Albert “Cumbajohnny” Gonzales was originally arrested in 2003, several years before his break-in at TJX. More information is told about Albert Gonzales AKA “Cumbajohnny” or “CJ” from perspective of another FBI mole named David Thomas in a January 2007 Wired.com blog. Through Cumbajohnny, the Secret Service infiltrated a criminal carding site called “Shadowcrew” in a sting operation called “Operation Firewall.”

Carding sites are web sites where criminals gather to learn new hacking techniques, trade in stolen goods, and collaborate on scams. Administrators are at the top of the hierarchy of a card site. They handle operations, direct carders to the best deals, mete out discipline to cheaters, and ban the unwanted from the site.

In 2003, the FBI had arrested Cumbajohnny, a top administrator of the Shadowcrew carding site. Once law enforcement figured out just who it was they had, they quickly decided to release him to the Secret Service to gather evidence. CJ agreed to help law enforcement set up a VPN, and in February 2004, according to Thomas, began inviting Shadowcrew members to join. The criminals thought they were communicating in private, but in reality the VPN was under surveillance of a Secret Service office in New Jersey. Thomas said about this time CJ also began selling carders on the site $150 AT&T calling cards, which permitted them to make thousands of dollars in free calls. Thomas thinks these cards were used to allow the Secret Service to trace the criminals’ calls.

In March 2004, Dmitry Golubov, a Ukrainian who started and headed CardPlanet, a large Russian carding site, disappeared from CarderPlanet, and CJ assumed a role on that board, too.

From newly released information, we now know that sometime in the fall of 2004, Albert Gonzalez AKA Cumbajohnny warned his friend, Toey that he was cooperating with an undercover criminal investigation for the Secret Service. Gonzales wanted to make sure that Toey would not be identified in the Secret Service investigation. At the time, Toey was helping Gonzalez sell card information stolen from merchants such as OfficeMax and BJ’s Wholesale Club, splitting the proceeds with Gonzales.
On October 26, 2004, at 9 pm EST, in a coordinated major bust, more than a dozen Shadowcrew members in several states were arrested at the same time, during a mandatory online discussion. Cumbajohnny was the only major Shadowcrew administrator who was not indicted.

Operation Firewall has resulted in the arrest of 38 carders globally. Authorities say the suspects trafficked in more than 1.5 million stolen credit card numbers, resulting in losses estimated to be at least $4 million.

However, these numbers pale beside the numbers Cumbajohnny went on to abscond: 40 million stolen cards and untold losses. Eleven people, of whom Albert Cumbajohnny Gonzales is the ringleader, were arrested August 5, 2008 in what is most probably the largest hacking case the Justice Dept. has ever prosecuted.