Skip to content
Naked Security Naked Security

‘Iceman’ hacker charged with running drone-smuggling ring from jail

Max Ray Vision says he's innocent of owning the phone used to orchestrate the scheme and ripping off debit cards to fund the drone purchase.

Max Ray Vision, a computer security consultant turned hacker who’s serving what was a record-setting, 13-year prison sentence for illegal hacking when he was sent away in 2010, has racked up more charges from behind bars.
The Daily Beast reported on Friday that Vision – formerly Max Ray Butler, who goes by the handle Iceman – allegedly used a contraband cellphone to loot debit card accounts and to then fund the delivery, via remote-controlled drone, of even more contraband dropped into a Louisiana prison yard.
Vision, 46, pleaded not guilty to the charges during an arraignment last month in Lake Charles, Louisiana, according to his case docket. A hearing in his case has been set for 20 December.
The Iceman pleaded guilty in February 2010 to two counts of wire fraud connected to the theft of 1.8 million credit card numbers and $86 million in fraudulent purchases.
This is a guy with a whole lot of hacking history, both on the right and the wrong side of the law. To give you a sense of his background, The Daily Beast’s Kevin Poulsen notes that he interviewed Vision for a book that wound up titled Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground.
Vision wasn’t sated with the fruits of his ravenous payment card appetite. No, he went from there to not only starting a market for credit card thieves but also eating up competing cybercrime forums. From the Daily Beast:

Under the moniker “Iceman,” Vision operated an underground criminal marketplace called CardersMarket that brought hackers and identity thieves together to do business. The site achieved legendary status in 2006 when Vision hacked into competing cybercrime forums and merged them into his own site by force, a move that marked the computer underground’s first hostile takeover.

Vision is so infamous that CNBC featured him in an episode of American Greed: a true-crime series about the “dark side of the American dream,” where “some people will do ANYTHING for MONEY.”

The latest charges

The indictment, seen by Poulsen, centers on Vision’s time at the Federal Correctional Center in Oakdale, Louisiana. In October 2014, he allegedly got his hands on a myTouch T-Mobile Android phone that had been smuggled into the prison.
He allegedly used the phone for more than a year before he began using it to “access the internet and obtain stolen debit card numbers” in December 2015, according to the indictment.
Allegedly using ill-gotten payment card numbers, Vision then used Western Union and Moneygram mobile apps to send $300 cash payments to the jail accounts of fellow inmates. The indictment names five as co-defendants: what The Daily Beast describes as “a mixed crew of bank robbers and crack cocaine dealers serving sentences of as long as 15 years.”
One of them is said to be a former cellmate of Vision’s named Jason Dane Tidwell with a history of gun and drug charges who stayed in the area after his May 2015 release. Prosecutors say that Tidwell stayed in touch with Vision via an encrypted messaging app.
Vision allegedly told Tidwell to buy a remotely piloted drone with some of the debit card scam proceeds. In the spring of 2016, the indictment says that Tidwell, Vision and two other inmates planned their first drone delivery of more cell phones, tobacco and drugs. They screwed up the first attempt, so Tidwell found somebody with better flying skills. That did the trick: on 24 April 2016, at 1:19 in the morning, the drone flew over two layers of barbed-wire fences, then dropped a bag into the prison’s recreation yard.
A snitch ratted them out the next day, but guards never managed to find the contraband. One inmate, Phillip Tyler Hammons, confessed to picking up the contraband airdrop, and he fingered Vision as the mastermind behind the plan.

Why risk more time?

Vision is currently set for release in April 2019. Why would he jeopardize his long-awaited freedom?
According to court documents, he is planning to claim he was set up. In fact, he’s written in two federal lawsuits filed against Oakdale prison staff that Hammons falsely implicated him because he was miffed about a tiff over rules in a role-playing game. Here’s the Daily Beast again:

Vision claims that it was Hammons who was responsible for the drone, as well as everything done with the contraband cell phone. Hammons pointed the finger at Vision because he was fuming over a rules dispute between the two men during a recent game of Pathfinder, a Dungeons and Dragons-like role playing game.

What proof does the Bureau of Prisons (BOP) have that Vision masterminded the drone drops and payment card rip-offs? It doesn’t describe how Vision allegedly stole the debit card details, but its documents note that the myTouch smartphone showed evidence of “logons to hacker forums” made through Tor. That could have been anybody with knowledge of the anonymizing browser, but that description certainly fits Vision.
Regardless of whether the Iceman was behind the debit card rip-off/drone-delivery scheme or whether it was another inmate, something’s got to give. This is just another example of the crimes that criminals can still pull off while they’re incarcerated. Another recent example was that of a $560K sextortion scam run by inmates, in which they posted fake profiles of young women, sent nude photos to the service members who engaged in chats with the profiles, and then claimed to be fathers or police contacting them to let them know the “girls” were underage.
All that can be done via a mobile phone and a network of allies on the outside. So too can phones be used to call for hits on rivals and enemies.
Prisons have tried multiple ways to stop the smuggling of those phones, be it netting to catch the phones that get tossed over the fence or cell signal access filtering technology. The latter has proved successful, but prison administrators say it’s too expensive to implement widely.
Also, in June, the Federal Aviation Administration (FAA) established temporary no-fly zones around maximum security prisons for Unmanned Aircraft Systems (UASes). The BOP told the Daily Beast that it’s also drawing up plans to intercept and destroy drones that pose a “credible threat” to federal prisons.


Blackhats get jobs but natsec breakers get ostracized. Simply put, we CREATE cybercrooks by demonizing research. Ofc different if he’d’ve done it today POSSIBLY:
“In 1998, when he was still considered a top “white hat” hacker, Vision wrote code that breached thousands of U.S. military systems around the country. The code wasn’t built to destroy, but rather to fix a known and widespread software vulnerability in the Defense Department computers before a more malicious adversary could exploit it.
Despite his good intentions, Vision was traced, prosecuted and sentenced to 18 months in prison. When he got out, he found his new notoriety effectively barred him from legitimate security work. That’s when he partnered with one of the more conventional criminals he’d met in jail, embarking on an full time career in cyber crime that ended with what was then a record-breaking prison sentence.”


If or when Butler, or “Vision” is released, he is going to need to get a good job – he owes a butt-load of restitution!


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!