a computer hacker and computer criminal who is accused of masterminding the combined credit card theft and subsequent reselling of more than 170 million card and ATM numbers from 2005 through 2007—the biggest such fraud in history.
Gonzalez and his accomplices used SQL injection techniques to create malware backdoors on several corporate systems in order to launch packet sniffing (specifically, ARP Spoofing) attacks which allowed him to steal computer data from internal corporate networks.
During his spree he was said to have to thrown himself a $75,000 birthday party and complained about having to count $340,000 by hand after his currency-counting machine broke. Gonzalez stayed at lavish hotels but his formal homes were modest.[1]
Gonzalez had three federal indictments:
May 2008 in New York for the Dave & Busters case (trial schedule September 2009)
May 2008 in Massachusetts for the TJ Maxx case (trial scheduled early 2010)
August 2009 in New Jersey in connection with the Heartland Payment case.
On March 25, 2010, Gonzalez was sentenced to 20 years in federal prison.
Stephen Watt is a computer hacker who went by Jim Jones and then Unix Terrorist (the_ut for short). In the late 1990s and early 2000s, that hacker was part of a band of self-proclaimed black hats that opposed the publication of security vulnerabilities and resisted the hacking scene’s shift from recreational network intrusions to legitimate security research. Under the rubric Project Mayhem, the gang managed to hack into the accounts of a number of prominent “white hat” hackers and publish their private files and e-mails. At the 2002 DefCon hacker conference, Watt took the stage with two friends to personally share some of the hacked e-mails.
He was arrested and convicted of writing customized code to help Gonzalez breach networks, including the “blabla” sniffer, which was stored on a server in Latvia and used to steal tens of millions of credit and debit cards from TJX in 2006 and from Dave & Buster’s in 2007. According to court documents, the Secret Service recovered 27.5 million stolen numbers from a server in Ukraine and 16.3 million numbers from a server in Latvia.
The breach cost TJX $200 million according to its 2009 SEC filing.
“I figured out his name years ago, Stephen Huntley Watt, and then the guy wound up getting indicted on the TJ Maxx thing,” says former hacker Kevin Mitnick.
In a profile in Phrack Magazine in 2007, “Unix Terrorist” reflected on the old days:
“Looking back on my involvement in computers, I am very happy that the peak of my activity occurred right during the turn of the 20th century,” he wrote. “Hacking was no longer as simple as manual labor (wardialing, etc.) but finding vulnerabilities and writing exploits and tools was not exactly as tedious and prohibitively time-consuming as it is currently. To say that I would rather commit seppuku than adapt to the challenges of a changing world by auditing code for SQL injection vulnerabilities and client-side browser exploits is not an exaggeration.”