'Iceman' pleads guilty to massive computer hacking
Max Ray Butler, a former security analyst turned hacker, yesterday pleaded guilty in federal court in Pittsburgh to breaking into numerous financial institutions and card-processing networks and stealing credit card and identity data on hundreds of thousands of individuals.
The guilty plea came after Butler had requested nearly a dozen extensions for time to file pre-trial motions after his arrest in September 2007 on three counts of wire fraud and two counts of transferring stolen identity information. The charges carry a maximum of 40 years in prison and a $1.5 million fine. It's possible that Butler will receive a substantially lighter sentence by agreeing to plead guilty.
Butler, 37, was arrested in San Francisco, but the case is being heard in Pittsburgh because one of his accomplices who is cooperating with authorities in the case is based in Pennsylvania.
Butler has already served an 18-month prison term after he was convicted in May 2001 on charges of breaking into and accessing U.S. Department of Defense computers. He was also part of a group of four individuals that was investigated by the FBI and the U.S. Secret Service in January 2004 for compromising software code in the Half Life video game.
Court documents filed in connection with Butler's most recent arrest describe what appears to have been an elaborate scheme and an equally painstaking 16-month effort to nab him. The thefts and break-ins to which Butler pleaded guilty took place between June 2005 and September 2007. During that time, Butler, who used the online nicknames "Iceman," "Digits," "Darkest" and "Aphex," broke into the networks of numerous institutions, including Citibank and the Pentagon Federal Credit Union, and stole data on hundreds of thousands of credit cards.
Butler then sold the data to several of his accomplices via a Web site called Cardersmarket that he set up in 2005 along with another individual named Christopher Aragon. According to the court documents, Aragon would manufacture or re-encode credit cards with the stolen card information provided by Butler. Aragon and his "crew" would use the cards to fraudulently purchase thousands of dollars worth of merchandise at retailers such as Wal-Mart and Dillard's. The merchandise would then be resold by others, including Aragon's wife, through venues such as eBay. Butler would receive a cut from the proceeds of such sales typically through pre-paid Green Dot credit cards.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
max ray butler
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
