The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

Historic Hacks of the 2000s, Part 1

The rivalry never ends.In what was surely one of the worst attempts ever to ease worker concerns, the governor’s spokesman, Steve Maviglio, in a press interview stated that “it didn’t appear as if any personnel information was used illegally.”


After offering suggestions on how state employees could protect their personnel data in the future, Maviglio declared California was not alone in the cyber wars: "This happens to thousands of computers worldwide, it's not isolated to the state. We have strong protections, but hackers are able to figure ways around it.”




It wasn’t the breach that caused problems so much as when the press found out that the State Controller’s Office had waited two weeks before revealing the breach.


State legislators were understandably upset at the delay and in response, passed the country’s first breach-disclosure law, SB 1386. The law required hacked organizations to “promptly warn potential identity theft victims.”


The cat was completely out of the bag as a number of major corporate breaches in California soon made headlines. Other states soon followed California’s lead and passed similar data-breach laws. Today each U.S. State has such a law in place.


The FBI did track the attack to an e-mail address in Massachusetts but were unable to identify the offending party and gave up the investigation, perhaps concluding it was most likely just the latest round in Boston versus L.A.


Max Vision (2006)


Max Ray Vision, also known as “Iceman,” was a talented cybersecurity pro who just couldn’t stay out of trouble. His life and career were tumultuous. He was fired from several jobs and sued by a number of former employers.


Vision also did a couple of stretches in the Big House: 3.5 for assault and then 18 months for hacking into Defense Department computers.


For a time, Vision worked as a legitimate cybersecurity consultant, but like a moth to a flame, he simultaneously ran CardersMarket, an online forum where criminals could buy and sell sensitive data like credit and debit cards, social security numbers, and so forth.


Up to this point Vision’s little dance outside the law hadn’t been enough to get him noticed by the authorities. That all changed one night in 2006 when he decided to go big time. Vision went on a 48-hour hackathon. In a made-for-Hollywood twist, he didn’t target legitimate organizations, instead he went after fellow identity thieves.


Vision hacked into numerous online carder forums, wiped their data bases clean and shut the sites down. Throwing salt into the wound, he added their content and memberships to his own forum. With 6,000 members CardersMarket was now the largest English-speaking criminal marketplace on the web. Vision and fellow members would go on to steal two million credit cards and run up approximately $86 million in fraudulent charges.


Unfortunately, Vision’s hostile takeover of the illegal sites drew the attention of the FBI — officials were already investigating his victims and had actually infiltrated a number of their sites. It took a year for the Bureau to track Vision down and arrest him. In 2007, faced with a life sentence under federal sentencing guidelines, Vision took a plea deal and scored a 13-year prison incarceration — the longest to date in the U.S. for a computer hacker. He also has to pay $27.5 million in restitution upon his release.




Besides the obvious lesson that card issuers needed to better secure customer accounts, the FBI created a division focused solely on cybercrimes. In 2018, Vision was again charged with wire fraud, two counts of conspiracy and possessing stolen credit card numbers and contraband in prison. Vision proved that an incarcerated IT-pro can still be dangerous by using a commercial-grade drone to smuggle a T-Mobile “MyTouch” cellphone into prison to access the internet and obtain stolen debit card numbers.




Calvin Harper is a writer, editor, and publisher who has covered a variety of topics across more than two decades in media. Calvin is a former GoCertify associate editor.