October 30, 2023 0 1620

Max Butler — the Hacker Who Revolutionized the Carding Market

Max Butler entered the history of cybercrime primarily because of his unprecedented audacity. He did what no one else had thought of. Ironically enough, most of Max's crimes were committed with the best of intentions. Butler gained fame as one of the biggest carders — cybercriminals who infect other people's computers with malware and steal credit card data from them to then withdraw money in various ways.

In the 2000s, Max Butler was known to the entire carding community under the nickname Iceman. Among other things, he managed to create a large carding forum that brought together cybercriminals not only from the USA and Europe but also from Russia and the CIS countries. But this was preceded by a difficult childhood, wanderings through American prisons, and miles of code. Let's try to unravel why a person becomes a criminal.

To read about other interesting case studies on making money online, please visit our Telegram channel.


Childhood and Early Legal Troubles

Max Ray Butler was born on July 10, 1972, in the city of Meridian, Idaho, in a large family. He also has a brother and a sister. When Max was 14, his parents divorced. His father, with whom the boy had a great relationship, moved to Boise, which is in  Idaho as well. Max stayed with his mother but was very upset about the divorce. Perhaps this had an impact on his behavior, as the quiet child interested in computers gradually turned into a difficult teenager.

While still in school, Max learned about phreaking — telephone hacking with the ability to make calls anywhere at the expense of other subscribers. He and his friends engaged in this activity until one day in high school, he saw one of them with a duplicate stolen key to the lab. And these guys didn't just leave the key lying around. Soon they broke into the lab, stole chemicals, sprayed fire extinguishers, and caused a riot. The next day, the police were at the school.

And during one of the interrogations, Max's friend told them everything. As a result, Max was subjected to a two-week psychiatric examination, during which he was diagnosed with bipolar personality disorder, and he was given a suspended sentence. Max's mother, upon learning of this, finally realized that she could not handle her son and to the delight of everyone, sent him to live with his father in Boise.

Max's father had a computer repair service and a store. He employed his son there. Max enjoyed repairing the then antiquated computers, which were scarce in the late 1980s, and delivering them to customers. This is how the future legendary carder gradually finished school.

He dreamed of entering the legendary Massachusetts Institute of Technology or Carnegie Mellon University, but then love intervened. At one of the discos, Max met a girl with whom he quickly established a relationship. She planned to stay in Boise and enroll in the local university. Max enrolled there with her, having easily passed the entrance exams.


Max Butler in His Youth

In his freshman year, Max, along with a new friend, hacked the university's local network. The students amused themselves by exchanging emails with the teachers' mailboxes. Meanwhile, Butler studied data structuring, chemistry, and mathematical analysis. But soon, this carefree life was destined to come to an end. Max's relationship with the girl started to sour, and she eventually left him for someone else. Angry, Max threatened to kill her and even almost hit her and her boyfriend with a car. The court prohibited Butler from approaching the girl, but he quickly violated the order. Therefore, in 1991, Max received his first real sentence, five years long.

Working on the "Bright" Side and a New Sentence

In prison, to pass the time, Butler printed and published a cyberpunk magazine called Maximum Vision. In 1995, Max was released and later even changed his surname to Vision. After serving his sentence, he moved with his father to a suburb of Seattle. There, he repaired computers and set up the internet, which was growing rapidly.

Then Max got a job at CompuServe, where he worked briefly in technical support. At some point, he found an IRC chat where pirates chatted, downloading illegally obtained movies, games, and programs. Max became interested in this company, and to gain authority among his new friends, he hacked a server in Littleton, Colorado, and took several paid programs from there. Later, he distributed links to their free downloads in the IRC chat. However, the provider noticed an excess of allowable throughput in the communication channel and quickly tracked down Max.

After this incident, he was fired from CompuServe, and the Software Publishers Association filed a $300 000 lawsuit against the amateur hacker. But then the parties managed to reach an agreement. Max paid the Association only $3 500 and provided free internet security consultations.

At some point, Max got tired of changing jobs one after another, and he decided to start a new life. To do this, Butler decided to move from his father and go to San Francisco, also changing his last name to the name of his magazine. In San Francisco, he was awaited by school friends-programmers who rented a mansion.

They allocated a bedroom for Max and helped him get a job as a system administrator at a gaming startup. That's how Butler found one job, but the other job found him on its own. Soon, an FBI agent approached Vision, who had learned about him after the case with the Software Publishers Association. He explained that there were really serious criminals on the internet and asked for help in catching them. They were talking about terrorists, drug dealers, and pedophiles. Max, wanting to be on the "bright" side, agreed.

Shortly thereafter, the founder of a cybersecurity company approached Vision. This is how Max got a highly-paid job as a pentester. Now among his responsibilities was hacking clients' servers and writing reports, explaining where he found vulnerabilities. Max was made for this job.

Time went by, and Butler was stress-testing the clients' security while simultaneously working for the FBI. The internet gradually spread further and became populated with the first cybercriminals. Simultaneously, in 1998, it was discovered that the BIND program, installed on all computers and converting numerical values of addresses on the internet into domain names, was outdated and contained serious vulnerabilities. Through these loopholes, with the known skills, one could penetrate the computer files and completely subordinate them. Vulnerabilities were found, including on the US Air Force bases, ministries, the White House, and nuclear laboratories. Max first reported this to the FBI agent he was working with. But then a bold plan matured in his mind. Max decided to write an exploit that would automatically fix current BIND vulnerabilities on all computers, eliminating the cybersecurity threat to the United States. However, Vision left a password-protected backdoor for himself in the secured programs. This backdoor effectively made him the owner of the computers in key government facilities.

One spring night in 1998, Max finally wrote a program that would automatically fix BIND on the found machines. When he launched it, messages about successful installations gradually began to arrive. It was interesting to see Vision's face when these messages started coming from military bases and other government facilities.

Renowned American computer security researcher Vern Paxson learned about Max's antics. His own program detected that Butler was scanning computers for BIND vulnerabilities. When Max learned about this, he sent Paxson a long letter explaining the motives behind his actions, saying that he was only trying to patch the holes in US Government computer security for free. After sending the letter, Max stopped the attack. He conceived a new project — a service that would scan servers for vulnerabilities and automatically send emails about the flaws to system administrators. After two nights of work, Max created his project and posted it on the newly created site whitehats.com. This service was warmly received by the programming community and gave Max even more authority among "white" hackers.

Additionally, Max posted links on the site to patches to fix BIND vulnerabilities and much other useful information.

Of course, in 1998, FBI agents knocked on Max's door. After all, any cybercriminal eventually gets caught. The reason was the interference with Pentagon computers and US Air Force bases to fix BIND vulnerabilities. They didn't imprison Max only because he made a deal with the FBI. Now he couldn't get away with just vulnerability reports. He had to help identify hackers who were a danger to the US, including gaining their trust. For this, Max was sent to the legendary DEFCON hacker conference held in Las Vegas. There, he met his future lawyer, Jennifer Granick, who specialized in defending hackers.

Jennifer Granick

After some time, Max was called to the FBI office, and the supervising agent gave him a new target. This time it was Matt Harrigan, the head of the company MCR, specializing in cybersecurity. Matt's idea was to hire former cybercriminals with real hacking experience. Max needed to get Harrigan to confess to engaging in illegal cyber-attacks and being involved in the BIND attack. For this purpose, Butler was even provided with a listening device. Max signed all the papers and agreed to cooperate. But soon he turned to Jennifer Granick for protection, realizing that he no longer wanted to work for the American authorities. When the FBI found out that Max had a lawyer, they immediately removed him from the list of informants and began preparing a case to put him behind bars. The sentence was handed down only in 2001. This time, Max Ray Vision was sentenced to 1.5 years in prison.

Release and Grown-Up Carding

In 2003, Max was released under supervision. He had to live for some time in a special house with other former inmates. The main condition for his release was to find a job, and remote work was not suitable. After numerous rejections for programming-related vacancies, Max struggled to find a job where he assembled servers. This helped him get out from under supervision. When this happened, Max quit and went to San Francisco, where he lived in a friend's house. There, he switched to the "dark" side, realizing that he no longer had a place in cybersecurity.

After a while, Max met with a friend he had met in prison during his last sentence. It was a fraudster named William Normington, who expected that Max's skills would soon come in handy for him. Normington introduced Max to his acquaintance, Chris Aragon. He used to be a carder and committed bank robberies, although not very successfully. The friends gave Max money for a good laptop and a parabolic antenna, which he needed to demonstrate his skills.

In 2003, internet users across America were rapidly transitioning to wireless communication. As a result, Wi-Fi routers, soon becoming a sensation, quickly captured the market. When Butler had the antenna and laptop in his hands, he, along with Aragon and Normington, rented a room on the top floor of a hotel in a bustling area of San Francisco and set up the equipment. Using the antenna, Butler scanned nearby Wi-Fi networks and searched for vulnerabilities in them. Through these security loopholes, he could penetrate computers and extract all the information, including cookies, email addresses, transaction data, credit card dumps, and correspondence. Indeed, this is what he did in front of his new friends. However, at that time, they did not know what to do with all this chaotic information.

Perhaps it would have ended with nothing if Chris Aragon hadn't later visited carding forums and decided to get back into this business. On the forum, he bought credit card dumps and blank cards for recording data on them. When he managed to buy $400 worth of groceries at a supermarket with someone else's card, Chris realized which direction to move in. He also realized that he would now need a lot of credit card dumps and as cheap as possible. It was then that he remembered Max Butler and his extraordinary abilities.

When Chris contacted Max and explained what was happening, he didn't hesitate to choose victims. He didn't want to steal money from regular people's cards. So Max went to the CarderPlanet and ShadowCrew carding forums. There, he collected icq numbers and email addresses of carders and merged them into a database. Then, under the name of a known card supplier with the nickname Hummer911, he sent the same message to everyone. It said that there were too many American Express card dumps on hand, so some of them could be taken for free. To get the dumps, recipients were asked to click a button in the email and follow a link to a fake website. When the user got there, an elegant trojan on their computer was already doing its job. Thus, Max stole the personal data of numerous carders from different countries. Naturally, there were also dumps of their credit cards, totaling about 10 000. Interestingly, among the hacked computers was a machine belonging to an FBI agent who had infiltrated the carding forum undercover. In the future, this would help Max track all the Bureau's actions and know their moves in advance.

Gradually, Max and Chris established a full-fledged carding business. Aragon bought many clean card blanks and magnetic stripes and a machine for their production. Receiving dumps from Max, he practically made real cards right in his luxury residential complex. The quality of the plastic was impeccable, as everything was top-notch. To cash the money, Aragon chose a rather original method. He hired five beautiful girls, specially recruited for this purpose. They went to expensive boutiques in Orange County, California, and bought expensive branded clothing and accessories using printed cards. During this time, huge sums were written off from the accounts of law-abiding American taxpayers. But all these losses were covered by the banks, so their clients were only lightly scared. This suited Max, as it matched his principles.

In the center — Chris Aragon, below — some girls from his group

After purchasing expensive items, the girls handed them over to Chris, who paid them 30% of the value in checks. Then Aragon's wife sold the purchases on eBay at a slight discount. This is how the guys worked until the entire group was arrested. Max was taken into custody in September 2007. Transactions totaling $86 million were found in his accounts. About 10 000 financial institutions suffered from the work of the carders. Max faced up to 60 years in prison. But all of this was still far off.

The Darknet Overhaul and the Creation of CardersMarket.com

Over time, Chris started paying Max less and less for his work, explaining that half of the cards had no money on them. Max was dissatisfied with this and soon bought his own card-making equipment and many blanks. He quickly mastered the printing technique and began to cash the cards himself, driving from ATM to ATM at night.

By 2004, there was already a lot of distrust and scamming on the main carding forums CarderPlanet and ShadowCrew. More and more people were coming into carding. Often, these were teenagers who didn't know how to behave on the forum with adult professionals. The situation worsened after a user with the nickname CumbaJohnny introduced his own VPN for traffic anonymization. Later it turned out that the well-known carder Albert Gonzalez was hiding under this nickname and was already working for the FBI by that time. It goes without saying that through the VPN, which the forum participants purchased, the agents tracked all their traffic. Thus, in October 2004, all the founders of ShadowCrew, except CumbaJohnny, were arrested. CarderPlanet suffered the same fate.

Albert Gonzalez

Due to the collapse of the main carding forums, carders worldwide were fragmented for several years. A wall of distrust stood between them. But everything changed in 2006. Max Butler didn't like this situation. He decided to create a place where carders from different countries could freely communicate and exchange information without fearing arrest. Thus, the forum CardersMarket.com was born. However, it wasn't enough to just choose a domain name and set up the site. The most important thing was to attract visitors. For this, Butler invented a rather original method.

Within 48 hours, Max hacked all four major carding forums operating at that time. He stole user databases, their passwords, all conversations, and chat session records. Butler installed all of this on his forum. He sent the same email to all users, stating that now there was only one forum for carders — CardersMarket.com. Cybercriminals grumbled a little, but a significant portion of them migrated to Max. As a result, he had about 6 000 users at his disposal.

It is unknown how long CardersMarket.com would have lasted if it weren't for an FBI agent named Keith Mularski. He had been working undercover as one of the admins on the DarkMarket forum even before Max's attack. But after that, he carefully collected all the data about the user under the nickname Iceman, which Butler took on. It was because of this that Max managed to gather enough evidence, and he was arrested in 2007.

Considering all the episodes of Butler's activities, he faced 60 years of imprisonment. However, in 2009, he pleaded guilty to all charges, reducing his sentence to 13 years. Still, it was a record term at the time. After his release, Max will have to pay the banks a total of $27.5 million.

Arrest and Prison Drone Service

In 2018, a new trial was held over Max Butler, who was in prison. This time he was accused of smuggling prohibited items into the prison using a drone.

According to the investigation, in 2014, while in prison, Max obtained a T-Mobile My-Touch phone, which he used to access the internet. This enabled Max to gradually withdraw money from previously stolen credit cards. The transactions went to the accounts of other inmates in the same prison. With this money, in 2016, the prisoners bought a drone through the internet, which was regularly used to deliver various contraband. Two inmates involved in the scheme admitted that the idea and planning were entirely Max Butler's. He himself claimed to be completely innocent.

Conclusion

The phenomenon of Max Vision lies in the fact that he was a person with unconventional thinking who couldn't fit into the framework of society. Despite working for the FBI, engaging in penetration testing, and trying to be useful in the field of cybersecurity, his rebellious nature prevailed. As a result, Max realized that essentially there is no difference between being on the light or dark side — he would have to be imprisoned in any case. That's why Vision ultimately chose the dark side.

More details about his life and motives can be found in the book "Kingpin" by Kevin Poulsen, the editor of the cult Wired magazine. The book was translated into Russian by the hacker Vladislav Khorokhorin, who also served time in American prisons, including with our hero. However, Max Butler, also known as Vision, was released on April 14, 2021, according to the English Wikipedia, and it seems that the press has forgotten about him. But one thing is for sure: the book of the life of one of the most famous hackers has not yet been completed. The editorial board of Partnerkin does not support cybercrime in any form. Carding and hacking for selfish purposes are bad.

How do you like the article?
#cybercrime #carding