Reality surpasses fiction, and sometimes fiction is ahead of reality. This is the case of MafiaBoy , alias of Michael Calce, a hacker who with only 15 years put internet companies like Yahoo!, Amazon, eBay in trouble. ) or to the news network CNN . Its story begins in February 2000. But five years earlier, a movie with such an illuminating name as Hackers and starring Johnny Lee Miller and Angelina Jolie , it began precisely with a young man who was arrested by the United States Secret Service and tried for the fall of 1,507 Wall Street computers. That fictitious attack and the DDoS attack that MafiaBoy carried out in real life have a lot in common.
They both went against capitalism, against the power that money grants. And both had consequences worth millions of dollars lost. More coincidences. Both were fined, punished without internet and, although they did not go to jail due to their young age, they were in guarded custody with their parents. And Calce was in a juvenile center for at least eight months. Currently, Michael Calce is a security expert. But if this Canadian is known for something, it is for leading the first great DDoS attack in history against the greats of the internet.
The feat of MafiaBoy exposed the shame of the internet. Or as several experts of the time said, after that hack in 2000 it was discovered that the internet was exposed , it was not as secure as we could imagine and that sooner rather than later we would have to take measures to prevent server crashes from ruining business. However, and although security changes and improvements have been introduced throughout these more than 20 years, DDoS attacks continue to occur . There are security measures that limit its impact, but not all computer systems have adequate security.
The first major DDoS attack, but not the first
Crashing the servers of Yahoo !, Amazon, Buy, eBay or CNN has a lot of merit. And more if you are 15 years old. Hence, the February 2000 event is referred to as the first DDoS attack in history. Technically it is, but with nuances. It is the first large-scale attack, and the first attack against Internet companies. But there are several previous attacks also of the DDoS type, an acronym that we have translated as Distributed Denial of Service .
A DDoS attack consists of sending simultaneous requests to a server, more than it can process. This makes the server, as a security measure, deny the service it had been offering. The result is that a web page does not load in your browser. And in the cases that concern us, it translates into not being able to buy online, not being able to see the news or not having access to certain information.
According to an article published in We Live Security, the portal of the security firm ESET , prior to the 2000 MafiaBoy attack there were at least two previous cases reported by the press of the time. One happened in September 1996 and affected an internet provider named Panix and based in Manhattan. Another subsequent DDoS attack occurred in July 1999 and was victimized by the University of Minnesota . Reading the original news from 1996, published in The New York Times, we read that the denial of service attack is something that experts already knew.
And according to the statements of the expert consulted, Peter G. Neumann , “In principle, most of the denial of service attacks that we see have no solution.” This gives us a clue that attacks of this type have occurred before, but on a small scale. Neumman adds: “The generic problem is basically unsolvable.”
It is clear, then, that the denial of service or DDoS attack was something that the experts knew but that it was not yet a serious problem . But by 2000, the internet was no longer something for universities and government agencies. The private sector had already been introduced little by little and, at that time, there were already large internet companies that provided services to millions of users . In Spain, the year 2000 closed with 5.5 million users. But it is that in the United States, that year, 52% of adults accessed the Internet. 70% if we limit the age between 18 and 29 years. And 61% between 30 and 49. Some 54 million American households had a computer. Of these, 44 million were connected to the internet.
This is how a hacker was born
Michael Calce lived in Montreal, Quebec. Following the coincidences with the movie Hackers, her parents divorced and she ended up living with her mother. While in the film, the divorce occurs after the hack. In Calce's life, his parents divorce when he is barely five years old and he goes to live with his mother. In an attempt to mitigate this abrupt change in his life, his father gives him a computer when he was already six years old. With that computer, the young and curious Calce will make contact with the hacker community through chat channels on the IRC network.
Almost ten years later, at the age of 15, Michael Calce, alias MafiaBoy , decides to start an ambitious hacking project under the name Project Rivolta. The name Rivolta comes from Italian, which in Spanish we can translate as revolt, revolution or uprising. Precisely, his alias came from Italian, mafia, a word that we have incorporated in other languages but that has its origin in organized crime that emerged in southern Italy. The goal of the Rivolta project was to attract attention, to make a name for itself. And MafiaBoy is not alone. It has its own group of hackers, named TNT , like the explosive. The victims chosen for the attack were the millionaire internet companies.
Source: Crain National (Flickr)
MafiaBoy against the internet of the dollar
First objective, Yahoo! The popular internet portal and web search engine. The Google of then. Ironically, at the end of that same 2000, Google began to emerge, causing Yahoo! crash on the stock market. But that is another story. In early 2000, Yahoo! It is one of the most visited pages and its estimated value is at least 93,000 million dollars. MafiaBoy's DDoS attack will cause your home page to be down for hours , according to media at the time, such as CNN. According to Yahoo !, an excess of data traffic to its home page caused to be dropped intermittently for at least two and a half hours. A security analyst compares this drop with the power outages that any other business or company can suffer.
Some media mention previous attacks on eBay , another large internet one already in 2000. Precisely, two days after the attack on Yahoo !, MafiaBoy and its group TNT decide to attack the servers of Buy.com, eBay, CNN and Amazon . Media such as Computerworld speak of cyberassault, which in Spanish we have translated as cyberattack. As a curiosity, both Buy.com and eBay had as a server provider the company Exodus Communications , a victim of the DDoS attack . In the same Computerworld article, representatives from Yahoo! they speak of coordinated attacks from up to 50 simultaneous IP addresses.
How could a 15-year-old teenager take down the servers of those great internet? The answer was given by the MafiaBoy himself in later interviews, as an adult, and in his own biography. According to Wikipedia, he limited himself to adding IP addresses in a security tool that he had downloaded from a repository. The addresses they used belonged to university computers that had higher bandwidth and more processing capacity. The ideal ingredients for a good DDoS attack that appeared in all the media of the time.
Michael Calce in 2016 in an interview for Global News. Source : Global News
The consequences for MafiaBoy
Several were the consequences of what is considered the first major DDoS attack in history. As we've seen, it wasn't the first of its kind, but it did garner enough attention to make Michael Calce a celebrity in and out of the hacker community. Hence, for the rest of his life he has dedicated himself to cybersecurity. However, the immediate consequence of their actions had legal implications .
The FBI discovered who was behind the attacks for something as simple as Calce himself speaking of his authorship publicly on IRC channels. Among its achievements, MafiaBoy highlighted the attempt to dump the Dell servers, something that had not yet been disclosed to the press, but which was known to the authorities. The FBI only had to trace his alias on IRC to find him. Being Canadian, with the help of the authorities of that country.
Michael Calce was tried in Canada accused of 56 counts , according to media such as The Register, cited by Wikipedia. Back then, the media could not publish his real name for legal reasons, he was minor. On September 12, 2001, at the age of 17, he was sentenced to eight months of “imprisonment” in a center for minors. Then he would spend a whole year under house arrest and with limited use of the internet, although he was allowed to attend class and go to his job, since he got a part-time job.
He was also fined 250 US dollars that had to be donated to charity, as Wired explains in an article of the time. In the article he explains that the sentence could have been worse and go up to two years in detention. The prosecutor's statements: “We believe that it is a reasonable sentence. Send a strong message to hackers that they will get caught if they do things like that. ”
The consequences for everyone
Fame, a job for life, and exemplary punishment. These were the consequences for Michael Calce. For affected companies, losses valued at several million dollars for Yahoo! or in hundreds of thousands of dollars for Amazon, which was not yet the giant it is today. And a word of warning: those DDoS attacks were just the beginning of things to come.
Precisely, Bill Clinton , president of the United States when the MafiaBoy attack occurred, organized a cybersecurity summit with security experts and members of the main internet companies. El País opened this news with a statement from the President himself, implying that the DDoS attack suffered by Yahoo! and others “were not Pearl Harbor.” Despite this attempt to downplay it, the summit came up with a proposal to create a cybersecurity institute with $ 9 million as an initial investment.
DDoS attacks continue to be a threat to the internet . Although there are tools to appease them or reduce their impact, every day there are several attacks on companies, websites, public bodies, foundations, banks, etc. This type of attack causes a service to be unavailable for hours, which implies annoyances for its users but also lost money depending on the function of those crashed servers.
In addition, these types of attacks are now easier to carry out, according to Michael Calce himself in several interviews. Today it is possible to access infected computer markets that you can rent to launch your own DDoS attacks. You don't need computer skills. Paying you even have personalized technical support . What began as a test of achievement by a teenage hacker, today has become a lucrative business in which criminals from all over the world use this type of attack to extort companies and organizations in exchange for money.
