Hacker, FBI informant, identity thief led many lives
At 35, Max Ray Butler has led three lives.
He began as the stereotypical 1990s computer wiz kid who parlayed his skills into a big-time business detecting the weak spots in corporations' computer security armor.
Based in California's Silicon Valley, Butler was masterful at discerning vulnerable areas where deft hackers could access a company's computer system and steal personal financial information that could fetch millions of dollars on the black market.
Temptation intervened, and Butler eventually became one of the criminals he had worked to thwart, according to government investigators.
When he was caught, he moved on to his next life -- as a government informant.
His life as a snitch came to a crashing end when he turned his back on the government. He was indicted by a federal grand jury in Pittsburgh on charges of selling tens of thousands of credit card numbers to an associate in Western Pennsylvania who was a government informant.
With that indictment, government officials claim they have taken one of the "significant players in the world of identity theft" off the streets. Federal authorities accuse Butler of compromising networks around the world by penetrating financial institutions' systems, stealing credit card and personal identification numbers, and then selling them. No price tag has been attached to the damage allegedly done by Butler.
Today, the computer geek with the stringy, shoulder-length hair is behind bars at the Allegheny County Jail awaiting trial on charges that could put him in prison for up to 40 years.
Max Ray Butler grew up uneventfully in Boise, according to court records.
With a lifelong passion for computers, he graduated from high school and went to work as a technician at a local computer store.
Court records say he honed his computer skills before acting on dreams that a bigger and better life might be found in Silicon Valley, Calif., the epicenter of the computer revolution.
In the late 1990s, he moved to San Jose, married a woman named Kimi Winters and started a business called Max Vision, court records show. He snagged several contacts with companies to intentionally break into computer networks to test their security systems. While he was penetrating the networks and writing programs to close the breaches, he secretly left open a back door that would allow access later, prosecutors say.
Authorities allege that during this time, Butler began to illegally hack into computer networks operated by the Air Force, NASA and the federal Defense and Energy departments. He didn't steal any information, but again left open a door so he could re-enter later, authorities said.
It wasn't long before the FBI came calling.
When agents scoured his home in 1998, a contrite Butler immediately confessed. The FBI said Butler could make amends by working as an informant.
He helped the FBI crack a ring of hackers who had penetrated telephone company 3ComPBX.
He attended a clandestine meeting of hackers in Las Vegas and obtained encryption information that helped federal agents learn the identities of hackers who generally attempt to mask their identities by using cryptic screen names.
Then Butler suddenly shunned the FBI. He began missing meetings and didn't answer phone calls.
Agents issued a warning.
"We need to make some changes in the way we do business," Special Agent Chris Beeson warned in a 1998 memo to Butler. "In the future, missed appointments without exceptional reasons will be considered uncooperative on your part. If you are not willing to cooperate, then we have to take the appropriate actions."
The end came when the FBI asked Butler to target a friend, according to court documents.
Agents had serious suspicions about the friend, who had a contract with the National Security Agency, court records indicate.
Butler refused to turn on his friend. He hired an attorney, who told agents her client no longer would cooperate.
Butler was indicted, pleaded guilty and was sentenced to 18 months in the Taft Correctional Facility in California. His attorney asked for leniency. Winters, now his ex-wife, wrote a letter on his behalf to the court.
Attempts to reach Butler's ex-wife and his mother were unsuccessful.
Federal prosecutors told the court that Butler's cooperation "was of precious little value to the government."
When he was released in 2002, he was broke and desperate, according to court records.
He wrote in an online post that he was "not proud of being convicted of a felony" but was "desperate for security-related or even Internet-related work," according to transcripts of the post.
"I live and breathe network security," he wrote. "The truth is, I am living in a federal halfway house transitioning out of prison back into society. I have to find local work to meet their requirements, and they haven't approved any telecommute offers I've had so far. The director of the facility told me if I don't find a job in the next week or so he will send me back to prison."
He landed in the San Francisco area and once again began his illegal work.
This time, he used a powerful antenna to capture electronic signals from various wireless networks. Working from an apartment rented under an assumed name, Butler could lock onto multiple wireless signals and ride them from one network to another until he reached the computer system he had targeted, according to court records.
Kevin Poulsen, editor of Wired magazine and a former hacker who served five years in prison for breaking into FBI computers, suspects Butler used this method to "hop onto" wireless networks "so it wouldn't be traced back to him."
The turning point came when Secret Service agents arrested two of Butler's associates, who quickly turned on him, court records indicate.
Jonathan Giannone, 21, of Lexington, S.C., who is in the federal prison at Allenwood, Pa., was arrested in April by the Secret Service on charges of wire fraud. Giannone said he began working for Butler in May 2005 and eventually purchased illegal credit card numbers from him, federal agents contend.
Later, another associate, Christopher Aragon, 47, of Capistrano Beach, Calif., was arrested by Newport Beach, Calif., police for identity theft after officers found he had $13,000 worth of designer handbags he said he had purchased with credit card numbers provided by Butler.
Giannone and Aragon said Butler breached the networks of the Pentagon Federal Credit Union and Citibank to gather financial profiles of credit card holders and personal identification numbers, according to records.
According to a Secret Service affidavit, Aragon said he and Butler created an Internet site, "Cardersmarket," in 2005. The business became a clearinghouse where hackers could buy and sell credit card numbers and trade expertise, according to the indictment.
On Aug. 6, agents monitored an Internet chat room conversation in which Butler and a Pittsburgh area informant talked about Aragon's arrest.
"I wonder what kind of records he kept on all that," Butler wrote, according to court records. "I mean, if he was sloppy enough to have equipment at his house ... Well, all I know is, if he was spilling info I (would have been) arrested and sitting in a cell long ago."
Butler already was under surveillance.
He was arrested Sept. 4 in San Francisco and indicted in Pittsburgh later that month.
Identity theft losses rising• The number of cases of high-tech thievery this year has doubled from 2006, the Economic Crimes Institute at Utica College in New York found.
• Losses from identity theft are difficult to determine because crimes are not always discovered or reported to law enforcement, according to the federal Government Accountability Office.
• More than 15 million people fell victim to identity theft in the United States last year, with losses estimated at more than $56 billion, according to the Identity Theft Resource Center.
Show commenting policy
TribLive commenting policy
You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.
We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.
While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.
We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers.
We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.
We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.
We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.
We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.