By Michael E. Miller
By Allie Conti
By Keegan Hamilton and Francisco Alvarado
By Jake Rossen
By Allie Conti
By Kyle Swenson
By Chris Joseph
By Michael E. Miller
The laptop's owner, the Ukrainian Maksym Yastremskiy, was dancing at a nightclub nearby.
The Turks handed over the machine, and the U.S. agents began downloading data. When they finished, they put the computer back in Maksym's room and slipped out of the resort.
The agents had waited years for the hacker to travel to a friendly country where they could carry out this operation; in Ukraine, he was protected by corrupt officials. Turkish police arrested Maksym the next day. By July 30, he had provided his passwords and given investigators full access to his computer. Still, it wasn't easy to pin down his accomplices. Albert's team used secure communication networks that gave users long numerical IDs, not easier-to-identify nicknames.
"We had this evidence of these strings of numbers being connected to a crime," lead prosecutor Kim Peretti said in a recent interview with BankInfoSecurity.com. "But connecting the numbers to a person was really difficult."
Detectives focused on Maksym's chats with one American — 201679996 — who had sold him millions of stolen credit card numbers. They spent the next few months studying the data with experts at Carnegie Mellon University. By late 2007, they had linked the numbers to a Russian email address with a startling name: firstname.lastname@example.org.
Alarm bells rang across the Secret Service. Was their prize informant playing them? Then investigators found a chat in which 201679996 referred to himself as "segvec" — another nickname Albert had used in his ShadowCrew days. That sealed it.
The Secret Service immediately began investigating Albert. Soon they arrested an Estonian hacker and accessed two Latvian servers where they found more than 40 million unsold credit card numbers linked to the break-ins at U.S. companies.
After Maksym's arrest, Albert probably considered running. But he made no move to erase his links to the Ukrainian hacker. "I would have wiped all my drives clean, shredded all my paper, taken any evidence there was out of my possession," former hacker Mitnick says. "Then all you have is the logs, and they can't conclusively link that to you. I don't get it."
For months, Albert holed up in the National Hotel. He had cash — more than $400,000 on hand and another $1.1 million buried in plastic tubs in his parents' back yard.
On May 7, 2008, eight months after Maksym's arrest, the feds made their move, raiding Chris Scott's and Jonathan James' homes, Jonathan's girlfriend's apartment, and Albert's hotel room, condo, and parents' home.
They arrested Albert and Chris the same day. Damon was soon in custody too. Stephen Watt's role in the crime wasn't determined until August.
Jonathan wasn't arrested during the raids. For almost two weeks, he tried to understand why the FBI had targeted him again. Then, on May 18, a federal indictment against Albert Gonzalez was posted online. Jonathan read it and was shocked: Albert had been working for the feds since 2003.
Jonathan leaped to a quick — and tragically mistaken — conclusion: Albert had offered up Chris Scott to get out of the latest charges, and Chris, inevitably, would give prosecutors an even bigger morsel: Jonathan James, the young hacker they'd already sent to the slammer once before.
Jonathan grabbed a sheet of lined notebook paper and wrote in uneven but unrushed cursive strokes. "Story Time," he penned at the top.
"When I Googled 'cumbajohnny,' what I saw blew my mind. Albert had been working with the feds since 2003. That means that for five years, he had been having people like Chris hack credit cards for him while he made money selling them over the internet and then at the same time has his buyers arrested to please the feds," he wrote. "Talk about entrapment!"
Jonathan continued, "I honestly, honestly had nothing to do with [the TJX break-in]. Unfortunately, I don't picture the feds caring all too much.
"So despite the fact that [Chris] and Albert are the most destructive, dangerous hackers the feds have ever caught, they'll let them off easy because I'm a juicier target."
A few minutes later, Jonathan picked up a handgun and sat on the floor in the corner of his bathroom. He signed the letter: "Remember, it's not whether you win or lose, it's whether I win or lose, and sitting in jail for 20, 10, or even 5 years for a crime I didn't commit is not me winning. I die free."
Jonathan nestled the gun against his head, just over his right ear, aimed upward and to the left, and pulled the trigger.
Albert Gonzalez stood before a judge in a Boston courthouse on March 25. Maria and Alberto Sr. cried audibly in the front row. He wore olive-green prison garb and spoke in an even tone. "I stand before you humbled by these past 22 months," he said. "I'm guilty not only of exploiting computer networks, but of exploiting personal relationships."
It was the last day in a 22-month legal process — one of three criminal cases Albert faced in Massachusetts, New Jersey, and New York for the thefts he orchestrated in "operation get rich or die tryin." He faced 15 to 25 years in federal prison, and he pleaded with the judge for mercy.