MAFIABOY
How I Cracked the Internet
and Why It's Still Broken
By Michael Calce
with Craig Silverman
Viking Canada, 276 pages, $34
The best, brightest and most entrepreneurial computer hackers undertake a perilous journey. They set out to demonstrate technical prowess, which eventually brings legal problems; ultimately, they try to turn their skill and experience into viable careers, most often in the very sector (computer security) they infiltrated. This is a standard hacker odyssey. The problem is that sirens of chaos, hubris and obsession usually get in the way.
For those who don't recognize the name, Michael Calce is Canada's most notorious hacker, whose online handle, Mafiaboy, mesmerized the global press, RCMP and FBI in February, 2000. The then 15-year-old temporarily disabled the blue chip websites of Yahoo!, CNN, E*TRADE, Dell, eBay and amazon over the course of a week. As a young offender, he was sentenced to eight months in open custody, a year's probation and a small fine. His legal defence failed, as the judge did not accept that he was running tests of the security of the sites he bombed with unmanageable numbers of requests.
Mafiaboy: How I Cracked the Internet and Why It's Still Broken is a cautionary memoir about how a teen who was "born to hack" became infatuated with computers at 6, graduated to spamming and phishing by 9 and was, by 11, smitten by Hollywood versions of hacker subculture into which he made initial inroads, on Internet Relay Chat (IRC) channels devoted to hacking, under his first alias, Archangel.
Traumatized at 12 by the death of his computer-loving pal Nick, to whose memory the book is dedicated, young Michael graduated from writing simple software applications to keep track of his hockey cards to joining his first hacker group. There, he found his métier as a botnet builder - commanding a network of compromised computers - to engage in Denial of Service attacks against, at this juncture in his hacking career, other hacker IRC channels.
At 13, he got his virtual equivalent of gang colours by joining a crew of hackers, borrowed his infamous handle of Mafiaboy from his elder brother, and set about proving himself among his online peers in internecine hacker fighting. Up the ladder of online notoriety he climbed, while his offline school world began to implode.
The book holds some surprises. Calce provides a valuable piece of information about his first major hack prior to his February, 2000, actions. In 1999, he unleashed a Denial of Service attack against a U.S. Internet service provider, OutlawNet, which was traced to an e-mail account at his parent's house by intrepid RCMP Corporal Marc Gosselin, Mafiaboy's nemesis in this tale. When Calce's father was contacted by authorities, he rebuffed them with disbelief and bluster. When Gosselin eventually got the call from the FBI about the big events of 2000, the clues again pointed to the same house, and he put together the pieces.
The moral is simple: The beginning was already the end for Mafiaboy.
Calce's book is written defensively to persuade readers that he really deserves to be considered a genuine hacker, and not merely a risible script kiddie (cyberspeak for an inexperienced, often malicious hacker). During the height of his media fame, Calce was excoriated by hacker elders, and taunted by the RCMP and computer security experts, as a sloppy, technical lightweight. Calce repeatedly circles back to his standing, confessing at one point: "One of the biggest misconceptions about me to this day is that I didn't know how to write code. I did. ... But I'm the first to admit it wasn't my specialty."
The best Calce can muster in his own defence is that as his skill with Denial of Service tools grew, he customized computer code written for this purpose by others. To be fair, together with two other hacker colleagues, Calce devised a sophisticated and highly effective Distributed Denial of Service tool. Yahoo! was the first test. It worked brilliantly, and was sufficient to elevate Calce "above your average script kiddie." Calce admits that his exploits float somewhere between lowly kiddie and elite hacker. It took "knowledge and planning" to use such tools, but these are vague claims.
The historical context of Calce's actions are explained in comparative terms. In 2000, he launched a first big wave of Distributed Denial of Service attacks on the Web, but today the assembling of botnets by cybercrime syndicates is commonplace, as well as many more times powerful and dangerous.
The salient point is that even Calce knows that such attacks are not very subtle, and never have been. Still, he was no malicious cybercriminal.
The real villains in this book are the RCMP and corporate America. Reflecting on his trial, Calce rightly insists that outrageous and groundless estimates of damages caused by his hacks were unfairly used to damage his character. No corporation came before the court seeking damages for interruptions to their Web businesses. This failure was fully appreciated neither by the judge nor by Calce's social worker.
When Gosselin finally got his man, he not only humiliated the boy at his high school by taking him away in handcuffs for a minor parole violation, but taunted the youth as a "pathetic" hacker. Adding insult to injury, at the end of Calce's trial, and with a conviction in hand, Gosselin crossed the court and handed the boy his business card, just in case he wanted to complete the hacker journey by helping the RCMP.
In this climactic scene, Calce was baffled, surmising that the RCMP really believed he was a pretty good hacker, and in anger tore up the card. Mafiaboy's history stops with this act. But Michael Calce's journey continues into adulthood.
Mafiaboy is a harmless act of atonement and coming-of-age technodrama, fleshed out with boilerplate descriptions of the worst dangers of the World Wide Web and how to find or avoid them.
Gary Genosko is Canada Research Chair in Technoculture at Lakehead University.