COLD OPEN
He can’t do it, Manny Hernandez sneered.
At 14 years old, Albert was small compared to Manny, who was two years and two grades older. Albert was lucky the upperclassmen even let him in the South Miami High School Hacking Group since it was usually reserved for Juniors and Seniors.
Albert figured that Manny was just pissed that the underclassmen had managed to talk his way into the Hacking group and the Friday night video-game-hacking extravaganza that took place every weekend among the juniors and seniors. It was time for him to prove himself.
I’ll show you, Albert replied. He liked being underestimated.
Well, $20 says you can’t do it, Manny said.
I’ll take that bet, Alex Hansen said, slapping $20 on the dining table. The boys “ohh-ed” and “ahh-ed” as the hack quickly turned into a showdown.
The room settled into a quiet expectation, and Albert realized that it was now or never. Tonight, in front of all the upperclassmen, he was going to hack into the NASA website.
With everyone watching, Albert opened his laptop and navigated to the login dashboard for the NASA webpage. Hacking into the dashboard would allow him to control the layout and information displayed on the site.
First, he needed to verify the website’s hackability. He typed a code into the username bar, a series of 1’s and 0’s separated by pluses and minuses. When he hit ‘enter’, the site flashed fresh code on his screen.
Yes, Albert thought. The regurgitated code proved the website was vulnerable.
With shaky hands, Albert entered a code into the ‘password’ section. This code, Albert knew, should give him dashboard access. He hit ‘enter’ and waited.
The second it took for the page to load lasted forever and the website returned an error message.
Albert’s heart dropped.
He can’t hack it, Manny sneered. The others mumbled in agreement.
Give him another try, Alex said over the group.
Albert was embarrassed but determined. Some sites, he knew, blocked specific codes from working. All he had to do was input a variation that wasn’t blocked and, abra-cadabra, he would be in.
He typed in a different variation of the code and hit ‘enter’. As the loading circle spun, Albert was struck with doubt. If it didn’t work, he would be a laughingstock. He would never code again. But then… the dashboard loaded.
Shit, he’s in! Alex cheered and the room erupted.
Boys whooped as Alex held his hand out for the money. The other guys launched into a debate on how to turn the NASA logo into a penis. Albert sat smiling and shaking with adrenaline, fear, and thrill. He had really done it, and the moment felt surreal.
The next day, however, when Albert got home from school there was a big black truck waiting outside his house.
The FBI had come to pay a visit to the NASA hacker. As surprised as Albert was to have the feds at his house, the agents were surprised to find a gangly 14-year-old kid when they had been expecting a hairy Russian spy.
The Agents let Albert off with a warning, which, in retrospect, was a mistake. A mistake that they and millions of Americans are still paying for to this day.
On this episode, hacking and partying in Miami, multimillion dollar identity theft and no soup for you. I’m Keith Korneluk and you’re listening to Modem Mischief.
INTRODUCTION
You're listening to Modem Mischief. In this series we explore the darkest reaches of the internet. We'll take you into the minds of the world's most notorious hackers and the lives affected by them. We'll also show you places you won't find on Google and what goes on down there. This is the story of Albert Gonzalez aka SoupNazi.
ACT 1
It was January 2008, when Albert Gonzalez woke up to his phone buzzing on the nightstand. He cracked open an eye to see the screen. It was 11:00 a.m. and the number calling him was restricted.
His head was pounding, his throat was dry as sandpaper, and every muscle in his body ached. It was the after-effect of his wild weekend in Miami; staying at the nicest hotels in the middle of South Beach but life was starting to take its toll. He ignored the call and put the phone back down.
What Albert needed was a bump. That would take the edge right off.
Without getting out of bed, he leaned over, grabbed his pants off the floor, and fished around in his pocket until his fingers closed around a thin plastic baggie.
Yes.
Albert pulled out the bag and felt his stomach lurch. It was empty.
The phone started vibrating again and, again, Albert hit decline. He knew who it was. He received enough calls from them, always keeping him on a tight leash. God, he needed a hit.
In his drug and alcohol-fueled hangover, Albert felt the dread and anxiety settling in. He was running on fumes, trying to be everywhere and do it all. He never slept and hardly ate in between hacking jobs. Hacking, for Albert, was a drug more potent than coke or E, and was fucking up his life all the same.
Through the static in his head, Albert tried to think back to when it started, his hacking addiction, that is. Albert figured it escalated from obsession to addiction sometime after the NASA hack back in 1995.
That flashy party trick was only the tip of the iceberg.
After barely graduating high school and fully dropping out of college, Albert decided that what he really needed was a change of pace. The only place that he could imagine being cooler than Miami was the Big Apple and he moved to New York City in the spring of 2000.
Albert walked a tightrope between the illicit and legitimate side of computer technology. For a while, he even tried to use his skills in the real world. To land his first job Albert hacked into a New-Jersey based Internet company and persuaded them to hire him to their security team.
But NYC living was expensive, and his cybersecurity gig didn’t pay much. He quickly found himself living paycheck to paycheck, something that Albert wasn’t used to.
When he wanted money when he lived in Miami, he would just buy a credit card and use it for stuff like groceries, clothes, and partying. Unfortunately, though, what he needed was rent money and his landlord only accepted cash.
Growing more desperate by the day, Albert hopped onto the old hacker forums and started chatting with his old friends under the handle, SoupNazi. While scrolling the hacker forums, Albert came across a site listed as a “casher” site called ShadowCrew.com. Albert had read about cashing on some of the hacker message boards and knew it was basically like withdrawing cash from stolen credit cards and account numbers but didn’t know much more about it.
Albert clicked the link and, when the page loaded, his eyes instantly saw dollar signs.
ShadowCrew was a hub for stolen credit card information. Sellers on the site listed how many active numbers they had for sale and would deliver the information after the user paid. But that’s not all ShadowCrew did.
The site's admin also posted articles teaching readers how to strip, reprogram, and cash out credit and debit cards. It was simple; programmers had to delete the information attached to the card, reprogram it with an active, stolen account, and then they could withdraw the funds from any ATM.
Albert immediately got to work teaching himself how to do the entire process. He committed to learning it all as quickly as possible and quickly got to work on reprogramming a single credit card. He spent the entire 48 hours snorting lines of crushed up anti-narcoleptic as he hunched over programming and toiled with the program in his 9th story walkup in Hell’s Kitchen.
Finally, as the sun started to rise on Monday morning, Albert finished with his first reprogrammed card. Now, it was for the real test: he had to cash it.
He walked over to the ATM at lunch time. Albert had a 30-minute break before he had to be back at his cubicle staring at the same lines of code until he went braindead.
Since it was the middle of the day in NYC, people were everywhere. Security guards circled the bank lobby and the lines for the teller snaked around the center of the room. Albert walked to the far corner ATM feeling like all eyes were on him.
Albert waited for a man to finish at the machine before stepping up. He pulled his wallet out, his fingers hesitating on the card.
What if the card didn’t work? Would he look suspicious if the machine declined him and then he went running out?
Albert tried to keep himself calm and rubbed his sweaty palms on his pants and then panicked since he had the pin written on his hand. He needed to pull it together. As long as he was calm, no one would suspect a thing.
When it was his turn, Albert inserted the card and waited for the machine to whirl to life. The screen lit up and prompted Albert for his card pin. If he programmed the card correctly, he would put in the pin number that matched the stolen credit card number that Albert had reprogrammed to the card, and he would be able to withdraw cash from the account.
He instinctively checked his palm even though he had the pin memorized. It was a 1—
Hello, Sir, is everything working well with the machine today? A young-looking sales clerk asked Albert, approaching him from behind.
Albert’s heart jumped and he quickly dropped his hand, pressing it against his leg.
Had the man seen his hand? Maybe it wasn’t that weird to write your pin number somewhere and look at it…
Yep, Albert responded, working great.
If you need anything, I’ll just be over here, he said with an overly cheerful, car salesman kind of smile.
Albert nodded as the man walked away. He turned back to the screen to see that his session had timed out. Fucking prick, he thought. He removed the card and shoved it back into the slot.
Glancing over his shoulder, he could see that the security guards were chatting by the front door. Everyone else seemed to be moving around the bank, mostly ignoring Albert. He still felt twitchy and wanted to get out of there quick.
This time, when the machine asked for his PIN, he didn’t double-check his hand. He typed 1- 5- 7- 3 and hit enter.
The screen loaded and Albert felt like the world had stopped turning. Please work he silently begged, please, god, work.
Then, the withdrawal screen loaded. Albert was in.
Quick withdrawal amounts popped up on the screen. $10, $20, $100… but that’s not what Albert wanted. He punched in the amount, $10,000, and hit enter. It was worth a shot.
The machine whirled and rumbled, and Albert nearly expected the money to come raining out but the ATM shot back an error message: Withdraw limit exceeded.
Hm, this was a problem. Albert had forgotten about the limits on ATM withdrawals. Maybe he was being greedy, after all. All he really needed was enough to cover his rent. He punched in $2,500 and hit enter again.
This time the machine showed a checkmark on the screen and started making a cranking noise before the cash spit out. For a moment, Albert was frozen in disbelief. It was working.
Without waiting another second, Albert shoved the money in his flimsy wallet and nearly ran out of the bank. The security officers even waved goodbye.
Albert went back after lunch and quit his job. With a little more practice, Albert knew that he could be on to something big. Sure enough, the more cards he practiced reprogramming, the quicker he got and the more cards he could cash at one.
Between the cocaine and programming binges, Albert would stay up for days on end reprogramming a haul of 10 or 20 cards to cash. Then, he would spend the next few days hopping from one ATM “cashing” more money than he had made before. The ShadowCrew Admins started to take notice.
In early 2001, the first admin from ShadowCrew sent Albert a message from his anonymous handle, Kidd, with a proposition.
Albert felt the familiar rush of adrenaline in his fingertips.
What sort of proposition? Albert responded to Kidd’s message.
We’ll send you a stack of cards to cash. Pin numbers are written on the back.
Albert considered the request and concluded that it seemed reasonable. It wasn’t much different than what he did now except, he wouldn’t need to spend days on end reprogramming the cards. To Albert, the offer was a win-win.
Okay, Albert wrote back. For a cut.
Albert had gotten better at cashing since the first time. He went early in the morning or later at night. He chose ATMs that weren’t obvious and even dressed up in disguises to throw off the cameras at his regular cashing spots. But Kidd gave Albert very specific directions for cashing.
It was highly important that Albert went right at midnight to make the withdrawals. Apparently, at midnight, the ATM cash withdrawal limit was inactive. This meant that there was no limit on each transaction and Albert could effectively clean out the accounts. Kidd told Albert that each take could be up to $50,000. It sounded too good to be true but Albert was too curious about the offer to pass it up.
He donned a long dress and stringy wing and wandered to one of his favorite ATMs on the upper east side right around midnight. He followed Kidd’s instruction and, low and behold, the scheme actually worked. Soon, Albert was making between $10,000 and $20,000 in a night cashing cards.
Sure, he loved the thrill of stealing and the adrenaline that came with the underground work but what he loved most of all was the money. For every card he cashed, Albert got to keep 40%. The rest he mailed in old Nike shoeboxes to a P.O. Box somewhere on Long Island. As long as Albert was making money, he didn’t ask questions.
The plan worked without a hitch. Albert was getting paid and moving up the ranks as a trusted casher with the ShadowCrew. Albert felt like he had finally found people that accepted him for who he was and encouraged his innate hacking abilities.
But all of that came to a sudden screeching halt on April 4th, 2003, when Albert found himself handcuffed in the back of a police car.
Albert had been nabbed, alright. On the upper east side, just after midnight. A patrol officer out on the street stopped and frisked Albert only to find twenty different credit cards tucked into his left sock, each one with a different name on it. He also found the $20,000 shoved into different pockets in Albert’s pants, underwear and, of course, his other sock.
Albert was 22 years old at the time and was looking at spending the next 40-ish years behind bars. He had a choice to make, either buck up and take the time or start singing like a canary.
ACT 2
The officer had brought Albert in and left him in the drunk tank for what felt like days. When someone finally came to retrieve him, it wasn’t just the NYC police; it was the Secret Service.
The Secret Service had been dealing with a lot of cybercrime and cashers as the technology for skimming and reprogramming cards was making its way onto the black market. The news of a major “casher” arrest made its way to the cyber branch of the Secret Service and they wanted to have a chat with Albert.
The agents brought him into a room and started peppering Albert, hungry, tired, and still coming down from the drugs, about his cashing activities. They pressed into him about where he got the cards and what he did with all the money. Albert feared going to jail and pushed for a plea deal. Cooperation for exoneration. He agreed to tell the agents everything he knew if he wouldn’t have to worry about jail.
To his complete and utter surprise, the Secret Service agreed to the deal.
Albert told them anything and everything they could ever want to know. The Secret Service quickly realized that Albert wasn’t just a casher, but a ShadowCrew insider. They couldn’t believe their luck.
The Secret Service agents encouraged Albert to continue his work with ShadowCrew but told him that he would need to report everything he did to the Task Force. The Secret Service also brought Albert on board to teach them everything he knew about hacking. Albert, young and desperate to avoid jail, agreed.
By the end of April, Gonzalez was on the payroll of the Federal Government and evading prosecution for the hundreds and thousands of dollars he stole. With the arrangement in place with the Feds, Albert was released back into the world to spy on the hackers that he once worked with.
For over a year, Gonzalez helped the Justice Department and the Secret Service build an ingenious trap for ShadowCrew. The operation was run out of a makeshift office in an Army repair garage in Jersey City, and Gonzalez was its linchpin.
Gonzalez worked alongside the agents, sometimes all day and into the night until he climbed the ranks high enough to make his way into the ShadowCrew inner circle. The team bonded with Albert, some calling him by his last name, others calling him by his old hacker handle SoupNazi. None of the agents had ever worked so closely with an informant before and it was a learning curve for the agents and the agency.
On October 26th, 2004, Gonzalez took a seat at the makeshift command table in the old NJ garage. He corralled the ShadowCrew targets into a chat session at 9 p.m. Then, the agents began knocking down doors.
By midnight, 28 people across eight states and six countries had been arrested, most of them mere feet from their computers. The covert team eventually transferred the site onto a server controlled by the Secret Service, allowing the task force to shut down the site. It was, by some estimates, the most successful cybercrime in history.
The indictments listed Albert Gonzalezs’ name and it became clear that he had ratted on the very community that had embraced him, and the hacking community was pissed. Within a day of the arrests, there was a bounty on Alberts’s head.
To protect their top informant, the Secret Service offered Albert a permanent informant position out of their Miami field office. It would keep Albert out of dodge while also ensuring that the agency could keep a close eye on him. Working with the Secret Service meant that Gonzalez needed to keep both his nose and his hard drive clean.
Albert accepted the job, and Agent Michael from the ShadowCrew task force transferred to Miami to work with Gonzalez. Between 2004 and 2006, the pair closed case after case with ease. As far as the Secret Service knew, Albert was working exclusively for them and there was no shortage of work.
The early 2000s was a time of quick innovation which meant that technology was developing faster than companies and the government could wrap their heads around. It meant that technology was being adopted by companies before they understood how it worked or, more importantly, how to protect it. The nationwide hacking crisis was spiraling out of control.
Just before Christmas in 2006, Special Agent Michael got a call from his old task force director and the current cybercrime prosecutor for the Justice Department, Kim Peretti.
Peretti explained that she had just gotten off the phone with lawyers from CardSystems Solutions, the credit processing company for Fortune 500 companies. The company claimed that there had been a massive data breach of the TJx Corporate System that included Hannaford Supermarkets, Marshalls, Tj Maxx, HomeGoods, 7-Eleven, and Citizens Bank ATMs.
Peretti listed off the stores and with each name, Michael’s heart dropped. How serious is the damage? He asked.
45.6 million credit cards amounting to nearly $256 million, Peretti stated.
Michael nearly dropped his phone. He pictured the families whose bank accounts had been inexplicably cleared overnight and the devastation they must be feeling. The sheer amount of information stolen alone meant that the hack was easily the largest and most widespread case of credit card fraud the government had ever seen.
What do you need from me? Michael asked, ready to jump in and help.
We need you and Gonzalez on the case, Peretti said, we’ll give you access to anything you two need. Michael felt the surge of excitement that came with a big case. The wheels in his mind were already turning as he tried to mentally piece the hack apart.
The next day, with the tools, resources, and support of the Secret Service, Michael and Gonzalez launched their investigation into the TJx hacking case.
It quickly became apparent to Michael that this hack was much more nuanced and layered than anything they had seen before. The hack had been expertly carried out with precision. Michael and Gonzalez worked tirelessly on the coding; dismantling the system and piecing it back together to see what, if anything, they could find.
Gonzalez, being the hacking brain, was charged with looking for a special signature or maneuver that the hacker might have used. Michael worked on tracing the hack back to an IP address or server neither he nor the tracing team had any luck. Their weak list of suspects remained weak and the men struggled to narrow down their suspect pool.
Every once in a while, though, it would feel like the team was getting close. Albert used his underground connections to point the service in the direction of people to look closer at. Using their informant, the agency was able to get a few search warrants that led them to credit card dumps related to the hack. But every time the Secret Service tried to dig deeper they would hit a dead end. None of the suspects turned out to be their guy or have anything to do with the hack beyond buying a few expired card dumps.
After nearly an entire year of sleepless nights and constant surveillance, Michael and Gonzalez had absolutely nothing to show for their work. To their dismay, the cyber assault didn’t end there.
In February 2007, attorneys for Dave & Buster's called the Secret Service. That company, too, had been breached. This hack was different, though, and proved to be even more dangerous to Americans than the haul from TJX.
The hackers who had targeted the Dave & Busters didn’t hack into the historical database or operating system but were able to hack directly into the point-of-sale.
The TJX hack had been a haul of historical transactions. It gave the hackers a list of potential credit cards but didn’t differentiate between working accounts and expired or old cards. This meant that there was a 50/50 chance that the stolen card information wouldn’t work.
In Dave & Buster’s case, it was a different story. The hackers managed to access the point-of-sale system. As transactions were being processed by the operating system, hackers gained instant access to a trove of working credit card numbers rather than a historical log riddled with expired information.
Again, the Secret Service called in their cyber team, Michael and Gonzalez, to consult on Dave & Buster’s case. They dove into the evidence and looked to the usual markers to see if the hackers left any digital trace that the investigative team could follow.
The leads in the Dave & Busters case dried out quicker than any case prior. The hackers left almost no traceable information; they used a rented foreign server, encrypted IP address, and used anonymous accounts all to keep their identities hidden.
Years of staring at a screen and getting nowhere were clearly taking their toll. Michael himself was growing exhausted and restless. The late nights were growing arduous, and Michael felt like his brain had been reduced to mush. He noticed a lot of the same things in Albert.
The longer that the cases drug on, the less engaged Albert seemed to be. Gonzalez looked like he hardly slept. He was getting thinner and seemed to be on edge. When Albert came into the office at all, he would be hours late.
By September 2007, Gonzalez had stopped showing up to the Secret Service entirely and alarm bells started ringing. Michaels was assigned to keep an eye on Gonzalez and his daily activities.
Gonzalez continued to live in his modest apartment. Every so often a couple of guys would come over, stay for a while, and then leave. Sometimes they would go out and get hammered. Maybe do some drugs. But nothing that raised any red flags in the way of either hack.
As much as the Secret Service wanted to pin the crimes on someone, they couldn’t get even a shred of the evidence they needed to make a move on Gonzalez.
Just as the Secret Service came to another dead end, the case was revived with a single lead.
The lead came in courtesy of Kim Peretti, the Justice Department’s chief prosecutor of cybercrime in Washington. The same Kim Peretti who previously worked to shut down ShadowCrew alongside Albert Gonzalez and Agent Michael. She passed on a lead from an undercover Agent Chase in San Diego.
Chase had been working a case trying to close in on notorious international hacker & cyber-criminal, Maksym Yastremskiy. Yastremskiy had been the single largest distributor of fake passports, social security cards, and stolen credit cards making their way into the U.S.
Posing as a buying and “casher”, Chase started making large purchases of credit card dumps from one of Yastremskiy’s known alias’. After a year of purchases, it was time for the Secret Service to make their move on the criminal and connect him with the illicit sales.
In order to make the connection, Chase traveled to Dubai where he covertly copied the hard drive in Yastremskiy's laptop.
Once back in the States, Secret Service technicians combed through the recovered data and discovered, to their joy, that Yastremskiy was a meticulous record keeper. He had catalogued all his customer records and chat logs dating back to the start of his criminal enterprise. In the logs, they found a chat partner who appeared to be Yastremskiy's biggest provider of stolen card data. The only information they had about the person was a handle, not a name or personal address.
Stumped on the case, the San Diego Secret Service reached out to the Justice Department, sending over the case file which made its way to Peretti’s desk. She read the flimsy, one-page file and almost laughed out loud at her discovery. It was so obvious that it was almost embarrassing. No, actually, it was without a doubt mortifying.
There, staring back at her on the sheet of paper was the evidence that would break the case wide open; the email address of Yastremskiy’s supplier was Soupnazi@efnet.ru.
ACT 3
Albert thought that he was doing a good job holding it all together. The FBI job, orchestrating the TJx hack, working on the Dave & Busters Hack, not to mention a hack that the Secret Service hadn’t been looking into yet.
The entire time that Albert was playing cyber-spy, he was also running a multi-million-dollar credit card sales and cashing business. After ShadowCrew shut down, Albert noticed that there wasn’t really any other provider of stolen credit card information and the demand proved to be huge.
Albert assembled a team of two other hackers who helped him hack into the TJx store and, thus, the operating system to download the historical credit card data stored within the operating system. The team started rotating stores to download millions of credit and debit card numbers.
The team helped Albert reprogram cards and cash them. But there was still more data than any single person could ever use. To capitalize on his corner of the market, Albert lined up a foreign buyer, Maksym Yastremskiy, to distribute the stolen data. The men would split the proceeds from each sale via wire transfer into an off-shore bank account Albert created to launder the money. With the entire operation under control, Albert started to let himself cut a little loose.
Gonzalez bought himself a new condo and BMW convertible to match though he kept his old place to avoid suspicion. He started taking frequent flights to New York, where he and his hacker buddies spent thousands on hotels, restaurants, clubs, and drugs. Lots of drugs. Gonzalez regularly took cocaine and anti-narcoleptic pills to keep awake during his long hours at the computer, but he preferred Ecstasy and ketamine to party.
At first, the operation was smooth, but then, Gonzalez started running into problems with expired and canceled credit cards. His operation was bleeding money in refunds. As he was struggling with what to do, two hackers reached out and offered a solution to his problem.
The hackers had heard about Gonzalez through their buddy Maksym. They knew that Gonzalez was big time and they had something of value to offer: the SQL Injection technique. The SQL Injection was a type of hack that let coders tap directly into a POS system to gain instant access to working credit card numbers. This meant Gonzalez wouldn’t have to sift through data to test working numbers and it would reduce his refunds. Gonzalez was in.
By March 2007, Gonzalez was bringing in multiple millions of dollars worth of cash and money in his offshore accounts. Just when he thought all was under control, the Secret Service started asking questions.
The next thing Gonzalez knew, he was assigned to investigate his own case. Each day he grew more paranoid that the Secret Service was honing in on him. The drugs and lack of sleep started messing with Albert’s head and he grew more anxious by the day.
Were they watching him? Following him? Albert needed to get the Secret Service off his trail and started having his employee’s plant expired card dumps on the hard drives of the Secret Services hackers of interest in the case.
With the pressure mounting on Albert and his partner Michael to make a move in the case, Albert felt himself nearing a nervous breakdown. His employees were starting to question his decisions. They wanted to stop planting evidence on their fellow hackers and Albert told them that he would stop but continued to do it behind their backs. He had no problem working both sides if it meant keeping himself out of jail and he continued making money.
It was May 7th 2008 and Albert was bobbing and weaving the 80’s van through Sunday afternoon traffic in Miami. Christopher Scott, a hacker working for Albert, was riding shotgun with his laptop open on his lap.
The men were looking for their next target; a store with open wifi that might be vulnerable to an SQL injection hack. They had already stopped at a Home Depot but the system, although operating on public wifi, was encrypted. Albert quickly deemed the hack too time-consuming and the men moved on to their next possible target, Toys R Us.
Most commercial stores in Miami were always packed. Between the tourists and large, attractive, shopping centers, the parking lots were nearly always full. Albert and a few other cars circled before Albert was able to land a spot near the back of the store.
Albert and Scott didn’t waste a moment. As soon as the van was parked they climbed into the back and opened their laptops. After a second of scanning, a public internet connection popped up for Toys R Us.
Bingo.
Albert and Scott logged onto the wifi and made their way to the server. After a quick scan of the operating system, they could see that the POS was vulnerable to the hack technique.
The men had got the information they had come for and Albert was ready to pack it in. He could come back at a better time to really do the hack right. The men shut their laptops and Gonzalez hopped back into the driver's seat.
The van jumped to life and Albert sped out of the parking lot. As he made a right hand turn onto South Blvd, he noticed a red mustang behind him.
Hadn’t he seen that same Mustang driving around the parking lot when they pulled in?
Albert tried to speed up but the heavy Sunday traffic made maneuvering the van more difficult. He glanced in the rearview mirror. The mustang was a few cars back now and its windows were completely tinted, not unusual for a typical Miami driver… but still. It gave Albert a strange feeling.
Do you remember seeing that Mustang in Toys R Us? Albert asked Scott, nodding his head toward the rearview mirror.
Nah man, Scott replied without checking the mirror, I don’t think so.
Albert couldn’t avert his gaze. At the next traffic light, Albert made another right and, sure enough, the mustang followed.
Could it be someone from his ShadowCrew days coming back to haunt him? A professional hitman from framing someone in the TJx hack? Albert was making a shit-ton of money, getting involved in heavier drugs, and screwing people over left and right, anything was fucking possible.
As he approached the next light, Albert tried to floor it to make it through and force the mustang to stop but the car directly in front of him didn’t go through the yellow light. Albert didn’t want to wait. He pulled into the bus lane on the right and when he got to the light, the oncoming traffic was already speeding across the intersection. He was stuck.
Dude, what are you doing? Scott said, his voice sounded weary.
As Albert pulled into the bus lane, the mustang followed.
We’re being followed, Albert said, I’m going to try and lose them.
In this? Chris asked, his eyes getting big.
The light turned green and Albert didn’t move. Neither did the mustang behind him. They were frozen in a game of chicken, each waiting for the other to make the first move.
Albert gunned the car, putting the gas pedal all the way to the floor. The wheels squealed and the smell of burning rubber filled the air as the van shot forward and Albert thrust the car into the lanes of traffic.
Behind him, the mustang’s front window lit up with red and blue lights.
It’s the fucking cops, Scott exclaimed, gripping the bar over the window with white knuckles.
Albert ignored him. He could see it was the fucking cops. The next light turned from green to yellow and instead of slowing down, Albert gunned the engine and made a hard left-handed U-turn, nearly sending the van tipping onto its side.
Speeding forward, Albert tried to make it straight down the road and onto the next highway ramp. If he could make it to the highway, he was sure he could lose the cops. He checked the rearview mirror and the mustang was over a mile back, just making a u-turn now. He might just make it.
Albert approached the ramp for the highway still looking into his rearview.
Albert, no! Chris yelled.
Glancing forward, Albert saw why Chris had yelled. There were two Miami PD cars blocking the ramp entrance onto the highway but it was too late. Albert was stuck. Just as he braked, the mustang pulled into the ramp behind him with its lights and sirens blaring.
There was nowhere for Albert to go.
Agent Michael hopped out of the Mustang with his gain trained on Albert’s side of the car. Car in park! Hands off the wheel! Michael shouted. The Agent opened Albert’s side of the van, gun pointed directly at Albert’s head.
Instead of putting up a fight, Albert quietly put the car in park and hopped out of the car.
Albert put his hands on his head and followed all of Michael’s instructions. After being handcuffed and put in the back of the police car Albert did his best to remain calm and confident. He was sure that the Secret Service wouldn’t be able to find a single shred of evidence on his laptop or hard drives.
But what Albert didn’t know is that the feds wouldn’t even need his hard drive or anything on it; the evidence they already had was even better.
ACT 4
Gonzalez’s attorney assured him the government’s case was weak. Electronic evidence often doesn’t hold up, he said. That might have been in a different century, Albert thought, but not in the 2000s.
On May 18th, 2008, Jonathan James shot himself in the head. James was a Miami hacking celebrity who was the first juvenile convicted of a cybercrime. Secret Service Agents found expired card dumps on James’ hard drive and he was convinced that Albert was going to pin the TJx and Dave & Busters hacks on him. In the suicide note, James said he lost control and taking his own life was the only way to take control back.
The weight of James' death hung heavy on Albert. The entire hacking community was outraged and infuriated with Gonzalez. He was a disgrace to hackers and the community they claimed to have with one another. The guilt began to weigh on Gonzalez and he began cooperating with police. Eventually, Albert escorted agents to a barrel buried in his parents’ backyard containing $1.2 million.
Soon, the people who were once loyal to Albert started to turn on him. Most of Alberts hacking buddies found themselves staring at a similar proposition as Albert did all those years ago as a 22-year-old-kid; talk or face jail time. And just like Albert chose to do all those years ago, everybody flipped.
According to Attorney General Eric Holder, Gonzalez cost TJX, Dave & Busters and the other victimized companies more than $400 million in reimbursements and legal fees. At least 500 banks were affected but the extent of the damage is unknown.
Albert Gonzalez didn’t think about the real, human people that he was scamming when he cashed out cards. He didn’t think about the families who wouldn’t be able to pay their bills or the people who had their own rent they needed to be paid up on. The reason that Albert couldn’t continue to get away with his crimes wasn’t that he wasn’t smart enough, it was because Albert could only think about himself. He was never satisfied and never willing to bear the brunt of the fall.
Gonzalez was charged with 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft in the U.S. District Court for the District of Massachusetts. He pled guilty to all 19 counts.
In August, Gonzalez was also indicted in New Jersey for the theft of more than 130 million credit and debit cards. In typical Albert Gonzalez fashion, he wasn’t going down without trying to cut a deal first.
Gonzalez made out with a plea agreement where he is set to serve 20 years for both the Massachusetts and New York crimes with the sentences running concurrently. With good behavior, Gonzalez is scheduled to be released from Federal Prison as of December 4th, 2025 which could mean that the notorious SoupNazi will be back in the game.
Credits
Thanks for listening to Modem Mischief. Don’t forget to hit the subscribe or follow button in your favorite podcast app right now so you don’t miss an episode. This show is an independent production and is wholly supported by you, our listeners and the best way to support the show is to share it. Tell your friends, your enemies, send it with your next nude. And another way to support us is on Patreon. For as little as $5 a month you’ll receive an ad-free version of the show plus monthly bonus episodes exclusive to subscribers. Modem Mischief is brought to you by Mad Dragon Productions and is created, produced and hosted by me: Keith Korneluk. This episode is written and researched by Lauren Minkoff. Edited, mixed and mastered by Greg Bernhard aka That Ain’t the only Hard Thing That Burns. The theme song “You Are Digital” is composed by Computerbandit. Sources for this episode are available on our website at modemmischief.com. And don’t forget to follow us on social media at @modemmischief. Thanks for listening!