Computer Hacker to Repay $27.5M, Sentenced to Prison for Credit Scam

USA Today

PITTSBURGH — A San Francisco man who had more than 1.8 million stolen bank and credit card numbers on his home computers was sentenced Friday to 13 years in federal prison and ordered to repay $27.5 million to the banks and credit card companies he victimized.

Max Ray Vision, who legally changed his last name from Butler, had pleaded guilty in June to his role in an online clearinghouse where identity thieves shared stolen information.

A self-taught computer whiz who fell in love with the devices as an 8-year-old boy in his father's computer store, Vision told Senior U.S. District Judge Maurice B. Cohill Jr. that he was mesmerized by "the thrill of hacking, being addicted to it."

Bespectacled, soft-spoken and articulate, the 37-year-old Vision told the judge he had changed and realizes what he did was wrong.

"You probably hear that a lot, but it's absolutely true," he said.

Cohill's sentence was based on a joint recommendation by federal prosecutors and Vision's public defender, Michael Novara. Federal sentencing guidelines suggested a sentence of 30 years to life, which Novara called "ludicrous."

Still, Assistant U.S. Attorney Luke Dembosky said serious punishment was merited because of the scale of Vision's crimes. Dembosky agreed to the lesser sentence because Vision has continued to work with the government under terms that remain sealed.

All Dembosky would say is, "It could relate to a whole range of things."

Before his arrest in 2007, Vision had developed software to prevent hacking and had even worked as a volunteer who helped the FBI understand and prevent cyber crimes.

Dembosky agreed that Vision wasn't mean-spirited, but was more "wide-eyed" and "curious" about what he could accomplish behind a keyboard.

"Unfortunately, that curiosity took a dark turn and that's why we're here today," Dembosky said. "The amount of damage a person can cause with a keyboard in this day and age is astronomical."

Visa, MasterCard, American Express and Discover tracked more than $86 million in fraudulent purchases to the account numbers found on Vision's computers. In all, 10,000 financial institutions were victimized, Dembosky said.

Vision was charged in Pittsburgh because he sold more than 100 credit card numbers and related information to a western Pennsylvania resident who cooperated with the investigation of a website called cardersmarket.com. About 4,500 people worldwide could trade or access stolen credit information on the website from 2005 until it was shut down in 2007.

Vision has been in custody since authorities raided his apartment in September 2007.

Although authorities found 1.8 million stolen credit card numbers on his computers, they said they were confident that Vision had obtained 1.1 million directly, Dembosky said. The others might have come from other sources.

Vision's $27.5 million restitution was calculated by multiplying the 1.1 million by the roughly $25 it costs banks and credit card companies to replace each stolen credit card number, Dembosky said.

"No one should think that's the amount of money Max gained as a result of this misadventure," said Novara, who claims Vision likely netted less than $1 million from selling the numbers.

"I think we're all trying to figure out, how did we get here?" Novara said.

NY Attorney General Alleges Online Fraud

The Wall Street Journal

New York Attorney General Andrew M. Cuomo said Wednesday his office is investigating 22 online businesses for allegedly linking consumers with discount promotions that end up charging them illegal fees.

Online sites of retailers including Staples Inc. (SPLS), Barnes & Noble Inc. (BKS), Avon Products Inc. (AVP), GameStop Corp. (GME), 1-800-Flowers.com Inc. (FLWS) and Orbitz Worldwide Inc. (OWW) "deceptively link" customers to fee-based membership programs, Cuomo said in a call with reporters.

The programs are run by third-party companies that charge unauthorized fees under the guise of discount offers and also receive consumers' credit card numbers, Cuomo said. His office also named the mortgage business of GMAC Financial Services as a participant by offering discounts on mortgage payments.

"Well-known companies are tricking customers into accepting offers from third-party vendors, which then siphon money from consumers' accounts," Cuomo said. "We need them to stop because this is consumer fraud" that extends nationwide.

The charges by the New York Attorney General are believed to be the first by a U.S. state and come as retailers have been adding all sorts of services and promotions to their Internet sites to try and attract business as the recession has caused massive spending pullbacks. Retailers run their Internet programs themselves or work with third-party companies for either parts or all of their Web efforts.

The subpoenas sent by Cuomo's office seek information about retailers' practices of sharing consumers' account information with membership program companies, their knowledge of any deceptive solicitations and what kind of compensation they may be receiving from the membership companies.

All told, Cuomo said his office has sent subpoenas to 22 merchants that have deals with the three major companies that offer these discount programs: Webloyalty, Affinion/Trilegiant and Vertrue.

Eileen Gibson, 66, of Bay Ridge, Brooklyn, said she ordered a book for her son's birthday from Barnes & Noble and after completing her order, a Web page with Barnes & Noble's name appeared and asked if she wanted to receive a $20 "award," which she accepted.

Gibson said she subsequently found out that she was going to be enrolled in a discount membership club and charged $12 a month. She said Barnes & Noble and the membership club weren't responsive to her calls to cancel the arrangement so she contacted the Better Business Bureau.

In a statement, Barnes & Noble said it "does not and has not shared customer debit or credit card information" with the outside companies. "We seek to protect our customers from these types of practices," Barnes & Noble said.

All three of the online discount program companies said they already require customers to provide their full credit card numbers to enroll and that they are cooperating with Cuomo's office.

Calls to other companies named by Cuomo weren't returned.

The subpoenas started going out several months ago, said Richard Bamberger, a spokesman for Cuomo. The Attorney General's office has heard back from most of the companies, Bamberger said, but declined to provide their names.

Cuomo said when consumers shop online from familiar retailers, they are often presented with a discount or cash-back incentive offer as they complete their purchases. By clicking on the discount or incentive banner, they are unknowingly directed to a membership program seller's Web page that is separate from the online retailer's site and recurring charges begin to appear on consumers' credit or debit card bills from unfamiliar companies, Cuomo said. Because the charges are often small they can go unnoticed for some time.

The three membership program sellers being investigated bring in revenue of more than $1 billion per year, much of which is amassed through fraud, Cuomo said.

Many consumers have reported that the companies offering membership programs make it difficult for them to cancel memberships and obtain full refunds of the unauthorized charges.

Cuomo said his office reached an agreement with online movie ticket retailer Fandango to permanently end the practice of sharing customers' credit and debit card information with discount program sellers.