Convicted TJX hacker Albert Gonzalez was sentenced to 20 years in prison today for leading a gang of cyberthieves who stole more than 90 million credit and debit card numbers from TJX and other retailers. The sentence for the largest computer-crime case ever prosecuted is the lengthiest ever imposed in the U.S. for hacking or identity-theft.
I had some thoughts around the sentence:
- It’s an acknowledgment that the government isn’t seeing this as an isolated/ individual action; the government recognizes a true crime organization issue on par with any other type of organized crime without the guns and violence… yet.
- Given some of the emerging detail around the Google/ China incident and the rise in cyber terrorism, raising the bar with sentences like this may detract some future “hackers”.
- Many of the cyber gangs don’t do it for the money; this wasn’t the case with Gonzalez. The idea of taking 15 million dollars to buy a yacht is seen as no different than if he had robbed a bank at gunpoint. What hasn’t been solved is how do you catch, prosecute and make an example of the cyber gangs that aren’t in it for the money?
- Gonzalez was given an opportunity to provide valuable information on other people, organizations and methods being used for cybercrime. He choose to be a double agent. This probably did not sit well with the judge.
What’s your take? Too long a sentence? Not long enough? Will this deter future hackers? I’d love to hear from you.