COCONSPIRATOR IN TJX AND HEARTLAND PAYMENTS SYSTEMS CREDIT CARD THEFTS SENTENCED
BOSTON, Mass. - A Virginia Beach man was sentenced yesterday in federal court for conspiring to electronically break into corporate computer networks, download customers’ credit and debit card information, and fraudulently use and sell that information.
United States Attorney Carmen M. Ortiz and Steven Ricciardi, Special Agent in Charge of the United States Secret Service in New England, announced today that DAMON PATRICK TOEY, 25, was sentenced by U.S. District Judge William G. Young to five years imprisonment to be followed by three years of supervised release, and a $100,000 fine. TOEY pled guilty to conspiracy, unauthorized access to computer systems, access device fraud and aggravated identity theft in September 2008.
At the earlier plea hearing and in earlier court filings, the prosecutor informed the Court that evidence would have proven that in 2004 TOEY was asked by co-conspirator Albert Gonzalez to sell "dumps" (stolen track 2 data) and split the proceeds, for which he agreed. Track 2 data is the data encoded on the magnetic stripes on the backs of credit and debit cards read by ATM machines and credit card readers. From then until 2006, TOEY sold dumps stolen from major corporate retailers’ computer networks by Gonzalez. TOEY typically received payment for the dumps in web-based currencies, such as e-gold and WebMoney. At Gonzalez's direction, he transferred these payments to Gonzalez's numbered web currency accounts. Gonzalez, in turn arranged for a portion of the funds to be converted to American dollars available to TOEY. Some of the money was made available on an ATM card issued by a Latvian bank under an alias, while other sums of money were simply sent to TOEY by Western Union through a third party web currency conversion service.
In the fall of 2007, TOEY moved to Miami at the invitation of Gonzalez and lived rent free in a condominium owned by Gonzalez. While there, TOEY provided Gonzalez with assistance in performing web-based, “SQL injection” attacks on companies in order to gain access to their computers and information from which the two could benefit.
TOEY was successful on a number of occasions in gaining access to computer networks over the Internet. He would typically pass the information along to Gonzalez, who would either continue hacking the networks himself, looking for sensitive financial information, or pass the information along to Russian hackers collaborating with them.
TOEY also set up computer servers for Gonzalez and his co-conspirators. Forty million distinct credit and debit card numbers were contained on two servers utilized by the conspirators to store stolen credit and debit card information as well as malicious software used in the attacks.
On March 25, 2010, Albert Gonzalez was sentenced to 20 years imprisonment to be followed by three years of supervised release for conspiracy, computer fraud wire fraud, access device fraud and aggravated identity theft.
The case was investigated by the United States Secret Service. It was prosecuted by Assistant U.S. Attorney Stephen Heymann of Ortiz’s Computer Crime Unit in collaboration with Kimberly Kiefer Peretti of the Department of Justice’s Computer Crime Section.