Canadian Police Arrest 'Mafiaboy' for Recent D.o.S. Attacks

Hampshire hacker known as "Coolio", was involved in the attacks in Feb. He admitted to the attack in a chat room.
Experts say that the assault on CNN was less sophisticated than the assault on Yahoo.
"I literally could show you how to do it in four hours," said one computer expert.
In an odd twist, police used wiretaps to monitor the boy and found that his father, John Calce, 45, president of a transportation company, had been plotting to hire someone to attack a business associate. He was arrested and released on bond.
One neighbor, Nicole Bertrand, whose 15 year old daughter plays in the same basketball league as Mafiaboy, said, "You wouldn't want your kids to emulate him. On the other hand, he'll probably get a great job with an Internet company and make lots of money some day."
One friend said, "He shut down all those companies. He's got my respect."

MONTREAL, Canada- Canadian Police charged a 15 year old hacker "Mafiaboy" with two counts of mischief to data on Wednesday, April 19 of this year.
"Mafiaboy" was charged with the recent Denial of Service Attacks in February on CNN, Yahoo, and other major web sites. CNN and its 1,200 hosted sites were jammed for four hours on Feb 8th.
A group of law enforcement agencies from the U.S. worked with the Canadian Police to arrest the boy on April 15th and formally charge him two days later. The boy pleaded not guilty.
The teen's name cannot be released under a Canadian law due to his age, though he is known as "Mafiaboy" on the Internet.
Police Inspector Yves Roussel said investigators were able to track the Canadian boy partly because he had bragged about what he did in Internet chat rooms.
Police were also able to confirm the attack by computer logs from the University of California at Santa Barbara.
The boy had apparently built up his attack in six months and used the computers at UCSB to initiate the attack.
The attacks involve using one computer (the boy's) to make other "slave" computers attack the server. The slave computers can be used without their owner's knowledge. The hacker makes these slave computers send large amounts of data to the server in a short period of time and finally overloading the targeted site.
"A hacker electronically broke into the

UCSB computer on Feb. 8 and instructed it to send large amounts of traffic to CNN.com's Web site," said campus network programmer Kevin Schmidt.
The boy probably used the internet service provider Delphi Supernet, a Montreal ISP that was acquired by Toronto based Internet Direct last year because a subscriber with the user name Mafiaboy had held two accounts with the ISP.
The RCMP's (Royal Canadian Mounted Police) charge of data mischief carries a maximum sentence for juveniles of two years in detention and a fine of C$1,000 ($675) under the Computer Fraud and Abuse Act. The Canadian boy has been released but his bail include not using a computer except for academic reasons and under a teacher supervision.
About 20 members of law enforcement, most RCMP, raided the boy's home. His 18 year old brother and step-mother were also in the house at the time.
His stepmother, who declined to give her name, said that the family  did not belong to any kind of mobster operation and that the boy was not part of a hacker network. "He's just a kid," she said.
The boy was a ninth grader at Riverdale High but was transferred to another school because of discipline problems. He lived in an upscale, western suburb of Montreal. He was also good at basketball and played for a team.
Attorney General Janet Reno said that the boy must be punished. "I think that it's important first of all that we look at what we've seen and let young people

know that they are not going to be able to get away with something like this scot-free," Reno said to reporter on Capital Hill. " There has got to be a remedy, there has got to be a penalty."
Computer experts believe the boy had help because he lacked the skills to create the programming used in the attacks and might have borrowed the tools he needed. The boy used programs or scripts that is available for downloading on the internet if one knew where to find it. The attacker only has to tell the program when and where to attack and the program does the rest.
"He had good knowledge of computers, but he was not what we would call a genius," said Sgt Roy of the RCMP.
Beyond Montreal, police are investigating a group of hackers based in Israel involved in various cybercrimes. The group is believed to be a part of a larger hacker network who spend time in the password only  chat room TNT.
Investigators are also looking into if  Dennis Moran, a 17 year old New

How a Denial of Service (D.o.S.) Attack Works

The Denial of Service Attacks in the recent months have crippled some major websites such as Yahoo, Ebay, CNN, and others. These attacks have turned out to be committed by only a fifteen year-old teenager. To understand how a young non-technical hacker could have done this, we must understand how a DoS attack works.
When a user goes on the internet to visit web pages, the user's computer is actually communicating with a server and getting the

page from the server. In a normal connection, a user may send a message to the server asking it to authenticate it for a specific reason. The server then returns the authentication response to the user, giving the user access or denying it.
In a DoS attack, the user sends many requests to the server and fills the server up. All requests contain false return addresses, which makes the server unable to return the response. The server then waits, and it sometimes

takes more than a minute to close the connection. When the server finally does close the connection, the attacker sends more false requests to the server, and each time the process repeats itself, tying up the server with floods of false requests.
In "Mafiaboy's" case, he had used the computers at University of California at Santa Barbara and its bandwidth to send the false requests. He had built up his attack in six months connecting to the UCSB computers and

sending them instructions to send false requests on a specific day using commercial hacking software.
One way to stop a DoS attack is to set up a filter or a "sniffer" on the server or network before any requests reach the server. The filter can look for attacks by noticing patterns or identifiers in the requests. The filter can block request patterns that come in frequently, protecting the server from being tied up. It will allow normal requests.