Max Ray Butler in Trouble Again
In my first book I wrote the following on p 170:
WHO WROTE PRIVMSG?
The author of Privmsg served one year in prison after pleading guilty in a U.S. District Court to a single count of computer intrusion. In May 1998 he compromised numerous government, military, and academic servers running BIND and installed back doors on those systems. He was caught thanks to skillful use of session data by analysts at the AFCERT and by Vern Paxson from Lawrence Berkeley Labs. See http://www.lbl.gov/Science-Articles/Archive/bro-cyber.html for more information on Paxson’s use of Bro and the “boastful and self-justifying” e-mail the intruder sent to Paxson. For details on the intruder, see Wired’s account at http://www.wired.com/news/culture/0,1284,54838,00.html. Kevin Poulsen’s story at http://www.securityfocus.com/news/203 has more details.
The bottom line is it does not pay to infiltrate government machines -- especially Air Force servers or computers monitored by IDS researchers.
I didn't name Max Ray Butler (aka "Max Vision") as the author of Privmsg, but if you followed the stories you would have figured that out yourself.
I also didn't publicize this August 2002 post by Max to the SecurityFocus Jobs mailing list, subject line bay area security professional, $6.75/hr... Please read below!:
Greetings security employers:
I have an unusual situation that I would like to describe to you, and in doing so I am asking that anyone who can immediately employ me in the San Fransisco Bay Area, please read this email and consider taking advantage of my availablity and temporarily low cost.
I am...
o a seasoned professional with extensive security skills and experience
o a once convicted hacker (DOD, 1998)
o local to the San Fransisco Bay Area, I live in Oakland
o willing to work for mimimum wage (for the next two months)
o eager to work 60 hour weeks; I don't mind nights/weekends/holidays...
My Conviction (why I am desperate)
I am not proud of being convicted of a felony, but it is important that a potential employer know of my status. Apparently if you have FDIC insurance there is a clause stating that you cannot hire a convicted hacker on your projects. It is also because of my status that I am desperate for security-related or even internet-related work.
The truth is, I am living in a federal halfway house transitioning out of prison back into society. I have to find local work to meet their requirements, and they haven't approved any telecommute offers I have had so far. The director of the facility told me that if I don't find a job in the next week or so he will send me back to prison (my sentence actually ends October 12th)...
Sincerely,
Max Vision
That's one of the saddest and most pathetic posts I've ever read.
So where are we now, five years later? Check out Max Vision charged with hacking -- again:
In a five-count indictment unsealed on Tuesday, federal prosecutors allege that Butler ran a scheme to hack into computers at financial institutions and credit-card processing centers, stealing account information and selling the data to others. Butler also ran the online carders' forum, CardersMarket, under the name "Iceman" and "Aphex" as a way to coordinate illegal activities and meet people with similar interests, according to an affidavit penned by the U.S. Secret Service, which spearheaded the investigation...
During the 16-month investigation, the Secret Service maintained two confidential informants, one of which was an administrator on the CardersMarket forum. The informants gave the investigators an eye-opening view of the inner workings of the carders' world, the affidavit stated.
Butler purportedly used at least five different handles -- including "Iceman," "Aphex," and "Digits" -- in an attempt to confuse law enforcement and keep his administrative activities on CardersMarket separate from his outright illegal activities, the affidavit maintains...
A federal grand jury indicted Butler on charges of wire fraud and identity theft. If Butler is found guilty of all five charges, he could face up to 70 years in prison and a fine of $1.5 million, according to the U.S. Attorney's Office in Pittsburgh. Butler is currently being held in San Francisco until he appears in court on Monday.
I know Mr Butler is innocent until proven guilty in US courts, but human evidence gathered by informants is going to be tough to beat.
Show this post to your kids if they think "[malicious] hacking is cool." If you think "[malicious] hacking is cool," remember Mr Butler's fate the next time you break the law.
WHO WROTE PRIVMSG?
The author of Privmsg served one year in prison after pleading guilty in a U.S. District Court to a single count of computer intrusion. In May 1998 he compromised numerous government, military, and academic servers running BIND and installed back doors on those systems. He was caught thanks to skillful use of session data by analysts at the AFCERT and by Vern Paxson from Lawrence Berkeley Labs. See http://www.lbl.gov/Science-Articles/Archive/bro-cyber.html for more information on Paxson’s use of Bro and the “boastful and self-justifying” e-mail the intruder sent to Paxson. For details on the intruder, see Wired’s account at http://www.wired.com/news/culture/0,1284,54838,00.html. Kevin Poulsen’s story at http://www.securityfocus.com/news/203 has more details.
The bottom line is it does not pay to infiltrate government machines -- especially Air Force servers or computers monitored by IDS researchers.
I didn't name Max Ray Butler (aka "Max Vision") as the author of Privmsg, but if you followed the stories you would have figured that out yourself.
I also didn't publicize this August 2002 post by Max to the SecurityFocus Jobs mailing list, subject line bay area security professional, $6.75/hr... Please read below!:
Greetings security employers:
I have an unusual situation that I would like to describe to you, and in doing so I am asking that anyone who can immediately employ me in the San Fransisco Bay Area, please read this email and consider taking advantage of my availablity and temporarily low cost.
I am...
o a seasoned professional with extensive security skills and experience
o a once convicted hacker (DOD, 1998)
o local to the San Fransisco Bay Area, I live in Oakland
o willing to work for mimimum wage (for the next two months)
o eager to work 60 hour weeks; I don't mind nights/weekends/holidays...
My Conviction (why I am desperate)
I am not proud of being convicted of a felony, but it is important that a potential employer know of my status. Apparently if you have FDIC insurance there is a clause stating that you cannot hire a convicted hacker on your projects. It is also because of my status that I am desperate for security-related or even internet-related work.
The truth is, I am living in a federal halfway house transitioning out of prison back into society. I have to find local work to meet their requirements, and they haven't approved any telecommute offers I have had so far. The director of the facility told me that if I don't find a job in the next week or so he will send me back to prison (my sentence actually ends October 12th)...
Sincerely,
Max Vision
That's one of the saddest and most pathetic posts I've ever read.
So where are we now, five years later? Check out Max Vision charged with hacking -- again:
In a five-count indictment unsealed on Tuesday, federal prosecutors allege that Butler ran a scheme to hack into computers at financial institutions and credit-card processing centers, stealing account information and selling the data to others. Butler also ran the online carders' forum, CardersMarket, under the name "Iceman" and "Aphex" as a way to coordinate illegal activities and meet people with similar interests, according to an affidavit penned by the U.S. Secret Service, which spearheaded the investigation...
During the 16-month investigation, the Secret Service maintained two confidential informants, one of which was an administrator on the CardersMarket forum. The informants gave the investigators an eye-opening view of the inner workings of the carders' world, the affidavit stated.
Butler purportedly used at least five different handles -- including "Iceman," "Aphex," and "Digits" -- in an attempt to confuse law enforcement and keep his administrative activities on CardersMarket separate from his outright illegal activities, the affidavit maintains...
A federal grand jury indicted Butler on charges of wire fraud and identity theft. If Butler is found guilty of all five charges, he could face up to 70 years in prison and a fine of $1.5 million, according to the U.S. Attorney's Office in Pittsburgh. Butler is currently being held in San Francisco until he appears in court on Monday.
I know Mr Butler is innocent until proven guilty in US courts, but human evidence gathered by informants is going to be tough to beat.
Show this post to your kids if they think "[malicious] hacking is cool." If you think "[malicious] hacking is cool," remember Mr Butler's fate the next time you break the law.
Comments
sometimes bad people reform, but just as often they don't... whatever benefits one thinks one might be getting by picking up someone like this have to be weighed against the very real risk that they're still bad...
he may not have abused the trust of his employer (there wasn't enough info in the securityfocus piece to tell if he did or not) but he doesn't sound like the kind of person who'd have any qualms about it if a good opportunity arose...
Then he goes to prison and comes out a changed person.
--Anonymous
You have to wonder how many people actually actually get more desperate and willing to do more serious/worse things in jail. Heck, I'll bet some even spend their time learning about criminial activities in jail. Countries like Norway have rethought the jail system to turn it mainly into a rehabilitation system instead of a punishment system.
as for his prior crime, i gather he didn't just break into those systems but also left backdoors to facilitate getting back in later... there may not have been a financial component but it was at a time before cybercrime as we now know it took off...
If we want first-hand accounts of what happened, one of my friends might be compelled to say something here... (hint)
When you go through the halfway house you see lots of guys trying to make a new start, positive about living a legal lifestyle. But then you see them get their minimum wage jobs in factories, the feds are taking 25% of their paycheck for restitution, 25% to the halfway house, 25% for child support (which a majority are paying). I saw them and I knew many of them would turn back to selling drugs. They have absolutely no hope otherwise. They are permanently branded and barred from hundreds of occupations (Anything requiring a state license, from lawyers to barbers).
oh wait, he wrote for the wrong people too.