Crime & Justice

Feds Say Imprisoned Hacker Ran a Drone Smuggling Ring

ICEMAN COMETH AGAIN

The white-hat consultant turned black-hat hacker was this close to getting out of prison when he was charged with running a wild scheme from behind bars.

bza_tx9hch
Photo illustration by Sarah Rogers/The Daily Beast

A notorious San Francisco hacker already serving a 13-year prison term has been charged with  using a smuggled cell phone to loot consumer debit card accounts, then channeling the profits into a brash jailhouse smuggling caper that used a remotely-piloted drone to drop contraband into the prison yard.

Max Ray Vision, 46, is a former researcher and consultant once highly respected in the computer security community, but who was undone by a series of misadventures that escalated from online mischief to organized cybercrime and a record-breaking prison term.

Under the moniker “Iceman,” Vision operated an underground criminal marketplace called CardersMarket that brought hackers and identity thieves together to do business. The site achieved legendary status in 2006 when Vision hacked into competing cybercrime forums and merged them into his own site by force, a move that marked the computer underground’s first hostile takeover.

ADVERTISEMENT

That stunt made Iceman a priority for federal law enforcement, and with the help of informants the FBI and Secret Service tracked the hacker to his San Francisco safe house a year later and arrested him. Vision ultimately pleaded guilty to stealing and selling magstripe data for 1.8 million credit and debit cards that collectively racked up $86 million in fraudulent charges. In February 2010 he was sentenced to 13 years in prison.

I spoke to Vision extensively while reporting a book about his life, Kingpin: How One Hacker Took Over The Billion Dollar Cybercrime Underground. He’s a paradoxical figure, impulsive and aggressive as a hacker, but so affable in real life that even the feds who tracked him came to sing his praises.

After nearly 11 years in prison Vision is currently set for release next April. The nine-count indictment filed in federal court in Lake Charles, Louisiana, on which he was arraigned earlier this month, threatens that release date.

The new charges center on Vision’s time at the Federal Correctional Center in Oakdale, Louisiana. In October 2014, as Vision began his eighth year in custody, he allegedly came into possession of a contraband myTouch T-Mobile Android phone. After enjoying the phone undetected for more than a year, he began using it to “access the internet and obtain stolen debit card numbers” in December 2015, the indictment reads.

With the card numbers in hand, Vision allegedly used Western Union and Moneygram mobile apps to send $300 bursts of cash to the jail accounts of fellow Oakdale inmates. The indictment names five as co-defendants, a mixed crew of bank robbers and crack cocaine dealers serving sentences of as long as 15 years.

Federal inmates are allowed to receive and send money with their prison accounts—this permits, for example, prisoners to pay for college correspondence courses, or send some of their meager prison labor earnings home to their families. Vision’s confederates, acting on Vision’s instructions, allegedly sent some or all of the ill-gotten cash to third parties outside the prison, effectively turning Oakdale’s inmate accounting system into a money laundering vehicle.

Some of the money went to Vision’s man on the outside, a former cellmate named Jason Dane Tidwell, according to the indictment.

Tidwell, 38, is a Louisiana local with a long history of drug and gun charges who remained in the area following his May 2015 release from Oakdale, and stayed in touch with his former cellmate over an encrypted messaging app, according to prosecutors. He is not charged in the case, but pleaded guilty this month to an unrelated December 2017 firearm offense.

At Vision’s direction, Tidwell purchase a remotely piloted unmanned aerial vehicle (UAV) with some of the profits from the debit card scam, and in the spring of 2016 Tidwell, Vision and two other inmates planned their first covert air drop into the Oakdale yard, according to prosecutors. “The object of the conspiracy was to introduce prohibited objects, namely cellular telephones, into Oakdale,” reads the indictment.

After one failed attempt to pilot the drone, Tidwell brought another associate with better flying skills into the scheme, and at 1:19 in the pre-dawn morning of April 24, 2016 they piloted the drone past the two layers of razor-wire topped fences into the airspace over the prison recreation yard, dropped a bag, and flew the UAV away.

The Bureau of Prisons acknowledged in a statement to the Daily Beast that drone drops are an issue at its prisons, but declined to quantify the problem “for security reasons.” In June the FAA established temporary UAV no-fly zones around the BOP’s 19 maximum security penitentiaries, and the BOP is drawing up plans to intercept and destroy encroaching drones that pose a “credible threat” to a federal prison.

“We continue to proactively research, rigorously evaluate, and effectively deploy proven security technologies to detect, interdict, and mitigate dangerous contraband, including UAVs,” the bureau wrote.

The Oakdale airdrop was a short-lived success. A jailhouse snitch tipped off prison staff the next day. By then the bag had vanished, along with the new cell phone, tobacco and drugs allegedly inside it. Agents in the BOP’s Special Investigative Services reviewed surveillance camera footage from the rec yard and spotted two alleged confederates of Vision leaving their housing unit, making a beeline for the bag, and spiriting it away.  

One of the men, Phillip Tyler Hammons, was doing time for the 2010 armed robbery of a First United Bank in Shawnee, Oklahoma. He promptly confessed to picking up the contraband airdrop, and named Vision as the one “responsible for planning the entire operation,” reads the BOP report. “According to Hammons, Butler used people from the outside of the institution to introduce contraband on to the grounds of the institution.”

(Court and BOP documents refer to Vision as “Max Butler,” using his surname before he legally changed it to Vision in 2007.)

Vision’s legitimate career in computer security was derailed when he broke into U.S. military systems with a code intended to fix a vulnerability in its computers.

Neither the indictment nor the BOP documents detail how Vision allegedly obtained the stolen debit cards that funded the drone purchase, but the myTouch smartphone showed evidence of “logons to hacker forums” through the anonymizing Tor Browser.  

And in a correspondence with his father around that time, Vision wrote of “making new friendship with Russians” and “working on projects with the Russians that might get [him] out,” according to a BOP report paraphrasing the correspondence. Vision allegedly wrote that in working with the Russians he might “have done things that he should not have done.”

Vision had also instructed Tidwell to wire money to Russia, according to the report, perhaps in payment for the stolen card numbers.

“The cell phone recovered by SIS staff revealed the user was a highly skilled person capable to [sic] access secure apps and coordinate the use of stolen credit card information with the use of an aircraft drone to introduce contraband into the institution,” the BOP concluded. “The potential for greater crimes [sic] opportunities are obvious, i.e. escape, introduction of firearms, etc.”

“Although [Vision] was only equipped with a smartphone, he proved that he is more than capable to disrupt and circumvent the security of the institution and present a clear danger to the community in general,” reads the report.

Vision was was placed into solitary confinement in FCI Oakdale’s Special Housing Unit, and  after a year-long investigation the BOP stripped him of 41 days of good behavior time. He remained in solitary for a total of two years before being transferred to the Adelanto Federal Correctional Center about 80 miles north of Los Angeles in the Mojave Desert.

Last month U.S. Marshals transported Vision back to Louisiana to face the new indictment. His arraignment was held November 16, and he entered a not guilty plea.

His attorney didn’t return a phone call for this story, but two federal lawsuits Vision filed against Oakdale prison staff provide a preview of his defense. In them, Vision asserts his innocence, and accuses BOP investigators of railroading him from the start.

“I was not involved in the activity—I was not at the rec yard at all, I never had a phone, and the alleged ghost package isn’t even in evidence,” he wrote.

Vision claims that it was Hammons who was responsible for the drone, as well as everything done with the contraband cell phone. Hammons pointed the finger at Vision because he was fuming over a rules dispute between the two men during a recent game of Pathfinder, a Dungeons and Dragons-like role playing game.

The myTouch phone, which investigators found dumped in an inmate bathroom, belonged to Hammons, according to Vision. "Hammons was known to brag about using his phone for Facebook, playing Xenimus ... reading about hacking, viewing porn, watching movies, texting his friends.”

With Vision’s release date just five months away, the new charges are a gut punch to Vision’s friends and family.  "He was doing good,” said Robert Butler, Vision’s father. “He hasn't been idle, he hasn't been lying around getting fat. He's taking care of himself and he's keeping his mind active. He’s read a gazillion books.”

The defendants in the case are Vision, Hammons and Terry, as well as one Davon David, Waltez Jemel Latham, and Robert Dee Okane.

The alleged drone caper is one more twist in a roller-coaster ride that began two decades ago when Vision’s legitimate career in computer security was derailed by an act of impulsive mischief that he thought of as a good deed.

In 1998, when he was still considered a top “white hat” hacker, Vision wrote code that breached thousands of U.S. military systems around the country. The code wasn’t built to destroy, but rather to fix a known and widespread software vulnerability in the Defense Department computers before a more malicious adversary could exploit it.

Despite his good intentions, Vision was traced, prosecuted and sentenced to 18 months in prison. When he got out, he found his new notoriety effectively barred him from legitimate security work. That’s when he partnered with one of the more conventional criminals he’d met in jail, embarking on an full time career in cyber crime that ended with what was then a record-breaking prison sentence.

Vision’s 13-year sentence was actually low compared to the 30 years-to-life recommended by federal sentencing guidelines. He caught a break because his defense attorney, prosecutor and judge all accepted that Vision was genuinely remorseful. “He's almost wide-eyed and optimistic in his view of the world," then-prosecutor Luke Dembosky told the court at sentencing.  "I believe that he is very sorry."

When I spoke to Vision afterwards, he spoke of how he’d turn his life around when he got out of prison some day. But he also admitted that he missed the excitement of the cat-and-mouse game that had fuelled his life as a hacker.

"I'm not sure how to really mitigate that, except ignore  it," he said at the time. “I really believe that I'm reformed. But I don't know what's going to happen later."