If TJX hacker Albert Gonzalez had gone to trial instead of pleading out, one man would have been the primary witness against him -- accomplice Damon Patrick Toey.
Toey, identified often in court documents simply as "PT," provided information that investigators say likely helped persuade Gonzalez to plead guilty last year to multiple crimes, which prosecutors are calling the most serious and largest identity-theft crimes ever prosecuted.
Toey, 25, will on Thursday become the last of six U.S. defendants sentenced for the crimes. The others include Gonzalez, Christopher Scott, Humza Zaman, Jeremy Jethro and Stephen Watt. Other, unidentified Eastern European hacking accomplices are presumed to be still at large.
Gonzalez received three concurrent sentences last month, amounting to 20 years in prison for his role in the hacks of TJX, Hannaford Brothers, Heartland Payment Systems and others, which resulted in the theft of more than 200 million credit- and debit-card numbers. After his arrest, Gonzalez led investigators to a stash of more than $1 million in cash buried in a barrel in his parents' backyard.
Toey, who prosecutors say earned only about $80,000 for his role in the crimes, faces a maximum sentence of 22 years. Prosecutors are taking into consideration his extensive cooperation with authorities, and are seeking only 6 years in prison and a $100,000 fine, with no restitution. His defense attorney is asking for 30 to 36 months and a maximum fine of $50,000.
His defense attorney's sentencing memo provides a look at the unstable and peripatetic life that led the at-times homeless teen to a career in crime with his friend.
Toey was raised by a single mother, who later married and had two more children, according to his attorney. He was little-supervised, and at age 11 began experimenting with marijuana and spending extended periods of time on the computer. At 15 he dropped out of school. After his mother's divorce shortly thereafter, he and his family went through a string of evictions, and ended up staying with family friends for a while, where his mother spent much of her time partying, drinking and smoking pot.
It was during this disruptive period that Toey met Gonzalez, according to accomplice Stephen Watt. Gonzalez and Toey met online around 1999 on an IRC channel for script kiddies called #feed-the-goats. The chat room was also home to the motley "Global Hell" hacking group who staged defacements of government and corporate web sites.
In 2003, at the age of 18, Toey conducted his first cash-out operation for Gonzalez, who by then had become an administrator at a website for carding thieves called Shadowcrew. According to Toey's attorney, he and his family were living in a residential hotel at the time and needed money for rent.
Toey, with his mother's blessing, took a bus to New York City and withdrew the money from ATMs using stolen bank card data. Court records don’t indicate how much he stole, but his share of the money was sufficient to support his family's move to an apartment.
Toey continued to work as a vendor and mule for Gonzalez through 2006, selling stolen bank-card numbers to others, and withdrawing cash on stolen accounts from ATMs. Although he did not participate in the hack of TJX, Dave & Buster's restaurant chain and a string of other businesses during this period, he earned proceeds from the sale and use of the stolen data.
His participation in breaching companies began in 2007, prosecutors say, when the primary hacking mode for Gonzalez's gang changed from attacking unsecured wireless networks to attacking vulnerable web sites with SQL injection attacks.
Toey moved to Florida in the fall of 2007, at Gonzalez's invitation, to live rent-free in Gonzalez's Miami condo.
He spent his days conducting reconnaissance on corporate networks, and uncovered vulnerable gateways at clothing retailer Forever 21 and other companies.
Toey passed information about the targets to Gonzalez, who further explored the networks for financial data, or provided the targeting data to Russian accomplices who burrowed into the networks.
The hack into Heartland Payment Systems, for example, which resulted in the loss of data on more than 100 million credit- and debit-card accounts, was actually conducted by two Russian hackers, identified in court documents only as "Grigg" and "Annex."
Toey, whom prosecutors call a "trusted subordinate" of Gonzalez, also set up and maintained two servers for Gonzalez in Latvia and Ukraine, which were used to launch the hacks against corporate networks, and to store malware and stolen card data.
Toey's attorney says that while living in Gonzalez's condo, his client "began to realize it was only a matter of time before he and his cohorts were caught." He wanted to end his life of crime and get a legitimate job, but didn't know how to go about this, given his lack of education and work history.
His attorney says he was relieved when the condo was raided in May 2008 and he was arrested.
"It was a load off my shoulders," his attorney quotes him saying. "I had been tired of doing this stuff for Albert for a while before I got arrested."
He began cooperating immediately with authorities, even before retaining a defense attorney and getting legal advice.
He led investigators to the two servers in Eastern Europe and provided them with the encryption keys to access evidence on them. Authorities found 16.3 million stolen card numbers on the Latvian server and another 27.5 million stolen numbers on the server in Ukraine.
According to prosecutors, they would not have been able to establish Gonzalez's conspiracy with hackers Grigg and Annex without Toey's help, which included testifying to the grand jury that indicted Gonzalez.
His testimony, along with the electronic evidence he helped authorities uncover, "likely weighed heavily in the decision of Albert Gonzalez and at least one of his co-conspirators to plead guilty to the offenses," prosecutors wrote in their sentencing memo.
See Also:
- TJX Hacker Gets 20 Years in Prison
- Secret Service Paid TJX Hacker $75000 a Year
- Former Morgan Stanley Coder Gets 2 Years in Prison for TJX Hack
- Gonzalez Accomplice Gets Probation for Selling Browser Exploit
- Document Reveals TJX Hacker's Assistance to Prosecutors
- Former Teen Hacker’s Suicide Linked to TJX Probe
