'Iceman' Hacker Indicted For Running Identity Theft Scheme

A San Francisco man faces 40 years in prison and a fine of $1,500,000 for allegedly hacking into financial institutions to steal credit card information.

Sharon Gaudin, Contributor

September 11, 2007

3 Min Read

A California man was indicted by a grand jury Tuesday for allegedly running an online identity theft scheme that nabbed "tens of thousands" of credit card numbers.

Max Ray Butler, 35, of San Francisco, was arrested in San Francisco on Sept. 5 on a criminal complaint filed in Pittsburgh. Tuesday's indictment leveled wire fraud and identity theft charges at him that carry a maximum of 40 years in prison and a fine of $1,500,000.

Butler, who also is allegedly known as names such as Iceman, Digits, Darkest, and Aphex, has been involved in what the government claims is a "large-scale criminal enterprise" focused on hacking into computer networks to steal and use or resell credit card and other personal information. In a 16-month investigation run by the U.S. Secret Service, investigators allegedly tied Butler to the Cardersmarket Web site, which he allegedly ran to help cohorts steal information and turn it into usable credit cards, according to the affidavit.

One co-conspirator told investigators he had received "tens of thousands" of illegally obtained credit card numbers from Butler, and regularly 1,000 or more numbers a month, according to the affidavit.

In May of 2001, Butler was convicted in federal court for intentionally accessing a protected government computer within the Department of Defense. In that case, he admitted to developing a program for the DoD that surreptitiously contained a backdoor that he used to gain access to the government network. He served a sentence at the Taft Federal Correctional Institute for that crime.

In this case, investigators reported that they recorded Butler communicating with two confidential informants who were members of Cardersmarket. They generally used private online chat rooms or communicated over AOL's Instant Messaging program.

According to the affidavit, Butler allegedly told one co-conspirator to buy 23 credit card accounts for $480. The information included account numbers, expiration dates, types of card, and issuing banks. The payment was made using an eGold account.

Once the conspirators had the credit card information, they allegedly either sold it or used it to manufacture fraudulent cards that they then used to make in-store purchases. Investigators said the products were then sold on one of their eBay accounts.

Two men reportedly said in an interview with the FBI that they saw Butler attack computer networks through a wireless Internet access point, stealing credit card numbers and personal identification information. The two allegedly worked with Butler, renting hotel rooms for four days at a time to use a high-powered antenna, which was used to intercept wireless communications.

One man told the FBI that they had hacked into Citibank, the Pentagon Federal Credit Union, and a government employee's computer.

The affidavit also states that members of Butler's group went so far as to rent apartments for him and help him obtain fake identities. In return, Butler reportedly had notorious computer hacker Kevin Mitnick sign a book as a gift for one of his cohorts.

About the Author(s)

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights