Last week, Albert Gonzalez was sentenced to 20 years in prison for his part in the hacking of more than 90 million credit and debit card numbers from TJ Maxx and other retailers. What makes this sentence unique is that it fits the severity of the crime. Gonzalez and his conspirators went after financial data with the intent to use it fraudulently. His knowledge of enterprise network weaknesses and how to exploit them made him no different from a common bank robber who plans a heist. Unlike the common bank robber, however, Gonzalez had technology that shielded his involvement and made him anonymous – allowing him to rob remotely.
We can expect these types of attacks to continue, given the potential reward. With many of the perpetrators geographically dispersed, nations need to have a no-tolerance policy toward this type of attack and be ready to do whatever it takes to bring the parties involved to justice. In the case of Gonzalez, the sentence is a good first step and should prove a deterrent.