Computerworld

Canadian Mounties get their Mafiaboy

SAN MATEO (04/22/2000) - After a two month cybermanhunt, a 15-year-old Montreal teenager, who went by the online name Mafiaboy, was arrested last week in connection with the distributed DoS (denial of service) attacks that immobilized Internet giants including CNN, eBay, Yahoo Inc., Amazon.com Inc., and ETrade Group Inc. in February.

The teen, whose name is not being released, has so far been charged with two counts of mischief to data on CNN's Web site and over 1,200 Web sites it hosts, during a 4-hour lockout on Feb. 8. Computers were taken from his premises, however, and are being analyzed to identify additional pieces of evidence in the case. Future charges or arrests in the case may also develop as the investigation by the Computer Investigation and Support Unit of Montreal's RCMP (Royal Canadian Mounted Police), the FBI, the U.S. Department of Justice, and the National Infrastructure Protection Center continues.

The teen pleaded not guilty and was released on bond with several nonacademic computer access and proximity restrictions imposed on his release, said inspector Yves Roussel of the RCMP. Mafiaboy led authorities to him by publicizing through chat rooms and message boards frequented by hackers that he was responsible for the attacks, Roussel said.

Considering the nature of the assault, some security analysts were not surprised to learn that the culprit was so young.

"What we saw back in February was not elegant. That was brute force, and there wasn't a whole lot of smarts involved," said Eric Hemmendinger, an analyst at Aberdeen Group, in Boston. "That this is the first time it happened [on a large scale] is very surprising."

DoS assaults are implemented by jamming a Web site or server with tens of thousands of service requests. Often third-party computers are unwittingly used as "zombies" to assist in the bombardment.

Although dollars were lost during the attacks, it is important to remember that some good came from them, said Chris Christiansen, a security analyst at IDC, in Framingham, Massachusetts.

"The repercussions were enormous, and they were in fact quite positive," Christiansen said. "A number of companies developed solutions or installed solutions for these types of attacks. Generally, people don't buy fire extinguishers until they have a fire."