Jump to content
pyth0n3

Record 13-Year Sentence for Hacker Max Vision

Recommended Posts

Posted

PITTSBURGH — A skilled San Francisco-based computer intruder was sentenced to 13 years in federal prison Friday for stealing nearly two million credit card numbers from banks, businesses and other hackers — receiving the longest hacking sentence in U.S. history.

maxraybutler

Max Ray Vision, 37, was also ordered to pay $27.5 million in restitution, and to serve five years under court supervision following his release, during which time he’ll be allowed to use computers only for legitimate employment or education.

Vision, who changed his name from Max Butler shortly before his arrest, ran an online forum for thousands of identity thieves called CardersMarket, where he sold credit card magstripe data to the underground for about $20 a card. He was caught with 1.8 million stolen credit card numbers belonging to 1,000 different banks, who tallied the fraudulent charges on the cards at $86.4 million.

The hacker faced up to life in prison under federal sentencing guidelines. But prosecutor Luke Dembosky on Friday recommended the significantly-lower 13-year sentence, noting that Vision has provided substantial assistance to the government during his time in pre-trial custody.

“I was quite impressed by the cooperation shown by Mr. Butler,” agreed U.S. District Judge Maurice Cohill Jr.

Dressed in orange jail clothes, the soft-spoken hacker said little at Friday’s hearing, which at times felt more like an awards ceremony than a sentencing, with Vision’s lawyer, prosecutor and judge taking turns praising the hacker for his computer skills, and his apparent remorse over his crimes.

“I have a lot of regrets, but I think my essential failing was that I lost touch with the accountability and responsibility that comes with being a member of society,” Vision wrote in a letter to the judge on Thursday.

“I’ve changed,” Vision added in court Friday.

“He’s a likable person,” said prosecutor Dembosky. “Almost wide-eyed and optimistic in his view of the world.”

In the late 1990s, Vision was a superstar in the computer security community, billing himself out as a $100-an-hour computer security consultant. He gave the FBI information on security and piracy threats, and earned the respect of his peers for creating and curating an open source library of attack signatures used to detect computer intrusions.

But it turned out Vision was staging recreational hacks on the side, and in 2001 he was sent to federal prison for 18 months for launching a scripted attack that closed security holes on thousands on Pentagon systems, and left backdoors and packet-sniffers behind for his own use.

While in prison, Vision met more serious criminals, and after his release one of them introduced him to an Orange County, California entrepreneur and former bank robber named Chris Aragon, who became Vision’s partner.

Aragon, who’s pending trial on related state charges in southern California, used Vision’s stolen credit card data to create near-perfect counterfeit cards, complete with holograms, and recruited a crew of shoppers who used the cards to snap up designer merchandise for resale on eBay. Aragon earned at least $1 million in the business, police say.

Vision also sold the credit card data online under the handles “Generous” and “Digits.” He stole data from restaurant point-of-sale terminals and other targets, including competing hackers.

“From what I know, his actual income from this entire event is probably not even a million dollars,” federal public defender Michael Novara said Friday.

The hacker became a priority to federal law enforcement officials in 2006, when, under the handle “Iceman,” he staged a brazen takeover of the competing online carder forums where hackers and fraudsters buy and sell stolen data, fake IDs and specialized underground services.

He hacked into the forums, wiped out some of their databases, and absorbed their content and membership into his own site, CardersMarket.

On one of the sites he hacked, called DarkMarket, Butler later discovered that an administrator named “Master Splyntr” was logging in from an FBI office in Pittsburgh. Butler partnered with a Canadian hacker to try and expose Master Splyntr as a fed, but his claim was largely dismissed in the underground as inter-forum rivalry. DarkMarket went on to become a full-blown undercover FBI operation, and the FBI and Secret Service began an investigation into “Iceman.”

Using informants and some genuine electronic gumshoe work, the feds identified Iceman as Butler about a year later, and arrested him in September 2007 at a corporate apartment he used as a hacking safe house. When the feds seized his computer, they found five terabytes of encrypted data. Experts at Carnegie Mellon University’s Computer Emergency Response Team eventually cracked Vision’s crypto.

Vision’s plea deal also wraps up a separate federal case in Virginia, in which Vision was charged with staging the first documented “spear phishing” attack against employees of a financial institution, gaining access to the corporate network of Capital One bank.

Vision’s 13 year term is the longest U.S. hacking sentence, though that record will likely be eclipsed next month when confessed TJX hacker Albert Gonzalez faces the first of two sentencing hearings. One of Gonzalez’s plea agreements contemplates a term of 17 to 25 years in prison.

With credit for time served and good behavior, Vision will be released in December, 2018

maxraybutler.jpg

Vision wrote in a letter http://www.wired.com/images_blogs/threatlevel/2010/02/vision_letter.pdf to the judge on Thursday

wired.com

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...