The Agency Insider with Linda McGlasson

Don't Make Gonzalez Another Famous Ex-Hacker

Don't Make Gonzalez Another Famous Ex-Hacker

Whatever the outcome of the sentencing that Gonzalez faces on Thursday and Friday - I'm hoping for a long prison term. A long sentence will be the first step to pay back the millions of dollars to the millions of people and thousands of businesses he has affected through his crimes. What I'm hoping for as the final chapter for this hacker is that no one steps up and makes this person famous for his criminal exploits.

His sentencing will be covered extensively in the information security and IT press, but will it set a precedent not just in the amount of time he'll have to serve, but also the way that the IT community looks upon him and his kind?

What I'm hoping for is that no one steps up and makes this person famous for his criminal exploits. 

Another ex-hacker, Kevin Mitnick, is now looked upon as a rock star figure, enjoying speaking engagements, sitting on security panels with others at major conferences. Frank Abagnale, the first social engineer that drove the feds crazy with his check fraud and deceptions, has since become part of the solution, cooperating with the FBI, training the staff to detect a fake check and track paper hangers.

Yes, both of these criminals gained some fame and a little fortune from their crimes. But Mitnick nor Abagnale didn't inflict the kind of damage that Gonzalez and his cohorts did. In this case, the glorification of the bad guy, making him into a celebrity isn't in the industry's best interest. Why? By making him famous after he gets out, we're sending the message that hacking, even if caught, makes one famous, and, possibly rich, either by speaking engagements, consulting or writing a book.

Gonzalez isn't like Abagnale, an engaging rogue, or Mitnick, who is touted as a younger version of the character Abagnale was in "Catch Me If You Can." There isn't anything lovable about Gonzalez at all, despite what his family and friends are trying to do in the courts, pleading with the judge that he's got addictions to drugs and alcohol and suffers mental problems, including Asperger's Disorder.

No, I'm not buying the excuses that his family and friends are putting forward. Not only did he make his life a criminal enterprise, but then when he got caught by the Secret Service, he didn't repent. When he gained their trust and became an informant, he kept going and was the ringleader of the biggest breaches on record: TJX, Hannaford and especially the Heartland Payment Systems hack. Look into the dark, sullen eyes of his arrest photo, and you're looking into the soul of a calculating hacker who inflicted harm with great malice and a well-thought out plan. There is no chance of him being reformed. He had his chance when he was an informant, and his track record of breaches shows his lack of remorse.

Let's not have him be greeted with a made-for-TV movie script, a book offer and speaking engagements when he gets out. We can hope the judge gives him 25 years to life. Should he get paroled after a period of time, here's hoping that he finds no one greeting him with any offers that allows him to become a celebrity because of his criminal history, and that he will be hounded to pay court-ordered restitution from whatever sorry job he manages to get for the remainder of his life.

Let's not make him famous for fraud.



About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.