Kevin Poulsen now gives an insight about the way Max Vision went distinctly black hat under the pressure of circumstances after completing his jail sentence.
Getting into Taft turned out to be a very important development, because before – he was kind of a misguided naive white hat, sometimes black hat, grey hat hacker who was just acting for hack value. Once he got into Taft, he started mixing with real criminals, white-collar criminals – it’s not a maximum security facility, but real career criminals with a lot of experience, a lot of criminal savvy. So if you’re ever been to prison, you know that it really is like a grand university of crime. Like, you get people mixing from all sorts of different disciplines, they hatch schemes and they learn from each other, it’s actually like the most fun part of prison – you meet interesting people. I experienced that myself. I know more about, like, how to rob a bank than I care to. When you knock over the grocery store and get them to open their safe, look for the mag mounted compartment at the roof of the safe where the cash is actually hidden – all sorts of tidbits like that.He made a lot of contacts. When he got out, he genuinely wanted to go straight though. So this is where he moved on into his next phase. He was released to a halfway house, they told him: “You have to get a job or you’re going to go back to the joint.” You would think that would be easy for someone who used to make 100 dollars an hour doing penetration testing, somebody who had a really strong name in the computer security community. And when he was sentenced on these Pentagon hacking things, the biggest names in computer security research world wrote letters to his judge saying: “Don’t imprison this guy, it will be bad for the Internet. He’s helping us.” But when he got out, now a convicted felon, a convicted hacker in a very high-profile case, he found out that nobody would hire him, basically. He sent this now kind of legendary email from a halfway house in Oakland to a computer security employment mailing list saying: “I’ve got to get a job or they will send me back to the joint; I will work for a minimum wage until I get out of the halfway house.” He got virtually no responses, somebody eventually responded and paid him a little over the minimum wage to assemble PCs in their shop. So he grow frustrated, and he was at this point: he got out of the halfway house, he was staying with friends, he got one pen-testing gig from an old client that just kind of threw him a bone, but he wasn’t really going anywhere, and he wasn’t making any money, and his outlook was looking kind of grim when a friend that he’d made in the joint contacted him and said: “Hey, we should work together!” He met the friend in a hotel, they talked about what they might do together; that friend wound up introducing him to another contact, a career criminal and former bank robber named Christopher Aragon.
Aragon is an interesting guy, he had some juvenile convictions and then he got in trouble in the early 80s for a string of bank robberies, most of them botched, but the last one was successful – they actually got out with cash, him and his partner, but then there was a high speed chase through the streets of Aspen, and he was arrested and he went to jail. When he got out of jail, Chris dabbled in credit card fraud for a while, then migrated into drug trafficking, he got popped again in a big undercover operation involving huge amounts of marijuana.
So he went back to the joint again, he wound up when he got out in 1996, and then he went back in for violation, and then he got back out again, he decided it was time to go straight. So at the time that he met Max, he’d actually been a legitimate businessman for a while: he ran an equipment leasing company in Orange County that specialized in leasing computer equipment and office equipment to start-up companies. The problem was the dot-com bubble burst and his whole business collapsed.
So after really going the extra mile for someone with his background to be legitimate – he had a wife, he had kids, he was in Orange County – he was now looking to get back into crime. So he met up with Max and they started talking about what they might be able to do together. He agreed to fund Max, to give Max money to get a nice Alienware laptop and to get some other hacking gear.
And the idea at this point was kind of unfocused, but Max would basically hack fulltime and break into banks or build botnets, like whatever he could do that might ultimately become profitable in some way.So it was very unfocused at first. Max had learned from his Pentagon hacking not to hack from home – a very basic lesson that he learned the hard way, plus he was still crashing with friends, so what they wound up doing is Chris would come up to San Francisco once or twice a month – this is where Max lived – and rent a hotel room for Max for anywhere from a few days to a week at a time. Max would check in to the hotel room and do all of his hacking from there. For bandwidth and untraceability (this is where I have a visual aid) Max would use Wi-Fi, so he got an antenna and he would smuggle it up to fire stairs so that they wouldn’t have to bring it to the lobby, because they thought it might attract some attention. So this is the exact antenna that Max used. They would set it on a tripod by the window in a hotel room; most of the hotels were in downtown San Francisco, where the financial district is, so they could just set this up and sweep around; and if you ever played with NetStumbler, you know that an antenna like this would pick up a huge number of Wi-Fi access points, and the ones that even bother to have security, that were likely to be using the WEP were still likely to be crackable. He wasn’t actually trying to hack their networks using the Wi-Fi, he was just using it for bandwidth. He knew that if anybody traced his hacking, they would wind up nowhere and he was completely safe.
So Max had a lot of success by scanning for vulnerabilities, known vulnerabilities, occasionally zero-days that he got through his contacts, and cracking stuff. So he got into small savings and loans, and credit unions – he found them particularly vulnerable. He wrote a script that would go to the FTIC’s website and get a list of small institutions and then automatically get their IP range from the ARIN database and would start scanning their IP ranges. He was very quickly getting into stuff, but he had no idea what to do with it. He had no idea how to turn it into cash.