. . . an additional 30 years and $1 million fine on the wire-fraud count, or twice the amount they gained from the offense, whichever is greater.

According to the New Jersey indictment, Gonzalez, 28, and an uncharged conspirator identified only as “P.T.,” allegedly found their targets on a list of Fortune 500 companies and then did reconnaissance to determine the payment-processing systems they used and uncover vulnerabilities. The hackers used computers they leased or controlled in California, Illinois and New Jersey as well as in Latvia, Ukraine and the Netherlands to store malware, launch their attacks against the networks, and receive the stolen numbers.

Using a SQL-injection attack, ...

. . . an additional 30 years and $1 million fine on the wire-fraud count, or twice the amount they gained from the offense, whichever is greater.

According to the New Jersey indictment, Gonzalez, 28, and an uncharged conspirator identified only as “P.T.,” allegedly found their targets on a list of Fortune 500 companies and then did reconnaissance to determine the payment-processing systems they used and uncover vulnerabilities. The hackers used computers they leased or controlled in California, Illinois and New Jersey as well as in Latvia, Ukraine and the Netherlands to store malware, launch their attacks against the networks, and receive the stolen numbers.

Using a SQL-injection attack, the hackers allegedly broke into the 7-Eleven network in August 2007, resulting in the theft of an undetermined amount of card data. They allegedly used the same kind of attack to infiltrate Hannaford Brothers in November 2007, which resulted in 4.2 million stolen debit and credit card numbers; and into Heartland on Dec. 26, 2007. Of the two unnamed national retailers mentioned in the affidavit, one was breached on Oct. 23, 2007, and the other sometime around January 2008.

Gonzalez was a Secret Service informant who once went by the nickname “Cumbajohnny.” He was a top administrator on a carding site called Shadowcrew when he was arrested in 2003. Authorities discovered his connection to Shadowcrew and soon put him to work undercover on the site, setting up a VPN for the carders to communicate, which was controlled out of the Secret Service’s New Jersey office.

That undercover operation, known as “Operation Firewall,” led to the arrest of 28 members of the site in October 2004. After the site went down, Gonzalez changed his nick to “Segvec” and moved to Miami where he allegedly resumed his life of crime under the nose of authorities who were in pursuit of “Segvec,” while being ignorant of the fact that he was their old informant.

Gonzalez called his credit card theft ring “Operation Get Rich or Die Tryin.” As Wired.com previously reported, he spent $75,000 on a birthday party for himself and once complained to associates that he had to manually count $340,000 in stolen $20 bills after his counting machine broke.

Stephen Watt, a 25-year-old progra...

That undercover operation, known as “Operation Firewall,” led to the arrest of 28 members of the site in October 2004. After the site went down, Gonzalez changed his nick to “Segvec” and moved to Miami where he allegedly resumed his life of crime under the nose of authorities who were in pursuit of “Segvec,” while being ignorant of the fact that he was their old informant.

Gonzalez called his credit card theft ring “Operation Get Rich or Die Tryin.” As Wired.com previously reported, he spent $75,000 on a birthday party for himself and once complained to associates that he had to manually count $340,000 in stolen $20 bills after his counting machine broke.

Stephen Watt, a 25-year-old programmer who was working for Morgan Stanley, created a sniffing program dubbed “blabla” that Gonzalez’s gang used to allegedly siphon credit and debit card numbers from TJX and other companies and is facing sentencing this month. The indictment doesn’t charge Watt with writing the malware used in the Heartland and Hannaford breaches.