How Iceman’s epic 48-hour hack resulted in the reign of CardersMarket.com

in #hacking7 years ago


Max Butler / Max Vision / Iceman

This story depicts one of the most brazen, ice cold — and thus, coolest — hacks I’ve ever heard of. It’s something I want to share with those of my readers who love the thought of pushing, or trespassing, the limits of our society.

Considering that my audience (so far), seems to mostly be blockchain enthusiasts, I suspect many of you will appreciate the “big-balls’i-ness” of what I am about to share with you.

For me, the world of IT security, has been my closest affair with living on the edges of both legal and illegal society.

One could argue that selling was drugs close enough to qualify. But, to me, that was only my first extension to an obvious desire to push limits. Whichever, whenever.

My gateway-drug* to that way of thinking was computers and the internet. And it still is, sort of.
(* I firmly believe the term gateway-drug to be one of the dumbest terms ever coined. By the way, though… I kind of like using it to describe everything but marihuana, just to water down its original intent).

The ultimate story (the one that covers all the aspects of not-giving-a-shit) that I value the most is the story of a hacker who went under the name of Iceman.

Iceman (real name Max Butler, later changed to Max Vision) caught my attention way too late. You see, dumb as I am, I always kind of wished I could share some personal experiences with his online endeavours…. Regardless of whether that would have led to even further run-ins with the law than I’ve had up until now or not. Though it most probably would have.

Somehow I’m still able to argue with myself, despite how my world was turned upside down due to the Silk Road aftermath, that it would have been totally worth it. So, yeah, I’m not the sharpest tool in the shed.

But back to Iceman who (before performing one of the smoothest moves of all time) was already a well renowned white- and blackhat hacker. By the time he initiated the hack I am about to describe, already made a name for himself first for exploiting a bug in the DNS service which translates IP addresses into human-readable domain names (for instance Apple.com resides behind the IP 17.172.224.47, but it is way simpler to write Apple.com in a browsers address bar than the IP address).

As Butler himself, his exploit of the DNS weakness was bipolar — it actually fixed the weakness at the sites where it was installed. Leaving them immune to the original exploit, but at the same time leaving a backdoor into all these systems that were only accessible by him. His problem is that this “fix” propagated to DNS servers of several high-security operations, military bases, nuclear installations, and several US departments — to name a few.

The ordeal had him heading for prison after an FBI raid on his home in Half Moon Bay, California. He got a 3 year sentence of which he served at least 18 months. Upon release to a halfway house his situation was totally different from what it had been prior to his arrest. After years of working as a high paid security professional, charging up to 100$ an hour for consultancy work, this job application which he posted in hopes to fulfill the terms of his probation reveals the desperate situation he’d become caught up in. Seeking new work in hopes of avoiding serving the remainder of his sentence in prison, he now offered to work for minimum wage — just over $5 an hour.

It goes without saying that when someone who, with little effort, can break into institutions which wither manage millions — if not billions of dollars — is put into such a situation, they get a sudden urge to return to odl ways. Which is of course what happened.

Icemans digtal coup d’état was when he (in a two day hack-a-thon) compromised the 4 major competing websites that were offering services related to abusing stolen credit card data. Basically, the net result was successful in eradicating all major competition.

Not only did he hack competing marketplaces and cripple all sites and forums at once… he redirected all previous visitors to these sites, to his site CardersMarket.com and eviscerated their databases to the point where they were unrecoverable. He even imported all user accounts from the hacked websites, with their old passwords still working, into his new website.

To finish it all off with he sent a slick e-mail to all the users of the, now defunct, sites he had compromised — letting them know that from now on they could continue their business at CardersMarket.com if they wanted to conduct their business on a real dark market (this, of course, was before the mass adoption of TOR, and its subsequent mass deployment of darknet marketplaces for all things illegal).

The hack left basically all the leading carder sites inoperative for a long while, while the new CarderPlanet.com was not only up and running, but the theft of the user-databases off all the sites compromised got it off to a running start with a 6000+ strong userbase.

Inevitably, though, as the Silk Road case shows, when you become the mastermind behind the biggest criminal website — you also become a huge target of the FBI. In 2002, the then FBI Director Robert Mueller (now known as the Special Counsel investigating claims of collusion between Russia and the Trump Campaign) declared hacking activities as the second biggest priority of the FBI, just below terrorism. Then in a two-year long investigation the feds eventually arrested enough buyers of credit card dumps, usually being popped at high-end luxury stores, hotels and such with sloppy made credit card replicas, and turned them into rats.

As it goes, snitches do what snitches do best. They turn on the people one step over them in the food chain, in order to bargain a milder sentencing. After working their way from buyers… to sellers… to admins of the CardersMarket.com site they eventually struck gold when they got to Christopher Aragon who they knew was the partner of Iceman.

While Aragon did not cooperate with the arrest of Butler, his records of business dealings with people working for him and Butler was a goldmine, they picked up half a dozen people involved with their business. Which lead them to further clues as to how they could find Iceman.

After learning from one of those arrested (who turned snitch) that Iceman lived in the Oakland/San Francisco area — the FBI got a warrant to monitor all visitor IP’s to CardersMarket.com — which led them to an area of Oakwood California where they could see numerous log-ons to the site from a bunch of different IP addresses within the same residential block.

It was all they needed, shortly after, Max Butler a.k.a. the Iceman was arrested by 6 Secret Service agents. Even worse, his encrypted storage drives were not as secure as he had hoped and the feds soon uncovered information that would have enabled Iceman to create clones of one million credit cards at will. Due to new changes in wire-fraud legislation, each card would result in a charge of a 500$ fraud, effectively putting Iceman in a position where he was risking an indictment of fraud in the 500 million dollar range.

The evidence against him resulted in a guilty plea where Max Butler admitted to stealing information of over two million credit cards and charging over 86 million dollars in fraudulent charges. His final verdict was a 13 year prison sentence (at that time a record sentence) and a 27.5 million dollar restitution payment to his victims.

Scheduled for release in 2019, Max Butler is nearing the end of his sentence. He will also be under supervision for the first 5 years of his release, so there is no reason to expect the return of the Iceman anytime soon. But the stories of his online endeavors have not been forgotten, and probably never will.

For more information about Iceman and the CardersMarket.com reign, I can recommend the book Kingpin by Kevin Poulsen, who takes a deep dive into the life and crimes of Max Butler.

If you enjoy my writing, kindly leave a tip in the jar (below) if you think it is warranted. I’ve been greatly motivated by the generous submission of tips from at least 5 different individuals so far, all of which will be held in the cryptocurrency it is submitted in until I finish of a prison sentence of my own. I am currently awaiting an appeal of a trial which in its first instance landed me a 5+ year prison sentence, a firm believer in the future of crypto I’d never think of cashing any submitted tip into fiat until the end of my upcoming sentence — so who knows, maybe a $5 tip today will result in me being able to cash out $5000 and helping me rebuild my life upon release.

Tip jar (much obliged):

AKA: 0xfE6d5EB3853B68BC2aFE8BA47eFdb9ABCb618f51

XHV: hvxyCxSYVGLSysjcLhRUhEfpHX3p9wXjpGNFC7iR84DPewEuZ3BxoYAaC7uUVvMxxVVBWwsxWkzPLPfFqwtVxveE7S9tdCbok4

BTC: 14iKgia5wtdjmLXs7QiJui3Sb6KVP6XebL

ETH: 0x913c1CD95Dc971B304C5217831102E350230efaB

BCH: qq5tjpm0jv460tvk4pa050pwc6u2aj46gs2tce2rd4

NEO: ARdd2cqCSajpzkSZGFtSqAPvBLYcquD7WH

Follow me on Twitter for more random stuff from the world of crime, crypto and hacking (amongst other things)

https://twitter.com/MrKrugerCrypto

Coin Marketplace

STEEM 0.22
TRX 0.26
JST 0.039
BTC 95444.49
ETH 3354.43
USDT 1.00
SBD 3.15