'Iceman' pleads guilty to massive computer hacking

Computerworld - Max Ray Butler, a former security analyst turned hacker, yesterday pleaded guilty in federal court in Pittsburgh to breaking into numerous financial institutions and card-processing networks and stealing credit card and identity data on hundreds of thousands of people.

The guilty plea came after Butler had requested nearly a dozen extensions for time to file pretrial motions after his arrest in September 2007 on three counts of wire fraud and two counts of transferring stolen identity information. The charges carry a maximum of 40 years in prison and a $1.5 million fine. It's possible that Butler will receive a substantially lighter sentence by agreeing to plead guilty.

Butler, 37, was arrested in San Francisco, but the case is being heard in Pittsburgh because one of his accomplices who is cooperating with authorities is based in Pennsylvania.

Butler has already spent time in jail on other charges. He served an 18-month prison term after he was convicted in May 2001 on charges of breaking into and accessing U.S. Department of Defense computers. He was also part of a group of four individuals that was investigated by the FBI and the U.S. Secret Service in January 2004 for compromising software code in the video game Half Life.

Court documents filed in connection with Butler's most recent arrest describe what appears to have been an elaborate scheme and an equally painstaking 16-month effort to nab him. The thefts and break-ins to which Butler pleaded guilty took place between June 2005 and September 2007. During that time, Butler, who used the online nicknames "Iceman," "Digits," "Darkest" and "Aphex," broke into the networks of numerous institutions, including Citibank and the Pentagon Federal Credit Union, and stole data on hundreds of thousands of credit cards.

The documents state that Butler then sold the data to several of his accomplices via a Web site called Cardersmarket that he set up in 2005 along with another individual named Christopher Aragon. According to the court documents, Aragon would manufacture or re-encode credit cards with the stolen card information provided by Butler. Aragon and his "crew" would use the cards to fraudulently purchase thousands of dollars worth of merchandise at retailers such as Wal-Mart and Dillard's. The merchandise would then be resold by others, including Aragon's wife, through venues such as eBay. Butler would receive a cut from the proceeds of such sales, typically through prepaid Green Dot credit cards.

The 6-foot, 5-inch, often pony-tailed Butler, would carry out his hacking activity from multiple locations, including hotel rooms and apartments in San Francisco that he would rent under the name Daniel Chance.