Technology
toolbar
April 20, 2000

Canada Arrests 15-Year-Old in Web Attack
By MATT RICHTEL

Canadian law enforcement officials said Wednesday that they had arrested a Montreal high school student in one of the computer attacks that crippled some of the Internet's biggest sites in February, exposing deep vulnerabilities in the fledgling world of electronic commerce.

The 15-year-old suspect, whom the authorities identified only by the online nickname Mafiaboy, was accused of conducting an attack against Cable News Network's Web site. He is the first to face charges in the onslaught that hindered access to the World Wide Web sites of Yahoo, eBay and E*Trade, among others, and forced hundreds of other big-name sites to shore up their defenses against an invisible and far-flung threat.


Related Articles
Teenager Arrested on Hacking Charge
(March 9, 2000)

Difference Between Good Hackers and Bad Ones Can Often Be a Blur
(February 12, 2000)

Another Computer Used in Web Attack Identified
(February 12, 2000)

Clinton Sees No Instant Solution to Web Attack
(February 12, 2000)

Forum
Join a Discussion on Internet Attacks

The Canadian suspect was not charged in those other attacks, however, and authorities in Canada and the United States said their investigations were continuing. Some computer security experts reiterated their belief yesterday that the attacks had several authors acting independently.

The Montreal youth was charged with two counts of criminal mischief for an attack on Feb. 8 against CNN.com, which said it was "seriously affected" for two hours. As a minor, he faces up to two years of detention if convicted and a fine of $1,000. American officials said they were studying whether charges might also be brought in the United States.

"We cannot close the door to further arrests and further charges," said Inspector Yves Roussel of the Royal Canadian Mounted Police, adding that such cases were not easy to investigate because they involved "a crime without borders."

Known as "denial of service" attacks, the assaults entail bombarding a Web site's computers with streams of meaningless data, making it impossible for the computers to respond to legitimate users. The attackers hijack dozens if not hundreds of computers throughout the Internet, and enlist their assistance in the attack by programming them to send the streams of data.

Indeed, a crucial piece of evidence may have come from computer network administrators at the University of California at Santa Barbara. In the hours after the attack against CNN.com, Kevin Schmidt, campus network programmer at the university, noticed that a desktop computer in a physics research lab had been used to send "thousands of requests per minute" at the CNN Web site.

Mr. Schmidt said that several days later the university voluntarily gave the computer's hard drive to the F.B.I., which Mr. Schmidt said included "trace information" suggesting that the attacker lacked sophistication, and that the attack might have originated in Canada. "The compromise was kind of sloppy, and information was left behind on the machine itself," Mr. Schmidt said.



Reuters
Inspector Yves Roussel, left, of the Royal Canadian Mounted Police discussed the arrest of a teenager accused of computer crimes, while Bill Lynn of the F.B.I. listened.
Law enforcement officials also received assistance from computer security experts in Palo Alto, Calif., who tracked statements made in Internet chat rooms by someone using the nickname Mafiaboy. In an exchange on Feb. 11 on an Internet chat forum, a participant calling himself Mafiaboy is asked, "You're not in jail yet?" and responds, "No one evens knows I did it fer shure."

Joel de la Garza, a computer security expert at Securify in Palo Alto, who turned over the Internet chat logs to the F.B.I., said he had been monitoring the activity of Mafiaboy for three months before the attacks. He said someone calling himself Mafiaboy had come to his attention as a member of a "cybergang" called TNT, whose members were breaking into systems around the Internet, in some cases to steal credit card numbers.

"He had a history of compromising a large number of machines," Mr. de la Garza said. But he said his analysis of the chat logs and of a Stanford University computer used as a relay in an attack against eBay suggested that Mafiaboy was not the only source of the February attacks. "There should be more arrests," Mr. de la Garza added.

Still, computer security experts continue to debate whether the attacks appear to be the work of one or more people. Those who assert that copycats were at work said the methods of attacks differed in key respects, and they say Mafiaboy was not the only person claiming credit in chat rooms. Those who believe the assaults were the work of one person or group say copycats could not have compromised enough computers to set an attack in process so quickly.

"It would have taken a lot of preparation to mount the kind of attack they did," said Charles Palmer, manager of network security and cryptography for IBM Research.

And despite the widespread attention, it has been difficult to assess the actual damage from the attacks, starting on Feb. 7 against Yahoo. The sites themselves have minimized the problems; CNN.com, for instance, did not lose significant advertising revenue during the attack and was never completely shut down, said Edna Johnson, a spokeswoman.

At the same time, some market research firms have put the total cost of the attacks in the hundreds of millions of dollars, suggesting to computer security experts that companies either do not know the cost or want to avoid alarming investors.

From the start, the attacks drew attention from the highest levels of government, with legislators suggesting that e-commerce could not thrive unless better protected.

In Washington yesterday, Attorney General Janet Reno praised the "extraordinary cooperation" between American and Canadian authorities in the case. "I believe this recent breakthrough demonstrates our capacity to track those who would abuse this remarkable new technology and track them down wherever they may be," she said.

The Montreal suspect was arraigned in youth court on Monday, then released under strict conditions. He is prohibited from using a computer except at school, and then only for academic purposes with supervision. He may not connect to the Internet or go to any establishment that sells Internet access or rents or sells computers.

When he was arrested at his home on Saturday, officers of the Royal Canadian Mounted Police seized his computers and computer-related material, which they are subjecting to analysis, Inspector Roussel said.

He said Mafiaboy was caught because he was unsophisticated and left traces of evidence. "They want to show they're good at it and compete to be the best," the inspector said of competition among hackers. "Except Mafiaboy wasn't the best. He was not what we would call a genius in that field."

Matt Richtel at mrichtel@nytimes.com welcomes your comments and suggestions.
Ask Technology questions and tell other readers what you know. Join Abuzz, a new knowledge network from The New York Times.
 
 

Home | Site Index | Site Search | Forums | Archives | Marketplace

Quick News | Page One Plus | International | National/N.Y. | Business | Technology | Science | Sports | Weather | Editorial | Op-Ed | Arts | Automobiles | Books | Diversions | Job Market | Real Estate | Travel

Help/Feedback | Classifieds | Services | New York Today

Copyright 2000 The New York Times Company

Advertisement