By the end of 2006, Gonzalez, Scott and James had information linked to more than 40 million cards. It wasn’t a novel caper, but they executed it better than anyone else had. Using similar methods, they hacked into OfficeMax, Barnes & Noble, Target, Sports Authority and Boston Market, and probably many other companies that never detected a breach or notified the authorities. Scott bought a six-foot-tall radio antenna, and he and James rented hotel rooms near stores for the tougher jobs. In many cases, the data were simply there for the taking, unencrypted, unprotected.

“For a long time, probably too long a time, computer security was something that was just dollars and cents off the bottom line — it doesn’t bring in money,” Heymann told me when I asked why war-driving hackers were able to steal data so easily. “At the same time, in these cases, companies were beginning to warehouse vast amounts of information” far more swiftly than they were coming to understand the vulnerabilities of their systems. A result was what he called “a primeval muck that creates a period when dramatic, costly attacks can get at vast amounts of resources.”

At the same time that Gonzalez was stealing all this bank-card data, he was assembling an international syndicate. His favored fence was a Ukrainian, Maksym Yastremskiy, who would sell sets of card numbers to buyers across the Americas, Europe and Asia and split the proceeds with him. Gonzalez hired another EFnet friend, Jonathan Williams, to cash out at A.T.M.’s across the country, and a friend of Watt’s in New York would pick up the shipments of cash in bulk sent by Williams and Yastremskiy. Watt’s friend would then wire the money to Miami or send it to a post-office box there set up by James through a proxy. Gonzalez established dummy companies in Europe, and to collect payment and launder money he opened e-gold and WebMoney accounts, which were not strictly regulated (e-gold has since gone out of business). He also rented servers in Latvia, Ukraine, the Netherlands and elsewhere to store the card data and the software he was using for the breaches. Finally, he joined up with two Eastern European hackers who were onto something visionary. Known to him only by their screen names, Annex and Grig, they were colluding to break into American card-payment processors — the very cash arteries of the retail economy.

“I’ve been asking myself, why did I do it?” Gonzalez told me over the phone from prison recently. “At first I did it for monetary reasons. The service’s salary wasn’t enough, and I needed the money. By then I’d already created the snowball and had to keep doing it. I wanted to quit but couldn’t.” He claims his intentions were partly admirable. He genuinely wanted to help out Patrick Toey, a close friend and hacker who would later do much of the more sophisticated legwork involved in Gonzalez’s hacking into corporate networks. Unlike Gonzalez and Watt, Toey, who is 25, had a rough upbringing. After dropping out of high school, he supported his mother and his younger brother and sister by hacking. Gonzalez invited Toey to live in his condominium in Miami, rent-free. Gonzalez owned it, but he enjoyed living at home with his parents more. He says he loved his mother’s cooking and playing with his nephew, and he could more easily launder money through his parents’ home-equity line of credit that way.

Gonzalez relished the intellectual challenges of cybercrime too. He is not a gifted programmer — according to Watt and Toey, in fact, he can barely write simple code — but by all accounts he can understand systems and fillet them with singular grace. I often got the impression that this was computer crime’s main appeal for Gonzalez.

But he also liked stealing. “Whatever morality I should have been feeling was trumped by the thrill,” he told me. And he liked spending. Partly but not entirely in jest, he took to referring to his scheme as Operation Get Rich or Die Tryin’, after the 50 Cent album and movie. Gonzalez would not discuss with me just how rich he got, but he certainly was seeing profits in the millions of dollars. Little of that found its way to Toey, however, and probably none to Watt. For himself, Gonzalez bought, in addition to the condo, a new BMW 330i. He often stayed in luxury hotel suites in Miami on a whim. He took frequent trips to New York, where he and Watt — who worked by day in the I.T. department of Morgan Stanley and later developed securities-trading software and moonlighted as a nightclub promoter — spent thousands on hotels, restaurants, clubs and drugs. Lots of drugs. “I don’t know when he slept,” Agent Michael says, referring to Gonzalez’s lifestyle during the time they worked together.

It seems clear now that Gonzalez didn’t mind betraying people. What would come to anger the Secret Service most is that he used information from their investigations to enrich himself. “He would be working for the service during the day, and then come home and talk to me, and I’d be selling dumps for him,” Toey told me, referring to databases of stolen card information. Gonzalez sold dumps to hackers who he knew were under investigation, in effect setting them up. In the case of one Miami suspect being investigated by the service, Toey told me: “We basically ripped [him] off and sold him databases that were all dead and expired. They came from a company where a breach was being investigated by the service. He got caught with the database, and it looked like he’d done it.” Toey and Gonzalez then split the profits. (Gonzalez confirmed this account of events.)