'Iceman' pleads guilty to massive computer hacking
Max Ray Butler, a former security analyst turned hacker, yesterday pleaded guilty in federal court in Pittsburgh to breaking into numerous financial institutions and card-processing networks and stealing credit card and identity data on hundreds of thousands of individuals.
The guilty plea came after Butler had requested nearly a dozen extensions for time to file pre-trial motions after his arrest in September 2007 on three counts of wire fraud and two counts of transferring stolen identity information. The charges carry a maximum of 40 years in prison and a $1.5 million fine. It's possible that Butler will receive a substantially lighter sentence by agreeing to plead guilty.
Butler, 37, was arrested in San Francisco, but the case is being heard in Pittsburgh because one of his accomplices who is cooperating with authorities in the case is based in Pennsylvania.
Butler has already served an 18-month prison term after he was convicted in May 2001 on charges of breaking into and accessing U.S. Department of Defense computers. He was also part of a group of four individuals that was investigated by the FBI and the U.S. Secret Service in January 2004 for compromising software code in the Half Life video game.
Court documents filed in connection with Butler's most recent arrest describe what appears to have been an elaborate scheme and an equally painstaking 16-month effort to nab him. The thefts and break-ins to which Butler pleaded guilty took place between June 2005 and September 2007. During that time, Butler, who used the online nicknames "Iceman," "Digits," "Darkest" and "Aphex," broke into the networks of numerous institutions, including Citibank and the Pentagon Federal Credit Union, and stole data on hundreds of thousands of credit cards.
Butler then sold the data to several of his accomplices via a Web site called Cardersmarket that he set up in 2005 along with another individual named Christopher Aragon. According to the court documents, Aragon would manufacture or re-encode credit cards with the stolen card information provided by Butler. Aragon and his "crew" would use the cards to fraudulently purchase thousands of dollars worth of merchandise at retailers such as Wal-Mart and Dillard's. The merchandise would then be resold by others, including Aragon's wife, through venues such as eBay. Butler would receive a cut from the proceeds of such sales typically through pre-paid Green Dot credit cards.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
max ray butler
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
