December 08, 2000, 4:54 PM — UPDATE The Royal Canadian Mounted
Police (RCMP) said that they have arrested a 15-year-old Montreal boy and charged him
in connection with the largest hacker attacks to date on e-commerce Web sites in the
United States. In accordance with Canadian law, the identity of the boy, who is said to
have used the alias "Mafia Boy," was not disclosed.
The boy was charged in a series of denial-of-service attacks. These attacked
overwhelmed big Websites with more requests for data than their Web hosts were able to
effectively resolve. Yahoo, eBay, CNN, and others were hit.
RCMP Inspector Yves Roussell said the US Federal Bureau of Investigation (FBI)
contacted the RCMP "immediately after the first attack" in mid-February. The FBI had
at that point identified Mafia Boy as a suspect. The youth faces two charges of
mischief in connection with the attacks, said Roussell.
Reports in the wake of attacks had said that Mafia Boy claimed responsibility for the
attacks in various hacker-related Internet chat forums. Roussel said the youth was
arrested on Saturday, and that his computer equipment had been seized. Analysis of the
computers is underway, Roussell said.
The FBI commended the work of the Mounties. The Bureau released a statement that
read, "Unlike with most crimes, cyber criminals know no borders and respect no
sovereignties. Theirs is a world constrained only by the breadth of the Internet.
"International cooperation is fundamentally vital to success against this new criminal
phenomenon," the statement concluded.
For a hectic few days in early February, millions of visitors to many of the
Internet's most popular Web sites were blocked from gaining entry or receiving any type
of service from the Web sites for hours because they lay crippled, under siege from
massive DDoS attacks.
A hacker can instigate a flood of DoS attacks by sending thousands upon thousands of
service requests to a Web site or server, causing a bottleneck to occur and jamming all
traffic to a standstill while trying to reach its destination. Often third-party
computer systems are unwittingly recruited to serve as "zombies" for the massive
attack, causing fits for administrators and investigators trying to find the location
of the master computer behind the assault through a myriad of spoofed or bogus origin
points.
Although it is difficult to gauge how many dollars were lost during February's well-
publicized DoS attacks, it is important to keep in mind that some good did come out of
the problem, said Chris Christiansen, a security analyst at IDC, in Framingham,
Massachusetts.
"The repercussions were enormous and they were in fact quite positive," said
Christiansen. "A number of companies developed solutions or installed solutions for
these types of attacks. Generally people don't buy fire extinguishers until they have a
fire."
Christiansen added that prosecution of the 15-year-old teen could differ greatly
from that of the now-incarcerated Melissa Virus creator David Smith.
"Generally, the FBI has been vigorous in their attention to these types of crimes,
but he's a minor and he's a Canadian, so that brings into play a whole new set of
factors," Christiansen said. "They'll probably squeeze him as much as the law allows to
find out if he was one element in a conspiracy."
Includes updated material from IDG News Service by of InfoWorld.com reporter
Brian Fonseca.
Copyright 2000 InfoWorld.com (US), International Data Group Inc. All rights
reserved.
