MIAMI BEACH — Nestled near a row of sultry, silvery-green palm trees and a 205-foot-long infinity pool, Room 1508 at the National Hotel on South Beach is a portrait of art deco luxury.
It is also where, on May 7, 2008, federal agents seized two computers, $22,000 in cash and a Glock 9 gun from a man known on the Internet as "soupnazi."
His name is Albert Gonzalez, and he has been charged with hacking into business computer networks and stealing credit and debit card accounts — and in an embarrassing twist, he had once been an informant for the U.S. Secret Service.
This week, Gonzalez, 28, was indicted in New Jersey on more federal charges. Now the biggest credit card hacks of the decade — totaling 170 million accounts — have been pinned on Gonzalez.
People who know Gonzalez say he is a nerdy, shy man who got mixed up in a shadowy world.
His father, Alberto, came to the United States from Cuba on a handmade raft in the 1970s, said Gonzalez's attorney, Rene Palomino Jr. He married and put down roots in a modest, tan stucco home bought for $54,000 in a working-class enclave southwest of Miami's downtown.
"As a little kid, he was nice, we used to play hide-and-go seek," said neighbor Vanessa Pedrianes, 25. "When he got older, he was a little bit nerdier than the other kids. He was really smart."
Gonzalez's parents bought him a computer when he was 8, said Palomino, who was in charge of the youth group at the Lutheran church where Gonzalez was an altar boy. When the computer got a virus, Palomino said, he set out to learn everything about his machine.
"The kid is a self-taught genius," Palomino said. "Albert never had a normal childhood. He had no friends. His best friend was his computer. He would spend hours on the computer."
Gonzalez's talent got him in trouble in 1998, when the FBI and police descended on his high school to investigate whether he had used the computers in the library to hack into Indian government servers and left offensive messages. It's unclear how the matter was resolved.
He didn't go to college. In 1999, he was charged with marijuana possession, though the matter was dismissed, and his computer savvy allowed him to get a job at a New Jersey firm, Palomino said. He didn't elaborate on what the position was.
In 2003, Gonzalez was arrested for hacking but not charged because authorities said he became an informant, helping hunt other hackers.
Yet over the next five years, authorities said, Gonzalez continued to hack into the computer systems of Fortune 500 companies even while providing assistance to the government. A judge allowed him to move from New Jersey back to Florida in 2004, and court documents alleged that Gonzalez hacked into the national restaurant chain Dave & Buster's.
He lived lavishly from selling the data he stole, court records show. Gonzalez threw a $75,000 birthday party for himself and complained that he had to count $340,000 in $20 bills by hand because his money counter broke.
Around 2005, federal agents said, Gonzalez devised a sophisticated attack to penetrate computer networks, steal credit and debit card data, and send that information to computer servers in California, Illinois, Latvia, the Netherlands and Ukraine.
The Justice Department said Gonzalez and others used that attack to mine companies' computers for approximately 40 million credit card numbers. At the time, that was believed to be the biggest such theft ever, and punctured the electronic defenses of such retailers as T.J. Maxx, Barnes & Noble, Sports Authority and OfficeMax.
Prosecutors allege Gonzalez was the ringleader of those hackers.
One of their techniques apparently involved "wardriving," cruising through different areas with a laptop computer and looking for retailers' accessible wireless Internet signals. Once they located a vulnerable network, the hackers installed "sniffer programs" that captured credit and debit card numbers as they moved through a retailer's processing computers — then tried to sell the data.
In the latest indictment, authorities say Gonzalez and two Russian conspirators used a different technique to hack into corporate networks and secretly place "malware," or malicious software, that would allow them back-door access to the networks to steal data later.
James Lewis, a senior fellow at the Center for Strategic and International Studies, points out that if Gonzalez's co-defendants are in or near Russia, where capturing or extraditing them is difficult, he is the only one of them likely to face trial.
"It's relatively common in these crimes for the masterminds to live overseas and have a partner in the United States," said Lewis. "At the end of the day, Gonzalez was the bagman."