Digg this story   Add to del.icio.us  
Free Mafiaboy
Kevin Poulsen, SecurityFocus 2000-04-24

Busting 15-year-old script kiddies just makes us all look silly.

Two months after a Distributed Denial of Service (DDoS) attack made the CNN web site inaccessible for four hours, an international law enforcement push by multiple FBI field offices, top Justice Department computer crime honchos, the National Infrastructure Protection Center and a dozen investigators with the Royal Canadian Mounted Police has yielded a 15-year-old suspect named "Mafiaboy."

Now, don't we all feel just a little bit silly.

It's easy to understand why law enforcement would take pride in the bust, which was achieved with a new level of technical competence and overall cooperation. Atlanta FBI agents reportedly scoured logs at CNN and traced bogus packets back to a California university. Los Angeles FBI agents tore into the U.C. Santa Barbara logs and learned that the perp connected from an ISP in Montreal. The Mounties took over from there, and it all ended with a wiretap on the suspects' phone line, and, two months later, a raid on his home

The investigation was a textbook for the new generation of tech-savvy cybercops who can read router logs, or enlist others to read router logs. The press releases say it all. FBI Director Louis J. Freeh boasted of "the strengths to be drawn from an international law enforcement/private sector partnership"; Janet Reno, "our capacity to track down cyber-criminals wherever they may be." The Mounties crowed that their efforts created "the opportunity to bring light on [I]nternet attacks that have strongly shaken the heart of electronic commerce worldwide..."

And hidden between the lines you can faintly read the long, depressed groan: Why'd it have to be a 15-year-old old?

Malicious Mischief
The silliness of it all is compounded by a Canadian law that shields the juvenile's name from disclosure, forcing high-level law enforcers to refer to him by his chosen moniker. Try it in a hypothetical sentence, like, "We intend on ensuring that the full force and power of the law is brought to bear..." on Mafiaboy. "Today we send a powerful message that lawlessness will not be tolerated" by Mafiaboy. You see the problem.

The Canadian cops admit that Mafiaboy wasn't even a precocious evil genius, like the kid in RoboCop II. He was just a young teen who allegedly got a hold of some pre-fab DDoS tools and, whipped into a frenzy by the .com attacks that were already grabbing headlines worldwide, launched a copycat assault of his own. He stupidly bragged about it on IRC. He behaved like a 15-year-old.

So what's the point in busting him?

We now know that the Internet wasn't designed to shoulder a new economy, and we'll need some fundamental improvements before a teenager will have any problem clogging up web sites. Our international, coordinated efforts would be better directed at encouraging academia to lock-down its high-bandwidth, low-security networks so they can't be aimed like fire-hoses at innocent media giants in the future.

Don't get me wrong: I'm not saying the DDoS attackers are heroes. Mafiaboy isn't the innocent child who pointed out that the Emperor has no clothes; he's one of many guilty children who pointed it out by throwing things at the Emperor's privates - a more serious offense.

But Mafiaboy isn't going to be extradited to the U.S -- the Canadians aren't stupid enough to give up one of their children to the country that invented zero tolerance. And he probably won't do any time in Canada, where his antics are considered "mischief to data" instead of "computer fraud and abuse."

So let's learn something from this. The February DDoS attacks on Yahoo, Ebay, Amazon.com, Excite, ZDNet and Etrade are still unsolved. I say we don't even bother nabbing the other culprits, lest they turn out to be even younger and less ingenuous, and, by dint of their immaturity, make the .com world and our law enforcement agencies look even more ridiculous.

The FBI should be nailing kidnappers and the Mounties busting, I don't know, Snidely Whiplash. Let's throw Mafiaboy back; there's bigger fish to fry.


    Digg this story   Add to del.icio.us  
Comments Mode:
Free MafiaBoy 2000-04-24
Anonymous (1 replies)
Some points: 2000-04-25
Anonymous (1 replies)
re 2000-04-26
Anonymous
Innocent Mind 2000-04-24
Anonymous (7 replies)
BUST who? 2000-04-25
Anonymous
Whats the point? [Re: Innocent Mind] 2000-04-25
<siliconx (at) netscape (dot) net [email concealed]> (3 replies)
Hrmmm, to a degree 2000-04-26
Anonymous
the tool 2000-04-26
Anonymous
re:Innocent mind 2000-04-26
Anonymous
You can't be serious! 2000-04-27
Anonymous (1 replies)
You can't be serious! 2000-05-08
Anonymous
Innocent mind 2000-05-01
Anonymous
Innocent Mind 2000-05-07
Anonymous
Re: Innocent Mind 2007-06-01
Kifferd
more than just mafiaboys fault 2000-04-25
Anonymous
Free Mafiaboy 2000-04-25
Anonymous
Easy attack? Anyone could do it? 2000-04-25
Anonymous (2 replies)
If.. 2000-04-26
Anonymous
guilty? right. 2000-04-25
Anonymous
clueless media 2000-04-25
Anonymous
NO WAY 2000-04-25
Anonymous
Free him? Huh? 2000-04-26
Anonymous
Mafiaboy 2000-04-26
Anonymous
Give me a break 2000-04-26
Anonymous (2 replies)
Re-read the article 2000-04-26
Anonymous
Yes, it DOES make you look silly. 2000-04-26
Anonymous (1 replies)
Yes, it DOES make you look silly. 2000-05-11
Anonymous
He's not Mafia Boy! I am! 2000-04-28
Anonymous (1 replies)
Media, 9yrold hacker, mafiaCRAP 2000-04-29
Anonymous
Thank you. 2000-04-29
Anonymous
stoooooooooooopid 2000-05-01
Anonymous
Unreal 2000-05-04
Anonymous
Hackers in the term of the word 2000-05-04
Anonymous
Is against the law 2000-05-11
Anonymous
Pretty sad., 2000-05-14
Anonymous


 

Privacy Statement
Copyright 2010, SecurityFocus