Convicted TJX Hacker Regrets Taking 'Easy Way Out' With Plea Deal

Type threatpost
Reporter Dennis Fisher
Modified 2013-04-18T15:13:58


MIAMI BEACH–Stephen Watt was involved in a series of attacks on retailers and restaurants that federal prosecutors called the largest identity theft in U.S. history. He wrote the sniffer used by some of his friends to steal millions of credit card numbers. After federal agents raided his apartment, confiscated all of his computer equipment, he eventually was indicted on a series of charges related to the attacks on TJX, Dave & Buster’s and others and was facing several years in prison. So he took a plea deal, hoping to reduce his prison time and the financial burden on his family. In all of that, what he regrets most is taking the plea.

“I took the easy way out. I could not possibly have been coerced more into taking this plea than I was by the number [of years in prison] I was facing. It was still easier than fighting it out and that’s something I’ll always have bitter regret for, for not fighting it out,” Watt said.

Standing on a raised stage during his talk at the Infiltrate conference here Friday, the tall, muscular Watt presented an imposing figure. But over the course of 90 minutes, he painted himself as something of a victim in the story, railing against the prosecutors and judges who he says didn’t understand the technical details of the case and were simply interested in making examples of him and his co-defendants. Watt doesn’t deny writing the sniffer that his close friend Albert Gonzalez used in a variety of attacks on TJX, Hannaford and other companies in the latter part of the last decade. What he disputes is the notion that he modified the tool specifically for various targets or that he even knew what Gonzalez was going to do with the sniffer.

“I knew that the prosecution couldn’t possibly prove that I knew the intent or location of the use of the sniffer, because I didn’t know that,” Watt said. “I did modify it, but that was just a recompile. I wrote the sniffer on my own box, tested it there with no idea what it would be used for. I was shocked when I found out what had happened.”

Watt, who had been involved in the underground hacking scene in the late 1990s and early 2000s, was working at a software firm in New York in August 2008. He was coming home from the gym one evening and as he stepped out of the elevator in his apartment building he was greeted by a group of federal agents. One of them knocked him to the ground with a battering ram, he says, and then he was cuffed and watched as the agents executed a search warrant and walked out six hours later with all of his computers, removable media, tax documents and even some bits of paper left in his shredder.

Several months later, Watt was indicted on several charges related to the attacks and served two years in federal prison in Washington state. He’s now on probation and is prohibited from using any computing devices, including smartphones. He says that the prosecutor involved in his case had little understanding of technology and that the software he wrote for Gonzalez was a simple program and was not tailored for specific targets, as the prosecution alleged. The prosecutors used hundreds of pages of logs of chats between Watt and Gonzalez to prove otherwise. Facing a long stretch in prison, Watt took the plea deal.

“Ultimately I decided that my black hat past and my association with the co-defendants was hust too much. I had a responsibility to end this and not be a financial burden to my family,” he said.

While admitting his involvement in the scheme, Watt said that he never profited from the attacks, unlike Gonzalez, a fact that the prosecutors acknowledged and used to show that he was a sociopath only interested in thrills. Watt, who was prosecuted by Stephen Heymann, the same man who ran the prosecution of Aaron Swartz, said that at the time of the attacks he had been out of the hacking scene for several years and was no longer interested in it.

“I was doing everything but using my computer, which I was totally sick of,” he said.

He used the computer long enough to write the sniffer, which he said was a raw TCP sniffer with the capability to log all of the critical data coming in over a specific range of ports, then encrypt that data when the log got large enough and ship it off to a remote server. He handed the sniffer off to Gonzalez, who had been his friend since the late 1990s, and said he didn’t concern himself with what Gonzalez did with the tool.

“I don’t ask questions about things I have no need to know about,” he said, “and he would never share that information.”

As it turned out, Gonzalez was sharing that information with someone: the U.S. Secret Service. Gonzalez was working as a paid informant for the Secret Service and later tried to have his plea bargain overturned because he claimed that he was working at the direction of federal agents while the attacks were ongoing.

While still angry about what he sees as an overzealous prosecution, Watt said that he looks at the $171.5 million in restitution he’s been ordered to pay as a symbol.

“I look at it as a badge of honor because it’s so high and so oppressive that I’ll never be able to pay it back anyway,” he said.