They finally got one, courtesy of Peretti’s old friends at the Secret Service. For two years, it turned out, an undercover agent in its San Diego office had been buying card dumps from Maksym Yastremskiy, Gonzalez’s fence. The agent traveled to Thailand and Dubai to meet with the Ukrainian, and in Dubai he furtively copied the hard drive in Yastremskiy’s laptop. Technicians at the Secret Service combed through it and discovered, to their joy, that Yastremskiy was a meticulous record keeper. He had saved and catalogued all of his customer lists and instant messages for years. In the logs, they found a chat partner who appeared to be Yastremskiy’s biggest provider of stolen card data. But all they had for the person was an I.M. registration number — no personal information.

In July 2007, Yastremskiy was arrested in a nightclub in Turkey, and the Secret Service turned up a useful lead. The anonymous provider had asked Yastremskiy to arrange a fake passport. One of the provider’s cashers had been arrested, and he wanted to get his man out of the United States. The only problem: he didn’t say where the casher had been arrested.

So agents phoned every police station and district attorney’s office around the country that had made a similar arrest or brought a similar case. After weeks of these calls, their search led them to a prison cell in North Carolina, where Jonathan Williams was being held. He had been arrested with $200,000 in cash — much of which had been intended for Gonzalez — and 80 blank debit cards; the local authorities hadn’t linked him to a larger criminal group, and they couldn’t have known about Gonzalez. The Secret Service agents plugged in a thumb drive in Williams’s possession at the time of his arrest and found a file that contained a photograph of Gonzalez, a credit report on him and the address of Gonzalez’s sister, Maria, in Miami. (He was also arrested with a Glock 9-millimeter pistol and two barrels for the gun, one threaded to fit a silencer.) The file was “a safety precaution, in case [Gonzalez] tried to inform on me,” Williams told me from prison in June. Officials then traced packages Williams had sent to the post-office box in Miami. This led the Secret Service to Jonathan James. They pulled James’s police records and found that in 2005 he was arrested by a Palmetto Bay, Fla., police officer who found him in the parking lot of a retail store in the middle of the night. The officer didn’t know why James and his companion, a man named Christopher Scott, were sitting in a car with laptops and a giant radio antenna, but she suspected they weren’t playing World of Warcraft.

The real eureka moment came when Secret Service technicians finally got the I.M. registration information for whoever was providing Yastremskiy with bank-card data. There was no address or name, but there was an e-mail address: soupnazi@efnet.ru. It was a dead giveaway to anyone who knew Gonzalez. Peretti remembers vividly the afternoon in December 2007 when agents called her and told her to come to their office. They sat her down and showed her the e-mail address. “And they looked at me,” Peretti said. “They’ve got 10 agents looking at me. Three minutes passed by, I was sitting there like a dull person. And then I was like, ‘Oh, my God!’ ”

Gonzalez knew the Secret Service was investigating Yastremskiy, but he continued to move databases through him. When I asked Gonzalez why, he said, “I never thought he would leave Ukraine.” The country has no extradition policy with the U.S. But Yastremskiy did leave. “It wasn’t until he got busted,” Gonzalez told me, that he realized his mistake
.