By Jason Cato, TRIBUNE-REVIEW
June 30, 2009
http://www.pittsburghlive.com/x/pittsburghtrib/s_631630.html
A mild-mannered computer geek people once believed could do no wrong admitted Monday to stealing nearly 2 million credit card numbers, which he and others used to rack up more than $86 million in fraudulent charges.
Max Ray Vision, 36, of San Francisco pleaded guilty in U.S. District Court, Downtown, to two counts of wire fraud. He faces up to 60 years in prison when sentenced Oct. 20 by Senior U.S. District Judge Maurice Cohill.
"Max is kind of a hacker's hacker," said federal public defender Michael Novara, explaining that his client -- known by the Internet aliases "Iceman," "Aphex," "Darkest" and "Digits" -- hacked into computer systems not only of financial institutions and credit-card processing centers but also those of other hackers, to steal information they stole.
"He would do that for various reasons, but basically because he could," Novara said.
Vision changed his name from Max Ray Butler shortly before the Secret Service arrested him in September 2007 at his Bay Area safehouse. Inside, agents found computer equipment storing approximately five terabytes of encrypted data and 1.8 million stolen credit card accounts.
Visa, Mastercard, American Express and Discover lost about $86.4 million through charges on those accounts, Assistant U.S. Attorney Luke Dembosky said.
"These losses were borne by the thousands of banks that issued the cards in question," Dembosky said.
In the 1990s, Vision owned a consulting company that helped companies identify weaknesses in computer systems through "network intrusion detection."
Federal prosecutors in Northern California charged Vision in 2000 with computer crimes for hacking into Pentagon computer systems. He was sentenced to 18 months in prison. Court proceedings revealed that Vision worked as an FBI informant for years before his arrest.
"He's definitely the most interesting hacker case I've seen in over a decade," said Kevin Poulsen, a senior editor for Wired Magazine who attended yesterday's hearing and is writing a book about Vision. "It's pretty unusual for someone to be a good computer-security professional and a good computer criminal."
In 1994, Poulsen went to prison for hacking into a radio station and setting up a contest-rigging scheme. His 51-month prison sentence at the time was the longest ever for a hacking crime.
"I've been a hacker, I've known hackers, and I've written about hackers for a long time," Poulsen said. "(Vision) is definitely the most interesting story I've ever heard."
From 2005 until 2007, Vision and a partner in Los Angeles, Christopher Aragon, established CardersMarket.com as a way to acquire, sell and use stolen credit card and other identity-related information, a practice known as "carding," Dembosky said. The Web site at its peak had approximately 4,500 members worldwide.
It was one of five English-language sites at the time that facilitated computer crimes, Poulsen said. He said Vision hacked into the other four and took them over.
Two Secret Service informants helped bring down Vision's hacking empire, Dembosky said. One gained access to CardersMarket hierarchy after earning Vision's trust. The other purchased 103 stolen credit card numbers and related information. Under the sealed plea deal, three identity theft charges will be dropped.
Federal charges were filed against Vision in Virginia at the same time he was indicted in Pittsburgh, court records show.
Vision disagreed with some details the prosecutor outlined during yesterday's hearing, but agreed he did most of the actions alleged.
"This is me and what I did, in essence," Vision said.
Before his first arrest, people in the computer-security industry believed Vision was one of the good guys, or a white hat. Dragos Ruiu, owner of DragosTech.com in Edmonton, Canada, was a professional acquaintance of Vision.
"He was a real Dr. Jekyll-Mr. Hyde type," Ruiu said. "He was innocuous, and nobody would have pegged him for an underworld mob king."
This ranks as one of the all-time biggest computer hacking jobs, Ruiu said.
"He was really good at attacks," Ruiu said. "Now we know why."
No comments:
Post a Comment