Skip to main content

TU THANH HA in Montreal BARRIE McKENNA in Washington

Mafiaboy, a clean-cut Montreal teenager charged with unleashing one of the cyber attacks against major commercial Internet sites last February, seems to be a low-skilled hacker who operated alone, and only after someone offered him the necessary software, officials say.

The 15-year-old high-school student from a posh Montreal suburb has been arrested and charged with mischief for paralyzing CNN Web sites for four hours on Feb. 8, the RCMP announced yesterday.

The student was released on bail. Among the conditions of his release is that he not communicate with three teenaged friends to whom he is alleged to have confided about his hacking activities.

"You could tell [he did]it for recognition, for the publicity," said a classmate who described his Grade 9 friend as a talkative, popular student. "He's an athletic kid, not just some underground nerd."

The student from Montreal's West Island is said to come from a middle-income family and was caught because he boasted about his hacking in Internet chat groups. He is believed to have acted from home, not from his school.

Some of that bragging appears to have been done in February in an on-line chat room where a 15-year-old hacker calling himself Mafiaboy was seeking advice from other hackers about what sites to target next.

One student said Mafiaboy was taking things in stride yesterday. "He didn't look nervous at all. He had a smile on his face."

Mafiaboy did not even actively seek to find the computer software that allowed him to swamp his victims, the main CNN Web site and more than 1,200 CNN-hosted sites.

"Someone handed it [the software]to him," said an official close to the investigation.

Both the RCMP and FBI said yesterday they expect further arrests to be made, not necessarily of accomplices. While Mafiaboy was given software by someone else, there is no indication so far that he launched his cyber attack with other accomplices, an official said. The FBI said it is continuing to hunt aggressively for other hackers behind the crippling February attacks against other major Internet Web sites, such as Yahoo, and eBay.

Police are believed to have turned their attention to several small cells of "very scary" and highly skilled international hackers, including a French-based group known as ADM, an acronym for Association des mécontents, according to one security consultant, who spoke on condition of anonymity.

ADM is well known in the hacker community and its members are considered skilled programmers who have written numerous software tools used to break into computer systems. They have also claimed responsibility for some minor hacker attacks, although none of the so-called denial-of-service attacks, which occurred in February.

John Vranesevich, founder of AntiOnline Ltd., a U.S. company devoted to researching hacker behaviour, said Mafiaboy probably wasn't the mastermind behind the February attacks, which cost businesses hundreds of millions.

"CNN was one of the last sites hit, so he is what we would call a copycat, at best," Mr. Vranesevich said.

While he has above-average skills, Mafiaboy is not an exceptional hacker, said RCMP Inspector Yves Roussell of the Montreal-based commercial crime unit that investigated the case.

"Mafiaboy was not that good actually," Insp. Roussel said. "He had a good knowledge of computers. However, he wasn't what we could call a genius in that field."

A little more than a week after the attack against CNN, the RCMP had already identified the house from which Mafiaboy operated, even though they did not yet know his name. More than 10 search warrants were executed.

Some of the information was gathered through telephone wiretaps, an official said.

In Washington, U.S. Attorney-General Janet Reno applauded the RCMP's role in what she called a breakthrough in the case. But she and other officials insisted that their massive investigation of the February cyber crime is far from over.

The arrest will send a strong deterrent message to young people everywhere that they can't "get away with something like this scot-free," she said.

Nor should Internet businesses relax now that Mafiaboy has been caught, security experts noted.

"The arrest is not particularly reassuring," conceded William Pollak of the FBI-sponsored Computer Emergency Response Team at Pittsburgh's Carnegie Mellon University. "There is still no way for the ultimate victims of these attacks to prevent it from happening again."

Another Internet security expert, who helped the FBI track down Mafiaboy by monitoring his postings to an Internet chat room used by hackers, said he thinks the teen was likely responsible for downing the Web site as well as the CNN sites.

But Michael Lyle, chief technology officer at Recourse Technologies Inc. of Palo Alto, Calif., said he would "almost guarantee" the perpetrators of the other attacks are still at large.

"One person is off the street and it should let other people know that there are very good chances they'll get caught for this sort of thing," Mr. Lyle said.

The RCMP and the FBI are probably now searching for links between Mafiaboy and other hackers, Mr. Lyle added. They are also likely working to clean up the large institutional network computers that were hijacked during the attacks, he said.

Three days after the Feb. 8 attack against CNN, the University of California at Santa Barbara confirmed that a computer in one of its research labs was "electronically broken into by a computer hacker."

The hacker secretly installed software on the university computer that made it send large amounts of traffic to's Web site, the university said in a statement. The university was tipped off after a computer administrator noticed an abnormally high volume of traffic coming from its systems on the night of the attack.

The RCMP would not say what other computers were used as unwitting pawns in Mafiaboy's attacks, except that they were institutional mainframes in the United States.

During a distributed denial-of-service attack, a hacker plants software on large network computers. Once triggered, these agents can turn the computers into virtual zombies, repeatedly directing them to bog down a target Web site with large numbers of meaningless messages.

Some of these potentially destructive agents were recently found on federal government computers in Ottawa. But there is no evidence that these computers were ever used in the February attacks.

Even though the case was cracked because Mafiaboy had gone public, Insp. Roussel said police have now uncovered the electronic footprint of his activities, providing them with enough evidence to charge him.

The case required full-time work for two months by a seven-person specialized RCMP squad in Montreal, along with FBI field officers in California, Washington, Georgia and Massachusetts, where the victimized companies were located.

Even though they had identified Mafiaboy two months ago, police decided to arrest Mafiaboy only now because they did not want him to unleash further cyber attacks, Insp. Roussel said.

"It is important to sensitize hackers to the fact that police authorities now possess highly specialized units in their fight against computer crimes," Insp. Roussel said. "No matter who they are and where they are, hackers will be investigated, arrested and brought before the courts." Harris Miller, president of the Information Technology Association of America, said the arrest of Mafiaboy highlights the value of co-operation between the private sector, academics and law enforcement in both countries.

Your Globe

Build your personal news feed

Follow the author of this article:

Check Following for new articles