IT PROFESSIONALS, DEVELOPERS, IT CONSULTANTS, PROFESIONALES DE CODIGO Y PROGRAMACION
martes, 2 de junio de 2015
Stephen Watt
Former Morgan Stanley Coder Gets 2 Years in Prison for TJX Hack
THE TWO GREAT friends talked every day and shared information about all of their exploits — sexual, narcotic and hacking — according to prosecutors. Now another thing they’ll have to share information about is their experience in federal prison.
While accused TJX hacker kingpin Albert Gonzalez awaits a possible sentence of 17 years or more in prison, one of his best friends and accomplices was sentenced on Tuesday in Boston to two years for his role in what the feds are calling “the largest identity theft in our nation’s history.”
Stephen Watt, a 25-year-old former Morgan Stanley software engineer, pleaded guilty last December to creating a custom sniffing program dubbed “blabla” that Gonzalez and other hackers used to siphon millions of credit and debit card numbers from TJX’s network. The breach cost TJX $200 million, according to its 2009 SEC filing.
Watt’s lawyer had sought a sentence of probation.
But instead the 7-foot-tall coder who once had a bright professional future got two years in federal prison and three years of probation. A spokeswoman for the U.S. attorney’s office in Massachusetts said the judge also ordered Watt to pay restitution to TJX in the amount of $171.5 million.
According to a source familiar with the case, U.S. District Judge Nancy Gertner indicated that her sentence was based in part on the enormity of the harm that was caused to the public by the crime and Watt’s undeniable assistance in causing that harm.
“She believed in the end that a probation sentence would not be sufficient to satisfy the general deterrence to prevent harm to the public,” the source said.
His lawyer, Michael Farkas, declined to comment on the sentencing.
Farkas asserted in his court filings that Watt was a minor and peripheral player in the credit card theft ring that Gonzalez dubbed “Operation Get Rich or Die Tryin” that began in 2005 to breach numerous vulnerable national retailers and card processors.
Watt, who graduated from high school at 16 with a 4.37 grade point average, was driven by intellectual curiosity and friendship, not greed, his lawyer said, and had no idea his program would be put to criminal use.
Prosecutors never alleged that Watt received money for the software he wrote, or directly profited from the hacks. But they brandished more than 300 pages of chats the two friends exchanged that belied Watt’s stated ignorance.
“You have got to convince typedeaf to do some work for me,” Gonzalez wrote Watt in one of them, referencing the handle of another hacker. ”If he was able to hack some euro dumps we can make a fortune. I hacked a place and took ~30k euro dumps and this last week I made ~11k from only selling ~968 dumps.” (Dumps are the carding underground’s term for credit or debit card magstripe data, including account numbers.)
As Gonzalez and his accomplices hacked target after target, he sent Watt links to news stories describing a tidal wave of debit fraud spreading around the world.
Authorities found Watt’s customized code stored on a server Gonzalez leased in Latvia, as well as 16.3 million stolen card numbers. Another 27.5 million stolen numbers were found on a server in Ukraine.
They said Watt was a witness to the ill-gotten gains his code produced. He attended a $75,000 birthday party Gonzalez threw for himself, and discussed launching a nightclub with Gonzalez’s backing. Gonzalez worried that because his money was mostly in cash, it would draw suspicion to the club. He offered to produce a check for $300,000 for Watt to make the transaction appear more legitimate.
Watt and Gonzalez met online when Watt was still in high school and bonded over a shared fascination with computers. While still a teen, Farkas says, Watt worked for Florida software firm Identitech. He was hired by Morgan Stanley in New York 2004 earning $90,000 as a software engineer.
After he moved to New York, he began experimenting with drugs and frequenting clubs. He left Morgan Stanley in 2007 for a higher-paying job at Imagine Software, developing real-time trading programs for financial firms, earning about $130,000.
This is where he was working on Aug. 13, 2008, when authorities swooped in to search the premises. Watt, who is married, was fired and is now banned from working in the securities industry.
Currently unemployed, his lawyer says he’s been living in an apartment his mother paid off while awaiting sentencing.
“Watt will have to start over, and hope that his skills not only will land him on his feet,” Farkas wrote in a court filing earlier this year, “but that they will do so in a field that is at least somewhat as financially promising as the career that he has lost.”
See also
EARLY LAST WEEK, before the suspects were identified in the Boston Marathon bombings, a U.S. probation officer and his supervisor visited the Manhattan apartment of programmer Stephen Watt with a question: Did Watt happen to know anything about the attack?
“He said, ‘We want to ask you about this Boston thing. I think you know what we’re talking about. I’m talking about the attacks,'” Watt recalls. “Then he said, ‘If you know any rumors that you heard about beforehand or even afterwards, please [tell us] through your lawyer.'”
They told Watt they weren’t accusing him of anything, just that he should come forward if he had any information. Watt and his wife were shocked by the random inquiry. But in some ways, it’s part and parcel of Watt’s new life as a hacker ex-con.
Now out of prison after serving his sentence, his former career in shambles, he’s trying to put the pieces of his life back together, while suffering the indignities that linger with newly-released prisoners.
Click to Open Overlay GalleryStephen Watt in a picture taken prior to beginning his two-year prison sentence. Photo courtesy Michael Farkas
He’s barred from working in the securities industry for life and, for the length of his three-year probation, can’t use any computer unless it’s monitored by the government — though he received special dispensation to use a computer at work for his current job as a web developer. Ten percent of his gross salary goes to pay off restitution, and with his earning ability greatly reduced, he has trouble meeting the basic living expenses for him and his wife.
Obtaining work following a felony conviction has naturally proven to be difficult. He got the web job through a friend of a friend.
“Definitely no one wants to hire me. I didn’t have a list of offers to choose from. I tried to contact some recruiters, and they had no interest in taking me on,” he tells Wired.
In the wake of the recent harsh prosecutions of Aaron Swartz and Andrew Auernheimer under the Computer Fraud and Abuse Act, Watt’s experience provides a look at life after a felony hacking conviction and what he calls the “near-impossibility of thriving in a post-conviction life.” It was these post-conviction prospects that friends of Swartz say drove him to commit suicide in January before his trial for downloading academic documents.
No hay comentarios:
Publicar un comentario