UPDATE The Royal Canadian Mounted Police (RCMP) said that they have arrested a 15-year-old Montreal boy and charged him in connection with the largest hacker attacks to date on e-commerce Web sites in the United States. In accordance with Canadian law, the identity of the boy, who is said to have used the alias "Mafia Boy," was not disclosed.
The boy was charged in a series of denial-of-service attacks. These attacked overwhelmed big Websites with more requests for data than their Web hosts were able to effectively resolve. Yahoo, eBay, CNN, and others were hit.
RCMP Inspector Yves Roussell said the US Federal Bureau of Investigation (FBI) contacted the RCMP "immediately after the first attack" in mid-February. The FBI had at that point identified Mafia Boy as a suspect. The youth faces two charges of mischief in connection with the attacks, said Roussell.
Reports in the wake of attacks had said that Mafia Boy claimed responsibility for the attacks in various hacker-related Internet chat forums. Roussel said the youth was arrested on Saturday, and that his computer equipment had been seized. Analysis of the computers is underway, Roussell said.
The FBI commended the work of the Mounties. The Bureau released a statement that read, "Unlike with most crimes, cyber criminals know no borders and respect no sovereignties. Theirs is a world constrained only by the breadth of the Internet.
"International cooperation is fundamentally vital to success against this new criminal phenomenon," the statement concluded.
For a hectic few days in early February, millions of visitors to many of the Internet's most popular Web sites were blocked from gaining entry or receiving any type of service from the Web sites for hours because they lay crippled, under siege from massive DDoS attacks.
A hacker can instigate a flood of DoS attacks by sending thousands upon thousands of service requests to a Web site or server, causing a bottleneck to occur and jamming all traffic to a standstill while trying to reach its destination. Often third-party computer systems are unwittingly recruited to serve as "zombies" for the massive attack, causing fits for administrators and investigators trying to find the location of the master computer behind the assault through a myriad of spoofed or bogus origin points.
Although it is difficult to gauge how many dollars were lost during February's well- publicized DoS attacks, it is important to keep in mind that some good did come out of the problem, said Chris Christiansen, a security analyst at IDC, in Framingham, Massachusetts.
"The repercussions were enormous and they were in fact quite positive," said Christiansen. "A number of companies developed solutions or installed solutions for these types of attacks. Generally people don't buy fire extinguishers until they have a fire."
Christiansen added that prosecution of the 15-year-old teen could differ greatly from that of the now-incarcerated Melissa Virus creator David Smith.
"Generally, the FBI has been vigorous in their attention to these types of crimes, but he's a minor and he's a Canadian, so that brings into play a whole new set of factors," Christiansen said. "They'll probably squeeze him as much as the law allows to find out if he was one element in a conspiracy."
Includes updated material from IDG News Service by of InfoWorld.com reporter Brian Fonseca.
Copyright 2000 InfoWorld.com (US), International Data Group Inc. All rights reserved.