PITTSBURGH (2/18/10)--A former computer security consultant from San Francisco was sentenced Friday in Pittsburgh to 13 years in prison for stealing nearly two million credit card numbers from financial institutions, businesses and other hackers. Max Ray Vision, 37, who recently changed his name from Max Butler and was known as "Iceman," pleaded guilty in June to wire fraud and identity theft charges. He received the longest hacking sentence in U.S. history--for now. In addition, he will face five years of supervised release and must pay $27.5 million in restitution to his victims. Vision faced life in prison but has been cooperating with authorities. Vision was arrested with 1.8 million stolen credit card numbers belonging to thousands of financial institutions, possibly including credit unions. The fraudulent charges totaled more than $86.4 million, said Wired.com (Feb. 12). He even stole from other criminals. Vision ran an online forum for thousands of identity thieves called CardersMarket.com, where he sold credit card magnetic stripe data for about $20 a card, said Wired.com. He hacked into carder forum websites where criminals bought and sold stolen card numbers, wiped out their databases and forced them to conduct their business through CardersMarket.com, said Computerworld (Feb. 12). In the late 1990s he provided information to the Federal Bureau of Investigation on security and piracy threats and created an open source library of attack signatures used to detect computer intrusions. However, in 2001, he was sentenced to 18 months in prison for launching an attack that launched malicious software on thousands of Pentagon systems. In prison, he met former bank robber Chris Aragon, who became his partner. Aragon, whose trial on related state charges in California is pending, allegedly used Vision's stolen card data to create counterfeit cards, complete with holograms, and recruited shoppers who used the cards to snap up designer merchandise for resale on eBay, said police. Vision's plea deal wraps up a separate federal case in Virginia, where he was charged with staging the first documented "spear phishing" attack against employees of a financial institution by unlawfully accessing the corporate network of Capital One bank. His record sentence likely will be broken next month when confessed TJX Cos., Heartland Payment Systems and Hannaford Bros. hacker Albert Gonzalez is sentenced. Gonzalez has two sentencing hearings. One of his plea agreements is considering a term of 17 to 25 years in prison.