But Gonzalez wasn’t worried. He was certain he’d covered all his tracks.

KIM PERETTI KNOWS Gonzalez as well as almost anyone in the government. She has worked with him. She has also prosecuted him — though Peretti does not come across as a federal prosecutor. Younger in appearance than her 40 years, she grew up in Wisconsin and is girlish, even bubbly, in person, apt to express frustration with phrases like “Oh, sugar!” Peretti was hired to the Justice Department’s Computer Crime and Intellectual Property Section shortly after 9/11. Peretti made a point of getting to know the agents in the Secret Service’s Electronic Crimes Task Force because she knew that they were, like her, eager to make a name in going after cybercriminals. She lobbied to be assigned to Operation Firewall, and in 2003 she was.

When I met Peretti at a restaurant near her new office in McLean, Va. — she left the government in May to take a job at PriceWaterhouseCoopers — she was wearing a blue skirt suit and designer glasses. “She’s got the whole Sarah Palin eyewear thing going on,” Gonzalez had written to me in a letter, by way of explaining that it wasn’t at all unpleasant being investigated by her. But their relationship goes back further than that. Much of what Peretti knows about cybercrime she learned from working with Gonzalez.

“Albert was an educator,” she said, describing their experience on Operation Firewall. “We in law enforcement had never encountered anything like” him. “We had to learn the language, we had to learn the characters, their goals, their techniques. Albert taught us all of that.” They worked as well together as any investigative team she has been a part of, she said.

When we met, Peretti brought with her a poster-size screen shot of Shadowcrew’s homepage as it appeared the day after the raids. Secret Service technicians had defaced it with a photograph of a shirtless, tattooed tough slouching in a jail cell. The text said, “Contact your local United States Secret Service field office . . . before we contact you!”

By the time she was 35, thanks to Operation Firewall and Gonzalez, Peretti was the Justice Department’s chief prosecutor of cybercrime in Washington. But in 2005, even as she was litigating the Shadowcrew case, she encountered a new cybercrime wave unlike anything that had come before. “The service keeps calling me, saying, ‘We’ve got another company that contacted us,’ ” she said. “The volume was getting bigger and bigger. There was just an explosion.”

In the days before Christmas 2006, the Justice Department and Stephen Heymann, the assistant U.S. attorney in Massachusetts, received a series of frantic calls from TJX’s attorneys. The company had been contacted by a credit-card company, because a rapidly growing number of cards used at Marshalls and T. J. Maxx stores seemed to have been stolen. TJX had examined its Framingham, Mass., servers, and what it found was catastrophic. According to its own account, for about a year and a half, cards for “somewhere between approximately half to substantially all of the transactions at U.S., Puerto Rican and Canadian stores” were believed stolen. It was the biggest theft of card data in U.S. history, and there wasn’t a lead in sight.

“At that point we had quite literally the entire world as possible suspects,” Heymann told me in May, when we met in his office in the federal court building overlooking Boston Harbor. With his father, Philip, a deputy attorney general in the Clinton administration, Heymann teaches courses on criminal law at Harvard Law School. He had been deputy chief of the Massachusetts U.S. attorney’s criminal division and then set up one of the first computer-crime units in the country, so he was well versed in the comparative challenges. “If you’ve got a murder scene, there’s blood, there’s fingerprints. If you have a hacker going into a company, the critical information can be lost the moment the connection is broken. The size of the networks might be so large and so confusing that they’re very hard to understand and search. The people involved may only be known by screen names. Figuring that out is very different from figuring out who Tony the Squirrel is,” he said. Heymann had never seen anything like the TJX breach
.