Reply-To: iwar@egroups.com
Subject: [iwar] Historical posting
Date: Thu, 30 Mar 2000 23:49:18 -0500
From: cybercrimes@t...=20
Subject: FBI Computer Expert Accused of Hacking=20
FBI Computer Expert Accused of Hacking
Henry K. Lee, Chronicle Staff Writer Friday, March 24, 2000 A92000 San Francisco Chronicle
URL:
http://www.sfgate.com/cgi-bin/article.cgi?file=3D/chronicle/archive/2000/03=/24/MN57003.DTL
Max Ray Butler seemed to be at the top of his game. For two years, the computer expert was a confidential source for an elite FBI computer crime squad, helping to ferret out scofflaws on the Internet.
Butler, also known as Max Vision, was also a self-described ``ethical hacker'' from the Silicon Valley who boasted that he could test the security of any computer system by penetrating it.
But Butler's cyber activity went too far, federal authorities say.
Butler, 27, of Berkeley appeared in federal court in San Jose yesterday on a 15-count federal indictment charging him with hacking into computers used by the University of California at Berkeley, national laboratories, federal departments, air force bases across the country and a NASA flight center.
Butler posted $50,000 cash bail yesterday after U.S. Magistrate Judge Patricia Turnbull ordered him not to use computers except for work. Butler and his attorney, Jennifer Granick of San Francisco, could not be reached for comment.
The indictment, handed down March 15, said Butler caused ``reckless damage'' as a result of intrusions in May 1998. Butler was also charged with possession, with intent to defraud, of 477 passwords belonging to customers of a Santa Clara- based Internet service provider.
The case underscores the potential risks involved when law-enforcement agencies use confidential informants with access to sensitive information.
``Sources are often very close to criminal activity, and sometimes they cross the line,'' said Special Agent George Grotz, an FBI spokesman in San Francisco.
Grotz declined to say how Butler became an FBI informant and whether he was a federal source at the time of the alleged crimes. Grotz said Butler is no longer associated with the agency.
Friends of the suspect told the Associated Press that Butler was caught possibly violating the law several years ago and began working with the FBI to avoid charges. Seth Alves, 27, told the news agency that Butler was unfairly targeted after refusing to comply with an FBI request.
A 22-month investigation by the FBI and military investigators ended Tuesday morning when federal agents converged on a home on Dwight Way near the UC Berkeley campus, where Butler lives with his his 23-year-old wife, Kimi Winters. No one answered the door. Butler turned himself in to the FBI in Oakland later that day.
Butler grew up in Idaho and lived with his family in Washington, where authorities said he has a 1997 misdemeanor conviction for attempted trafficking of stolen property.
He developed a proficiency with computers, eventually attracting the attention of the FBI's Computer Crime Squad, which used him as a confidential informant.
An FBI search warrant affidavit said Butler was ``well known'' to squad members and ``has provided useful and timely information on computer crimes in the past.''
In 1997, Butler started a company known as Max Vision in Mountain View, specializing in ``penetration testing'' and ``ethical hacking'' procedures in which he would simulate for clients how a hacker would penetrate their computer systems, according to the company Web site.
``Our client penetration rate is currently 100 percent,'' the site said, with recent clients including a large consortium of telecommunications companies, a major motion picture company and an e-commerce online auction service.
By 1998, Butler was living with Winters in a one-story San Jose apartment, where the couple started up their own Web-design company, Kimi Networks, records show. Reached by telephone yesterday, Winters hung up on a Chronicle reporter.
It was also from that apartment, according to the FBI, that Butler hacked into computers by using a computer software vulnerability known as a buffer overflow, which sends commands into a system that ordinarily would not be allowed.
Butler also allegedly invaded computers used by the Lawrence Berkeley National Laboratory. Vern Paxson, a computer scientist at the lab, noticed an online intruder conducting unauthorized scans of laboratory and UC Berkeley computers in May 1998 and used a monitoring device that later helped identify the source of the intrusions.
Paxson said yesterday that Butler's arrest was ``somewhat ironic'' but ``not totally surprising.''
Paxson said a person later identified as Butler even sent him an apologetic e-mail a day after the computer intrusions. Butler also somehow obtained a confidential incident report Paxton had filed about the invasions, Paxson said.