In a five-count indictment unsealed on Tuesday, federal prosecutors allege that Butler ran a scheme to hack into computers at financial institutions and credit-card processing centers, stealing account information and selling the data to others. Butler also ran the online carders' forum, CardersMarket, under the name "Iceman" and "Aphex" as a way to coordinate illegal activities and meet people with similar interests, according to an affidavit penned by the U.S. Secret Service, which spearheaded the investigation.

The affidavit also claims that an associate of Butler -- 47-year-old Capistrano Beach, Calif., resident Christopher J. Aragon -- used some of the stolen credit-card numbers to run up fraudulent transactions and provided Butler with a cut of the proceeds. Aragon, arrested in May, told Secret Service agents that Butler provided him "tens of thousands" of stolen credit-card numbers.

"Identity theft is the fastest growing crime in the United States," said Luke Dembosky, Assistant U.S. Attorney for the Western District of Pennsylvania, which is prosecuting the case. "Any chance we have to make an impact on ID theft activities, especially on this scale, is something that we are going to pursue aggressively."

This is the second time around for Butler, better known amongst security researchers and hackers as "Max Vision," a former security professional who created the open-source catalog of network vulnerabilities known as arachNIDS and the former administrator of the Whitehats.com security information site.

In 2000, Butler plead guilty to charges that he created an Internet worm that hacked into systems at McChord Air Force Base, NASA's Marshall Space Flight Center, the Argonne and Brookhaven National Labs, IDSoftware, and an unspecified Defense Department system. During that time, he had also provided information to the FBI as an informant.

In May 2001, Butler received a sentence of 18 months -- time he served at the privately-held Taft Correctional Institution in central California. Following his release from prison in October 2002, Butler could not find work but needed a job to satisfy his parole requirements. After a plea to the security community, he was hired by a Silicon Valley consultant.

According to the Secret Service affidavit issued on September 4, 2007, Butler met Christopher Aragon soon after he left prison.

Aragon allegedly procured computer equipment for Butler, who he described as "financially destitute," so they could make money through illegal hacking and identity theft. The affidavit claims that, in 2005, Butler founded CardersMarket and provided stolen credit-card numbers to Aragon, whose "crew" would use them to buy merchandise.

During the 16-month investigation, the Secret Service maintained two confidential informants, one of which was an administrator on the CardersMarket forum. The informants gave the investigators an eye-opening view of the inner workings of the carders' world, the affidavit stated.

Butler purportedly used at least five different handles -- including "Iceman," "Aphex," and "Digits" -- in an attempt to confuse law enforcement and keep his administrative activities on CardersMarket separate from his outright illegal activities, the affidavit maintains.

"(The) reasoning is, Iceman is legal; Digits is breaking the law," Iceman messaged one of the confidential informants in August 2006, according to the affidavit. "I assumed that if I could keep it separate there would be no legal leg to stand on for coming after 'me' as the forum admin."

When introduced by Aragon to associates in real life, Butler used the name "Sam," the affidavit claims.

Aragon and three associates, including his wife Clara, were arrested on May 12 after allegedly using counterfeit American Express credit cards to purchase about $13,000 in goods at Bloomingdales, according to a statement issued by the Newport Police Department in California.

A federal grand jury indicted Butler on charges of wire fraud and identity theft. If Butler is found guilty of all five charges, he could face up to 70 years in prison and a fine of $1.5 million, according to the U.S. Attorney's Office in Pittsburgh. Butler is currently being held in San Francisco until he appears in court on Monday.

As for CardersMarket, the site had "thousands of members worldwide," according to prosecutors. On Wednesday, the site was still up, but the forums had been stripped of all posts except for a string of messages discussing the arrest of the administrator. By noon PST, most of those messages were deleted leaving only two posts by a single member, "achilous."

"These precautions seemed justified given the severity of the situation," Achilous wrote. "It may only be a matter of time before a government agency takes over this forum."

If you have tips or insights on this topic, please contact SecurityFocus.