Computer World

A California man who served jail time for hacking hundreds of military and government computers nine years ago was charged yesterday with new computer crimes: stealing tens of thousands of credit card accounts by breaking into bank and card processing networks.

Max Ray Butler, 35 of San Francisco, a.k.a Max Vision, and also known by his online nicknames of Iceman, Digits and Aphex, was indicted Tuesday by a federal grand jury in Pittsburgh on three counts of wire fraud and two counts of transferring stolen identity information. Arrested last week in California, where he remains, Butler could face up to 40 years in prison and a $1.5 million fine if he is convicted on all five counts.

According to the indictment, Butler hacked multiple computer networks of financial institutions and card processing firms, sold the account and identity information he stole from those systems, and even received a percentage of the money that others made selling merchandise they'd purchased with the stolen card numbers. The U.S. Secret Service ran the investigation into the hacks and resulting scams, which took place between June 2005 and September of this year.

Butler was charged in Pittsburgh because he'd sold data on 103 credit card accounts to a Pennsylvanian who was cooperating with authorities.

He and others also operated a Web site used as a meeting place for criminals who bought and sold credit card and personal identity information. "As of September 5, 2007, Cardsmarket had thousands of members worldwide," the indictment read. Although the site was still online as of Wednesday morning, the forums had been deleted. A message posted by a forum administrator identified as achilous said he had erased the threads when news of Butler's arrest broke.

"Everybody who hasn't already done so, I would strongly advise that you delete all PMs you have saved," achilous advised. "Also, any unsecured data you have, now would be the time to make sure it is very strongly encrypted. These precautions seemed justified given the severity of the situation. It may only be a matter of time before a government agency takes over this forum, and I did not want them to get the raw SQL database containing all the threads and posts."

Although some documents in the case remain sealed, including one or more affidavits, news reports cited grand jury witnesses who had told of Butler selling tens of thousands of stolen credit card accounts. A former partner who had been arrested in May reportedly claimed that Butler supplied him with a thousand numbers each month for more than two years, according to the Pittsburgh Tribune-Review.

Achilous called Christopher Aragon, 47, the Californian named in the Tribune-Review story, a "rat" for fingering Butler. Aragon was arrested with another man, Guy Shitrit, 23, in Newport Beach, Calif. on May 12 at a local shopping mall after buying more than $13,000 worth of Coach handbags using counterfeited American Express, credit cards at Bloomingdales. Police found more than 70 bogus credit cards on the pair.

After he was arrested, Aragon was banned from the Cardsmarket forums, said achilous, for "security" reasons.

Prosecutors in Pittsburgh said that Butler used high-powered antenna in "war-driving" style attacks to hack wireless access to computer networks at organizations that included the Pentagon Federal Credit Union and Citibank.

Butler is no stranger to the judicial system. In 2000, he pleaded guilty to charges that he hacked military and other government computers three years prior, including those belonging to the U.S. Air Force, U.S. Navy, and NASA. He was also accused of breaching the network of id Software, developers of the PC games "Doom" and "Quake," and stealing several hundred access passwords to a California Internet service provider.

Butler pleaded guilty to one felony count, even though he continued to proclaim his innocence, saying that he had found an unpatched vulnerability in government networks then written software to scan for the hole and close it. Prosecutors at the time, however, said Butler also added a "back door" to every system his software penetrated, giving him secret access to the networks.

Ironically, Butler, then 28, was a well-known security researcher before his arrest, frequently posting to security mailing lists. He had also created arachNIDS, a once-popular open source collection of attack signatures used intrusion detection systems. During court hearings in 2000, it also came to light that he had been an FBI informant for at least two years, and perhaps as many as five years, before his arrest.

Butler was sentenced in May 2001 and served 18 months in federal prison and three years' probation.

Labels: attack, hackers, risk mitigation

(0) comments

Autoblog

YOU are big brother

The world is certainly not lacking devices that allow you to track and control your vehicle from afar. The newest breed of these systems was developed by Inilex, which allows a subscriber/user to do everything from unlock their doors, start their vehicle, sound the alarm, disable the engine or give the location of their ride. The system can be used by logging on to Inilex's website via a PC, calling a toll-free number or using a PDA with access to the internet.

Aside from providing a bit more convenience and protection, the major draw for some users, namely parents, is the ability to not only track the movements of the vehicle, but also be alerted via text message or email if the kiddies stray from set boundaries or operate the vehicle during certain times of the day or night (no more ditching school or sneaking into the love interest's window at 3 AM).

Inilex demo.

Labels: attack, car, hackers, remote security, security

(0) comments

SFGate.com based on an AP feed

Hackers briefly overwhelmed at least three of the 13 computers that help manage global computer traffic Tuesday in one of the most significant attacks against the Internet since 2002.

Experts said the unusually powerful attacks lasted as long as 12 hours but passed largely unnoticed by most computer users, a testament to the resiliency of the Internet. Behind the scenes, computer scientists worldwide raced to cope with enormous volumes of data that threatened to saturate some of the Internet's most vital pipelines.

The Homeland Security Department confirmed it was monitoring what it called 'anomalous' Internet traffic.

"There is no credible intelligence to suggest an imminent threat to the homeland or our computing systems at this time," the department said in a statement.

The motive for the attacks was unclear, said Duane Wessels, a researcher at the Cooperative Association for Internet Data Analysis at the San Diego Supercomputing Center. "Maybe to show off or just be disruptive; it doesn't seem to be extortion or anything like that," Wessels said.

Other experts said the hackers appeared to disguise their origin, but vast amounts of rogue data in the attacks were traced to South Korea.

The attacks appeared to target UltraDNS, the company that operates servers managing traffic for Web sites ending in "org" and some other suffixes, experts said. Officials with NeuStar Inc., which owns UltraDNS, confirmed only that it had observed an unusual increase in traffic.

Among the targeted "root" servers that manage global Internet traffic were ones operated by the Defense Department and the Internet's primary oversight body.

"There was what appears to be some form of attack during the night hours here in California and into the morning," said John Crain, chief technical officer for the Internet Corporation for Assigned Names and Numbers. He said the attack was continuing and so was the hunt for its origin.

"I don't think anybody has the full picture," Crain said. "We're looking at the data."

Crain said Tuesday's attack was less serious than attacks against the same 13 "root" servers in October 2002 because technology innovations in recent years have increasingly distributed their workloads to other computers around the globe.

Labels: attack, hackers, root server

(0) comments