[for Gonzalez] to conceptualize human growth,
development and evolution, other than in the language of building a machine'_
are applied to the same person.

It seems that Gonzalez is not actually a talented cracker at all — he just
found relationships with people that did. In that way, he's more of a standard
crime lord than a hacker (using the NYT's definition of hacker).

~~~
dasil003
To put it in mundane terms he's just more a sysadmin type than a programmer.
Sometimes I think it's easy for programmers to have a bias against sysadmins
because they aren't "creating", but the fact is that the scope of systems a
typical sysadmin deals with is far greater than any programmer will ever
program. Being able to grasp the scope of things and how they are working at
both a high and low level is a special skill, and one that seems particularly
applicable to the kind of hacks described in this article.

The wardriving and SQL injection, that's kid stuff, right? But what do you do
once you're inside the system? That's where he seemed to shine.

The fact that he wasn't a great coder I think is more reflective of the fact
that he didn't spend a lot of time writing code, but I don't think it reflects
on his computer skills in general.

------
LiveTheDream
"He started to trust us...I was well aware that I was dealing with a master of
social engineering and deception. But I never got the impression he was trying
to deceive us."

This is the epitome of irony.

------
AngryParsley
It was interesting to hear the government's side of the story. Yet again I'm
convinced that the most proficient computer security experts are way outside
the government. Gonzalez doesn't seem exceptionally competent. I mean the only
reason he got caught was because he used a bunch of cloned debit cards in
front of a cop. Yet for several years he managed to inform for the Secret
Service and keep his crimes hidden.

I'm not sure the Secret Service realizes what message they're sending to
criminals. Sure they punished Gonzalez for his betrayal, but they basically
advertised, "If you become an informant, you risk getting a much much worse
sentence."

~~~
dasil003
> _but they basically advertised, "If you become an informant, you risk
> getting a much much worse sentence."_

Uh, you mean if you not only continue your crime, but escalate it to
unprecedented levels after agreeing to be an informant? I think that pretty
much goes without saying.

~~~
AngryParsley
Gonzalez's actions as an informant still reduced the total amount of credit
card fraud. If he hadn't informed, his associates would have committed more
crime and the Secret Service probably wouldn't have caught as many of them as
quickly as they did.

Assuming the Secret Service's goal is to reduce fraud, they should prefer
informants who commit crimes to no informants at all.

~~~
dasil003
> _Gonzalez's actions as an informant still reduced the total amount of credit
> card fraud._

Did they?

~~~
AngryParsley
Almost certainly. ShadowCrew was much bigger than just one person. The Secret
Service claims 4,000 members, but the real number was probably several
hundred. Without the help of a well-established member (Gonzalez was actually
a founder), it would have been much harder for the government to crack this
fraud ring.

~~~
dasil003
Okay, so let's assume that's true, despite the fact that it's an extremely
dubious claim considering the magnitude of the operations Gonzalez was
running. Even then, your original claim was "what kind of message does a stiff
sentence send", but then you come back with this as if it's better to send a
message that the secret service are a bunch of suckers who you can play til
the end and _still_ get off hook. Crime wouldn't be down for very long with
that kind of message, and don't even get me started about the consequences of
congress hearing that message.

------
illumin8
Awesome article - here is my favorite quote:

"They pulled James’s police records and found that in 2005 he was arrested by
a Palmetto Bay, Fla., police officer who found him in the parking lot of a
retail store in the middle of the night. The officer didn’t know why James and
his companion, a man named Christopher Scott, were sitting in a car with
laptops and a giant radio antenna, but she suspected they weren’t playing
World of Warcraft."

------
marklabedz
NY Times single page link:
[http://www.nytimes.com/2010/11/14/magazine/14Hacker-t.html?r...](http://www.nytimes.com/2010/11/14/magazine/14Hacker-t.html?ref=technology&pagewanted=all)

------
danielson
Related:

Sabrina Rubin Erdely, "Hackers Gone Wild: The fast times & hard fall of the
green hat gang," Rolling Stone, June 10, 2010, p. 64.
<http://sabrinaerdely.com/docs/HackersGoneWild.pdf>

------
TedBlosser
wow, what an awesome read. I referenced the TJX hacks in a ton of customer
presentations to sell Cisco's security suite, but never knew what happened
behind the scenes. On one hand, he caused $400M in damages to his direct
victims, but made a fortune for IT software/security companies by instilling
FUD in enterprises across the globe.

------
anon_for_this_1
Man, I hate hearing about someone so gifted throwing their life away. Can you
imagine if he had gotten interested in stopping the spam epidemic? That would
have been awesome.

------
iopuy
First five pages,
[http://www.google.com/search?hl=en&biw=1920&bih=938&...](http://www.google.com/search?hl=en&biw=1920&bih=938&q=%22Francesco+Bongiorni%22+%22The+Great%22&btnG=Search&aq=f&aqi=&aql=&oq=&gs_rfai=)

(google must be the referral for the links to work)

------
SabrinaDent
Jacking the point-of-sale terminals was inspired - very elegant problem
solving.

------
daten
You can follow the google referral to see the article without logging in.

[http://news.google.com/news/search?aq=f&pz=1&cf=all&...](http://news.google.com/news/search?aq=f&pz=1&cf=all&ned=us&hl=en&q=%22The+Great+Cyberheist%22+Gonzalez)

~~~
tomjen3
Or just open it in incognito mode.

~~~
daten
Or "Private Browsing" if I'm using Firefox instead of Chrome? Having noscript
installed didn't help. I still got the login page. Does private browsing hide
the referrer URL?

~~~
tomjen3
It is the cookies that matter.

------
o_nate
Interesting that the guy was apparently not a good coder:

"He is not a gifted programmer — according to Watt and Toey, in fact, he can
barely write simple code — but by all accounts he can understand systems and
fillet them with singular grace."

------
clistctrl
I used to be a developer at Target a few years ago. This incident really made
them realize how important security was. Things changed (though I can still
think of a few holes) it's a lot LOT more tighter.

~~~
varaon
It would be interesting to see if there are any cases where hackers bribe a
software company's employee to disclose information on vulnerabilities.

