Comments:"Caught in the System, Ex-Hacker Is Stalked by His Past | Threat Level | Wired.com"
URL:http://www.wired.com/threatlevel/2013/04/stephen-watt-stalked-by-past/
Early last week, before the suspects were identified in the Boston Marathon bombings, a U.S. probation officer and his supervisor visited the Manhattan apartment of programmer Stephen Watt with a question: Did Watt happen to know anything about the attack?
“He said, ‘We want to ask you about this Boston thing. I think you know what we’re talking about. I’m talking about the attacks,’” Watt recalls. “Then he said, ‘If you know any rumors that you heard about beforehand or even afterwards, please [tell us] through your lawyer.’”
They told Watt they weren’t accusing him of anything, just that he should come forward if he had any information. Watt and his wife were shocked by the random inquiry. But in some ways, it’s part and parcel of Watt’s new life as a hacker ex-con.
Watt, a striking 7-foot-tall software engineer, once had a bright future coding software for a maker of real-time stock trading systems. Then a small packet-sniffing program he wrote for a friend got him embroiled in a multi-million-dollar bank card heist that netted him a two-year prison sentence and a hefty restitution judgment. Watt went from having a promising career on Wall Street to living in a grim cell in a high-rise prison in Seattle, where blacked-out windows blocked the natural light, and the absence of outdoor exercise facilities meant he didn’t breathe much fresh air for two years.
Now out of prison after serving his sentence, his former career in shambles, he’s trying to put the pieces of his life back together, while suffering the indignities that linger with newly-released prisoners.
He’s barred from working in the securities industry for life and, for the length of his three-year probation, can’t use any computer unless it’s monitored by the government — though he received special dispensation to use a computer at work for his current job as a web developer. Ten percent of his gross salary goes to pay off restitution, and with his earning ability greatly reduced, he has trouble meeting the basic living expenses for him and his wife.
Obtaining work following a felony conviction has naturally proven to be difficult. He got the web job through a friend of a friend.
“Definitely no one wants to hire me. I didn’t have a list of offers to choose from. I tried to contact some recruiters, and they had no interest in taking me on,” he tells Wired.
In the wake of the recent harsh prosecutions of Aaron Swartz and Andrew Auernheimer under the Computer Fraud and Abuse Act, Watt’s experience provides a look at life after a felony hacking conviction and what he calls the “near-impossibility of thriving in a post-conviction life.” It was these post-conviction prospects that friends of Swartz say drove him to commit suicide in January before his trial for downloading academic documents.
Watt pleaded guilty to creating a program dubbed “blabla” that helped his friend Albert Gonzalez and others siphon off millions of credit and debit card numbers in what prosecutors called “the largest identity theft in our nation’s history.”
The heists, which Gonzalez dubbed “Operation Get Rich or Die Tryin,” targeted TJX, Hannaford Brothers, Heartland Payment Systems and others, and resulted in the theft of more than 200 million bank card numbers. Gonzalez received three concurrent sentences amounting to 20 years in prison. His co-conspirators received less: Christopher Scott got 7 years for breaching the wireless access points of several retailers to siphon card data; his take was $400,000. Humza Zaman received 46 months in prison for laundering between $600,000 and $800,000 of the ill-gotten funds. Damon Patrick Toey helped breach networks and sold some of the stolen card data afterward, earning about $80,000, according to prosecutors. He was sentenced to 5 years in prison and fined $100,000.
Jeremy Jethro received 3 years probation and a $10,000 fine for selling an Internet Explorer exploit to Gonzalez for $60,000.
Watt, by contrast, evidently earned no money from the scheme and didn’t participate directly in the breaches or possess stolen card data. His primary overt act was to code the sniffer tool for Gonzalez, for which he received no payment.
But Watt refused to cooperate with authorities to help make their case against Gonzalez — aside from the fact that he was resolved not to snitch, he also maintained that he had no specific knowledge of his friend’s hacking scheme. His defiance may have been what did him in.
Watt, like Swartz, was prosecuted by Assistant U.S. Attorney Stephen Heymann in Boston. Heymann has made a career of wielding the Computer Fraud and Abuse Act to seek harsh sentences under the law; he argued that Watt’s sniffer program was the “key computer hacking program” used in the scheme and sought five years in prison for Watt.
Though U.S. District Judge Nancy Gertner acknowledged that Watt’s role in the “mightily, mightily malicious and irresponsible” scheme was minor, she gave him two years in prison and ordered him to pay restitution in the amount of $171.5 million. Part of that he has to pay in conjunction with Gonzalez and Scott, but $100 million of it is owed by Watt alone — due to the lack of coordination between different judges who meted out the unbalanced restitution rulings.
Gertner said in sentencing Watt to prison that she wanted to send a message to him and others that “you cannot be a cog in this wheel knowing that someone else is stealing … even if you didn’t get a dime for it.”
A probation sentence alone, which Watt’s attorney sought and which defendant Jethro got, would not have been sufficient to deter others, she said.