Mafiaboy opened eyes to computer crime Mafiaboy opened eyes to cybercrime

[InfoSec News <isn () c4i org>]

http://www.canada.com/montreal/news/story.asp?id=3C1DAA77-791C-4754-858F-CF672F47FCE9

SIDHARTHA BANERJEE  
The Gazette 
February 23, 2003

He was a Montreal-area teenager with a rudimentary knowledge of
computer hacking, but he single-handedly crippled the lucrative U.S.  
e-commerce market for brief periods in February 2000.

In the process, the 15-year-old nicknamed Mafiaboy provided the RCMP
with its first and finest example of a high-tech cross-border
investigation, an international conference on policing and security
was told yesterday.

The case also opened the eyes of the federal government, prompting it
to get legislation on the table to help combat cybercrime, RCMP Sgt.  
Marc Gosselin said yesterday.

Gosselin, the lead Canadian investigator in the Mafiaboy case, said
it's not easy to get evidence in denial-of-service attacks, in which
hackers secretly crack into numerous computers, using those "zombie"  
computers to send multiple requests to a server to try to overwhelm it
and shut it down.

"The evidence in this type of case is very volatile. It can be there,
but when it's gone, it's gone," Gosselin said.

Gosselin is hopeful that federal legislation to fight the growing
problem of cybercrime, currently in second reading in Parliament, will
pass.

The new law will require corporations and Internet service providers
to save information - including e-mails and hard-drive contents - and
hand it over to police.

Existing legislation already allows police to obtain warrants obliging
Internet service providers to hand over information and tap into
computer hard-drives.

The RCMP's National Technological Crime Unit has continued to increase
in size, but between international and local cases the staff is
swamped, Gosselin said.

And Christopher Painter, deputy chief of the computer crimes division
of the U.S. Justice Department, noted: "Even if it appears to be a
domestic crime, often if they are sophisticated, (hackers) will bounce
their attacks through several different countries to evade detection
or capture."

Mafiaboy was not a computer whiz kid, but what the investigation
revealed to authorities was that you didn't need an extensive
knowledge of computers to cripple the system.

"He basically had no hacking skills. He used somebody else's tools
that were user friendly," said Gosselin. "He never actually hacked, he
was using user IDs and passwords and software to do the job."

Mafiaboy was sentenced in September 2001 to eight months in a youth
detention centre after pleading guilty to 58 charges.

They included five denial-of-service attacks on the Yahoo, CNN, eBay,
Dell and Amazon Web sites.

Another 52 charges involved illegally accessing computers, including
those of universities in the United States and some as far away as
Denmark and South Korea.

The Mafiaboy presentation was one of the last during a three-day
conference organized by the Law Commission of Canada examining the
problems of private and public policing in Canada.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.