Coder Journeys From Wall Street to Prison

[HardOCP News]

And the lesson we can all learn from this story? If you get busted hacking, you are going to jail, you'll end up owing millions in restitution and having a retarded hair-do won’t help you avoid either.

Stephen Watt, 26, wrote a custom packet-sniffing program dubbed “blabla” for Gonzalez, as a favor for his best friend, he says. Gonzalez and other accomplices then used the code to siphon more than 100 million credit- and debit-card numbers from TJX’s corporate network. On Friday, Watt will check into the SeaTac Federal Detention Center in Seattle to begin a 2-year prison term for that code. When he’s released, he’ll have a $171.5 million restitution order waiting for him – to repay financial losses claimed by TJX in the hack attack.

 

[k1pp3r]

He really wouldn't cross me as the hacker type

 

[BloodyIron]

He really wouldn't cross me as the hacker type

This isn't radio, you don't have to have a "face" for hacking.

 

[k1pp3r]

This isn't radio, you don't have to have a "face" for hacking.

True, but he looks like he belongs in a Jay and Silent bob movie, anything but a hacker lol

 

[OCgamer666]

The article didn't give enough information, but if he didn't know exactly what his "friend" was going to do with the software, he shouldn't be convicted of anything. Writing code is not executing code, this would be the same as prosecuting a firearm MFR after somebody uses their firearm to commit a crime. Programmers should be federally protected from this sort of thing just like firearm MFRs.

 

[Monkey God]

The best part, is if you steal cc info, its some kind of major crime. Companies LOSE that stuff all the time due to incompetence, they dont even get a slap on the wrist.

 

[kittmaster]

The best part, is if you steal cc info, its some kind of major crime. Companies LOSE that stuff all the time due to incompetence, they dont even get a slap on the wrist.

Agreed, but I think it has to do with intent, one you intend to take something that isn't yours, while the other is not.

 

[JAdamz]

Cereal Killer is that you?

 

[sunama]

The article didn't give enough information, but if he didn't know exactly what his "friend" was going to do with the software, he shouldn't be convicted of anything. Writing code is not executing code, this would be the same as prosecuting a firearm MFR after somebody uses their firearm to commit a crime. Programmers should be federally protected from this sort of thing just like firearm MFRs.

100% agree.

I think any programmer should now be weary of writing any code that could be used to commit a crime, as a precedent has now been set.

You could innocently write a small piece of code, which later might get used in some crime and you end up in prison for someone else's criminal exploits.

Hopefully, he will appeal his sentence and get off, otherwise this will be a very dangerous precedent.

 

[radioactivez0r]

If they had a transcript of a conversation such as:

"Hey, write me this code I need to steal card numbers"
"OK"

then it'd be pretty legit. Punishing someone for writing something that in itself doesn't do that and having it get used for criminal means seems like an odd way to go. Isn't this usually where the government swoops in and gives him a job as a security analyst?

 

[velusip]

Programmers should be federally protected from this sort of thing just like firearm MFRs.

This article is so bogus, I can't help but think it's a huge joke/troll. District Judge Nancy Gertner felt the enormity of the TJX intrusion, which she called “mightily, mightily malicious and irresponsible,” demanded jail time.

What detail in court prompted a judge to make such a laughable comment? I could understand some level of exasperation with these stupid kids, but more formally; the author of a proprietary packet sniffing program shouldn't be held responsible for another's use of said software. A $171.5 million restitution order? Seriously? He wrote a program. Regardless to what specifications it was requested under, the use of the program instantiates damages and then may result in restitution by court order. This bill would go to those involved in the crime, not the tool crafter. M'irite?

 

[Machine-code]

Actually, he received 6 months for writing the program and 18 months for the hair.

 

[teenk]

From the article:

"...Gertner said during one hearing, that “you cannot be a cog in this wheel knowing that someone else is stealing … even if you didn’t get a dime for it.”

He knew what it was going to be used for. Just because he didn't make anything out of it doesn't mean he isn't complicit to the crime.

The article didn't give enough information, but if he didn't know exactly what his "friend" was going to do with the software, he shouldn't be convicted of anything. Writing code is not executing code, this would be the same as prosecuting a firearm MFR after somebody uses their firearm to commit a crime. Programmers should be federally protected from this sort of thing just like firearm MFRs.

100% agree.

I think any programmer should now be weary of writing any code that could be used to commit a crime, as a precedent has now been set.

You could innocently write a small piece of code, which later might get used in some crime and you end up in prison for someone else's criminal exploits.

Hopefully, he will appeal his sentence and get off, otherwise this will be a very dangerous precedent.

This article is so bogus, I can't help but think it's a huge joke/troll. District Judge Nancy Gertner felt the enormity of the TJX intrusion, which she called “mightily, mightily malicious and irresponsible,” demanded jail time.

What detail in court prompted a judge to make such a laughable comment? I could understand some level of exasperation with these stupid kids, but more formally; the author of a proprietary packet sniffing program shouldn't be held responsible for another's use of said software. A $171.5 million restitution order? Seriously? He wrote a program. Regardless to what specifications it was requested under, the use of the program instantiates damages and then may result in restitution by court order. This bill would go to those involved in the crime, not the tool crafter. M'irite?

 

[sunama]

He knew what it was going to be used for. Just because he didn't make anything out of it doesn't mean he isn't complicit to the crime.

In the article, the programmer in question, states that he did not know what the program was going to be used for. The mastermind who was using the program to get card details, wanted it this way - he didnt want any of the programmers to know exactly what the program would be used for. He believed that operating in this way, would protect certain people.

Obviously, the Judge didnt believe him.

 

[teenk]

In the article, the programmer in question, states that he did not know what the program was going to be used for. The mastermind who was using the program to get card details, wanted it this way - he didnt want any of the programmers to know exactly what the program would be used for. He believed that operating in this way, would protect certain people.

Obviously, the Judge didnt believe him.

I don't believe him either. He's known Gonzalez for a long time. He knows he hasn't changed (unlike him). What else was the guy going to use it for? He may have not known how big the whole thing was going to be but no way he didn't know that it was going to be used for a crime.

 

[BB Gun]

Ref - did he or did he not know?

Prosecutors say chat logs recovered from Gonzalez’s computer show Watt had knowledge of what Gonzalez was doing, at least broadly.

“You have got to convince typedeaf to do some work for me,” Gonzalez wrote Watt at one point, referencing the handle of another hacker. “If he was able to hack some euro dumps we can make a fortune. I hacked a place and took ~30k euro dumps and this last week I made ~11k from only selling ~968 dumps.” (Dumps are the underground’s term for credit- or debit-card magstripe data, including account numbers.)

Read More http://www.wired.com/threatlevel/2010/05/watt-reports-to-prison/3/#ixzz0nYSLChlT

"Dude, get typedeaf to write code so I can steal/sell credit numbers. Uhhhh, by the way, wanna write a little code for me, too?"

Shack.

BB

 

[BoogerBomb]

Anf how much of that 172 million dollars does TJX really expect to get out of a convict? He will never bea able to hold more than an entry level minimum wage job anywhere, except maybe crane operator. They almost all seem to be ex-cons.

 

[bacon]

The article didn't give enough information, but if he didn't know exactly what his "friend" was going to do with the software, he shouldn't be convicted of anything. Writing code is not executing code, this would be the same as prosecuting a firearm MFR after somebody uses their firearm to commit a crime. Programmers should be federally protected from this sort of thing just like firearm MFRs.

I tend to agree with the spirit of what you are saying, but once the Feds want you they are gonna get you. They were gonna scoop up everyone involved in something like this.

 

[OCgamer666]

I tend to agree with the spirit of what you are saying, but once the Feds want you they are gonna get you. They were gonna scoop up everyone involved in something like this.

Thais why our legal system is complete bullshit right now, judges and prosecutors have too much power, .

 

[SpaceHonkey]

Should the programmers that wrote any of the other code used by his program be procecuted? I imagine if the CC numbers were in the clear, then something as simple as using tcpdump piped to grep with a regex to find credit card numbers would do it. Anyone that can use google could put that together. It's a one liner kind of thing. So should all the contributers to tcpdump and grep be thrown in jail too?

It's obviously easy to do, and something that application developers, network admins and security specialist had better be doing to look for gross security holes in apps and networks.

Nobody had better tell that judge about nmap or else we're all going in the slammer.

 

[velusip]

He knew what it was going to be used for...

I was arguing that he's being held accountable for an unrelated restitution order for that does not apply to him, not that he should get away with being an accomplice who pleads ignorant.

 

[Monkey God]

Agreed, but I think it has to do with intent, one you intend to take something that isn't yours, while the other is not.

"I intend to not give a shit if all my customers private information is stolen"
Not bad as stealing, but at the very least, gross negligence.

 

[BB Gun]

I was arguing that he's being held accountable for an unrelated restitution order for that does not apply to him, not that he should get away with being an accomplice who pleads ignorant.

Gotcha. Now that, I can agree with.

BB