Stephen Watt, 25, from New York, has been indicted in the United States District Court of Massachusetts for conspiring with and assisting Albert Gonzalez, the leader of the gang of hackers responsible for the biggest identity theft incident ever to be prosecuted in the U.S. Watt is accused of providing Gonzales with the packet sniffing application which was used to steal the details of over 40 million credit and debit cards.

Albert Gonzales was indicted earlier this year along with eleven other individuals from the U.S. and foreign countries for hacking into the networks of major retail stores like T.J. Maxx, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and siphoning the details of financial transactions. After getting into the networks through various techniques, the hackers used a sniffing program called “blabla” in order to intercept the secure communications between the cashing terminals and the credit card processing servers.

The investigation determined that Stephen Watt is responsible for initially providing Gonzales with the sniffer as well as modifying its source code several times in order to meet the hackers' needs. According to the indictment, the sniffing application was hosted on a remote server in Latvia when Watt adjusted it.

The New York coder did “willfully conspire to commit the following offenses against the United States: Unlawful Access to Computers [...]; Access Device Fraud [..]; Wire Fraud [...]; Aggravated Identity Theft [...]; Money Laundering,” reads the indictment. “On diverse dates, Watt modified for Albert Gonzales and provided him a sniffer program used by the conspirators to monitor and capture data traveling across corporate networks,” is explained in the document.

Albert Gonzales, a former Secret Service informant, used complex techniques with the help of his international associates in order to hide the scheme. The banking details were being sold on the underground market to foreign cyber-criminals and all the money gained was delivered through bank accounts set up in Latvia. "So far as we know, this is the single largest and most complex identity theft case ever charged in this country," noted U.S. Attorney General Michael Bernard Mukasey.

Ten other people have been charged in this case so far, with three being from the US, three from Ukraine, two from China, another one being Estonian and one from Belarus. The identity of the eleventh hacker is still unknown, but one of the three U.S. citizens, Damon Patrick Toey from Miami, has already pleaded guilty and accepted a deal for a recommendation of reduced sentence in exchange of assisting the investigation.