Slashdot Mirror
Tracking Mafiaboy
Cruciform writes "The National Post has an article on the police effort to track Mafiaboy two years ago as the DoS attacks raged against Yahoo, E-trade and others. An interesting read."
Its a fairly lengthy story with lots of little bits in this tale of a script kiddie.
the article showed something about a family's influence. Mafiaboy's father was a business type that cared little about his kids, resulting in some problems for them, as shown in Mafiaboy's DoS actions and problems in school (suspensions, expelled from one school, etc). During the investigations of the DoS attacks, they found that the father was trying to hire a hitman to kill a business associate for getting screwed on a deal.
If anything, it shows why good family life generally fosters good behavior in kids. I wouldnt be surprised if other 5r1p7 k1dd135 out there have similar family life to that of Mafiaboy.
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
Anything to do with the "Royal Mounted Police" is hilarious imho
By using words like these in the wrong context, we're linguistically painting orselves into a corner.
This reminds me of something C. S. Lewis once wrote:
The word gentleman 'originally meant something recognisable; one who had a coat of arms and some landed property. When you called someone 'a gentleman' you were not paying him a compliment, but merely stating a fact. If you said he was not 'a gentleman' you were not insulting him, but giving information. There was no contradiction in saying that John was a liar and a gentleman; any more than there now is in saying that James is a fool and an M.A. But then there came people who said - so rightly, charitably, spiritually, sensitively, so anything but usefully - 'Ah but surely the important thing about a gentleman is not the coat of arms and the land, but the behaviour? Surely he is the true gentleman who behaves as a gentleman should? Surely in that sense Edward is far more truly a gentleman than John?' They meant well.
The lesson is that 'MafiaBoy' was just stupid. He went and hacked sites and publicly bragged about it. He even asked people to dictate his next target.
If you go and rob a store and then brag about how you did it at the bar, you're gonna get caught.
Stupid stupid stupid...
Should be required reading for all script kiddies and wanna-bes.
It's damn difficult to totally cover your tracks. Unless you're truely elite, if the FBI wants you badly enough, they'll find you and you'll be making some hairy-backed felon a very happy man.
Don't anthropomorphize computers, they don't like it.
where he is not allowed to use any software that is not commercially available as part of his sentance. What does free software have to do with this?
I read this article in the paper version on Saturday, and it immediately made me think of a person I know. "Mike" is really big on trading "warez" and playing "gamez" (in fact, that is all he is doing these days).
Having known "Mike" for over 5 years, I can attest that he is not lacking for brains, especially with computers, but he just can't be bothered to apply himself to some productive end.
He is not especially interested in doing any worthwhile computer training now that he's finished high school. Strangely, his parents complain about this but can't be bothered with doing anything about it.
"Mike" seems to be typical of the script kiddies I've encountered... generally smart, but can't be bothered to put in the effort to do anything. Is this the experience of everyone/anyone else?
I'm also wondering if anyone has any tips for weaning people off the "warez d00d" "l33t" trip, ie. actually putting their brains to some productive use. Perhaps an AA style "five step plan"?
"The 14-year-old boy who liked basketball and girls would soon capture the attention of the entire online world"
Surely an interest in basketball and girls would make him ineligable as a hardcore cracker? I mean such wholesome interests, how could this possibly happen?!?
Back in the days were men were men and hackers were coders,
What a pity this term has been lost to us - and all we seem to have lest is a picking up of 'geek' - something I occasionally call myself when I have to, but I'd rather 'hacker'.
I shall have to make do with just enjoying what I do.
a grrl & her server
Good to know he's going to jail! I mean, now he will reform after spending countless hours locked in a room recieving nothing but negative attention. The reign of chaos he was about to bring upon us was narrowly avoided. He must be one of those terrorists. *End sarcasm* This kid is another fine example of the product our society is producing.
_____ "If liberty means anything at all, it means the right to tell people what they do not want to hear." -- Orwell
What is commercially available software?? Do GPL products only available for free download count?
Also, how do you ban someone from talking with hackers??? I think the true definition of what a hacker is was lost on the judge.
Lastly, why ban someone from doing something which is illegal anyway... hacking into other websites? The ruling should be modded down to -5 reduntant. :-)
Live today. Tomorrow will cost a lot more!
By the time it was over, the Yahoo! attack alone would involve enough data to fill 630 pickup trucks with paper.
But what font size did they use?
I agree, the intent was likely to have only "real" software like games and applications. Stuff that you could buy.
Not the exploit of the day.
Somone else noted that most free software is commercially available, the judge didn't state he must obtain it through commercial channels.
Just what we need - more ego stroking for Mafiaboy. Doesn't anybody understand that articles like this are what drives these assholes into making these attacks? They do this for the egobo - "Look at me! All these major news outlets are talking about me! Aren't I wonderful?"
I think one of the single best ways we could discourage this crap would be to take anybody we catch doing this, and cane them on national TV. Show the piss running down their legs, show them crying for their mommies. Then follow up on them in prison - ask them how many times they've been the woman. Make sure they look as uncool as possible. That way, when the other would-be script kiddies see this, they won't think it's cool - they will think it's most uncool.
(/me continues to whack hornets' nest known as Slashdot)
There was a good reason for punishments like the stocks - it made everyone in the community see that breaking the rules was BAD, and that BAD things happened to those who broke the rules. Yes, it was cruel to the individuals in the stocks. News flash - IT WAS SUPPOSED TO BE! It tended to make even the lowest miscreant reconsider his actions. I'm sorry if it offends you, but who better to suffer the consequences of negative actions but the moron who committed them!
Look - if somebody makes an honest mistake, cut them some slack - I'm not for throwing somebody into the stocks because they missed a stop sign, or because they accidentally didn't secure their computer. But if somebody with malice aforethought commits an act against the community, I say "Nuke them 'till they glow, shoot them in the dark, and let $deity sort 'em out".
www.eFax.com are spammers
Hmm, where do I start citing studies that show the negative effects of negative reinforcement (read: punishment). Maybe
Bonnie, R.J. (1985). The efficacy of law as a paternalistic instrument. Nebraska Symposium on Motivation, 29, 131-211.
Wilde, G.J.S. (1981). A critical view of countermeasure development and evaluation. In L. Goldberg, Alcohol, drugs and traffic safety. Stockholm: Almqvist and Wiksell, pp. 1145-1159.
In short, punishment generally causes people to be more anti-social, resentful, angry, vindictive, and prone to committing acts of sabotage. (Hundreds of years of increasingly punitive laws certainly haven't eliminated crime.)
Pillorying someone never stopped anyone else from doing the same thing (ever read The Scarlet Letter?); it only drove them deeper underground.
Now enough with this ridiculous "mild punishments don't work, so let's punish them more!" attitude. (That poison made me sick; I'm gonna eat more to see if it'll make me better!) In order to stop someone from behaving in a certain way, you have to stop the causes, not the symptoms. People in occupational safety and health have known about this one for years, and I'm not even going to get into the politics behind prisons...
I'm not a geek, I'm just a clever script.
Dont really see any reason it was 'censored', but anyway.
In terms of the script-kiddie charge people are making, it seems hard to tell from this article. They did say that he mistyped some commands, and received accounts from others, but they also said that the tool used to take over the boxes seemed to be written by him and contained his alias in the warning. I'd say he was a little bit of both, but then again what malicious hacker isnt?
Have his parents kick him out. That should do it. Nothing like food and shelter to provide motivation. It makes me get up every morning and go to work. I'd rather sit at home and warez and play games too...but that's life.
Ok, I spend a lot of time on IRC, and used to use efnet (before I got fed up with the people like this kiddie and left). I somewhat knew MafiaBoy's little 'l33t irc group', and learned his modivation for this particular attack.
Are you curious? Do you want to know WHY he did it? After all, maybe he had a good reason. Well, here it is:
Someone else in his 'l33t irc group' said "hey I bet you can't take down yahoo". There you are, folks, the modivations of a script kiddie. These people will do anything if their peers dare them to. Truely deserving of the title 'kiddie' which they've been given.
--
grep "xercist"
After all, many firewalls are designed by highschool students who don't show up to class with books/homework, who hate math, can't type ("agents watched him in real time as he attempted hacks and had to retype commands three, four, or five times before he got them right"), and download their tools from the Internet rather than programming them themselves.
This kid is a serious dimwit.
Okay, obviously this was big news but honestly not many people were exactly surprised where they? The tools that allowd this kid to pull this off had been identified already, the theory was pretty well established. Was knocking out Yahoo for 12 hours really a disruption of the "Internet Economy"?
The article was interesting, a good read. There was really any surpising information in there, punk toublemaker kid out to cause shit, surprise. THe fact that the author went to great length trying to paint this as some super mega massive disruption or something was very anoying. Yes this was an important event because of the new level of media attention but it was not an especially shocking event in a technical sense. Nobody was surprised it happened.
Why? Would it make a difference if we called them Carabineri, or FBI, or Scotland Yard or some other name? Sure, they never actually use horses except for tourists so thats a little lame, but it's nice to have a little colour in the government. Names like CSIS and CSE, etc, get boring.
For those who don't know, the RCMP have a few different functions. Originally the Northwest Mounted Police, they were created in order to have a Canadian presence in the western territories, out of fear that the US would just annex the whole damned thing if we didn't actually have any armed people there. That, and those pesky Metis rebels I suppose. They have a few different roles: They are domestic investigative law-enforcement force, kind of like the FBI. In addition, they act as a regular police force in provinces that don't have their own provincial police. So they're also like State Troopers. They don't actually wear those red uniforms except for show.
-- "Is this death or is this Ohio?"
Every time there is a virus attack the press rushes to report that the culprit likely "will never be found". Yet quite often, they are found.
Anybody care to explain the discrepancy?
he didn't have a high speed line. the article mentioned dialing out. the kid was on a modem.
Even if he hadn't bragged, there's little doubt in my mind that he would have been tracked down and punished, and rightly so.
According to what I've learned on TV about "1337 h4x0r5", this kid got caught because he didn't have roller blades and a backpack full of satellite equipment. Pretty simple. If you're going to be a good hacker, you better get some roller blades.
Skiers and Riders -- http://www.snowjournal.com
The FBI released a trace of Mafiaboy's hacking session... I've pasted it below
--
C:/> hack yahoo.com
Select hack type:
1) Denial of Service
2) Packet Trace
3) Steal Accounts
4) Get Root
Selection: 1
Enter Name: MafiaBoy
Proceed with hack #1 by MafiaBoy? [y/n]: Y
Hacking yahoo.com... please wait
...................FBI trace detected!
*abort*
C:\> cd 1337
C:\1337>
--
Thats pretty much all of the trace that the FBI released. I wasn't sure about the syntax of the hack command, but I guess this helps.
Skiers and Riders -- http://www.snowjournal.com
Yup, a DoS attack with enough punch to take down Yahoo. Originating from ... erm ... a dialup line. Hmmmm, sounds plausible to me.
Ok, sarcasm over.
The kind of tools s'kiddies use are made to be installed on compromised systems with a lot of bandwith. However, they can be triggered with very little traffic from the cracker (often via IRC since then the s'kiddie only has to make one connection.)
They knew when he was surfing a web page because they could see the HTML tags? Although it was 'more difficult' they could tell if it was an e-mail? They thought game traffic might be a DoS?
ffs! Have they not heard of port numbers?
It would be the first thing I would check! Kinda narrows down the options doesn't it - knowing what kinda traffic you would expect it to be.
It sounds from the article like they were literally just watching just raw body data from the packets.
Perhaps they could do with a touch more expertise and some better tools? Then again, maybe it was due to misunderstanding and/or inaccuracy by the journalist - the writer doesn't sound like they quite know what they're talking about.
Julian
What's an average e-mail message? 1 gigabit = ~125 MB When I archive (yes... outlook) my older emails I can barely fit a month on a CD... and I'm nowhere near 3.5 million emails. I guess this would make sense if a person never received any images or Pr0n.... err ya right.
When I did the math, I determined that the "average" email used for that calculation is about 2.1 kilobytes. Seems like about right for an average. Remember that Outlook stores a whole bunch of indexes and stuff which would make your email archives a lot bigger than the actual content of the email.
- In Capitalist America, law violates YOU!
There is a very thin line between a "script kiddie" and a hacker. Don't most professional software development books preach reusing as opposed to reinventing?
A script kiddie is someone who only is capable of using pre-written exploits.
A cracker is someone who, although may use existing exploits, has the ability, and uses this ability, to create new exploits.
Software development books do preach code reuse but it is also understood that a software developer could never survive if they had no ability to write software and instead, just banged on the keyboard hoping something would eventually be created. In programming circles, these people are called "code monkeys" as they are about as useful as a monkey pounding on a keyboard.
So, script kiddie is to cracker as code monkey is to hacker.
int func(int a);
func((b += 3, b));
How about resticting any story about raising children to people who actually are/have raising children.
I have seen many "They should do that" posts from people that are 13-17 years old. The whole idea is to try and gleam knowledge from your elders. [And here is the eternal problem- young people ALWAYS know better than every elder; regardless if the elder went through the exact same thing]
I know that both the eld and young both will ignore me, but I post this in the hope that maybe one, just one, person will actually think about the morality of the stories they convey to their children. Maybe stories of lore, where honor actually meant something? (For the young here, the word "honor" meant that what you said is what you would do, no matter what. If you said you would heal your mortal enemy, you would, and then send him home to his family.) Because "honor" is now second place to "winning".
And our world shudders.
Vote monkeys into Congress. They are cheaper and more trustworthy.
My money is on the article. The whole thing was more a lowbrow detective story than it was a technology piece. Note how the author explained how it was possible to tell html packets but email was harder. Huh? plain text email hard to sniff? OK. Seems like the detective had a better grip on things than the author, but really the whole set up was not too sophisticated. The RCMP just happened to overhear this scrpt kiddie in the IRC nest set up to spy on people.
We can hope the judgement was more sensible. In general, your rights end on conviction. In the US, felons are not alowed to own firearms or vote and can legally be kept from positions of trust and influence. The idea is that a felon has proved untrustworthy. Maphia boy may very well have been banned from owning or using computers at all. Then again, there would be some justice to forcing him to view the world though MS internet exploder and AOL for the rest of his life. No telnet, ftp or compilers for you, kiddie! Ha ha ha!
Friends don't help friends install M$ junk.
Well, you know that his bots were M$ boxes. Rember this highly informative areticle? Nothing else has as many or uniformly available exploits as the pool of M$ junk that litters the world. The article would have done better to point that out instead of refering to "computers", then smearing "non comercial" software by inserting it into the unquoted ruling.
Friends don't help friends install M$ junk.
Agreed. The article says that the kid had obviously researched his targets rather thoroughly. This takes time, planning, understanding, and an extreme desire for attention.
He was a script kiddie, though. He took the scripts and apps of other people and used them for what he did. He did not seem to have a thorough understanding of the things he was doing, the article says he had to type commands several times before they'd work. I don't know about you, but even things I use casually are embedded in my fingertips, and having to retype a command isn't a very common occurence. Having to retype it 3-4 times is a non-occurence.
If the kid had been a real hacker (using the geek-culture definition of the word...) He would have taken that time and desire for recognition and learned new OSes thoroughly, written a program or ten, or taken up a more positive pursuit. Or at the very least, I believe that he would have been too afraid of doing what he did--because he'd know of the limitations he'd face in the future. Being shackled in the computer world would be far too painful a thing for someone who was really into it.
If you want to play in the Pros, you stay away from drugs. If you want to have your freedom on the internet, you stay away from illegal activities.
Or you become so damned good at covering your tracks that no one could ever find you.
-Sara
This is not quite true. The so-called smurf attack did lend substantial leverage, but nothing in the realm of thousand-fold leverage, never mind tens of thousands. For one, few people configured their networks this way (with >1k hosts on a single broadcast address) even before smurf attacks came into vogue. For another, empirically speaking, I can tell you that the best addresses that you could normally expect to find, even in its hay day, is in the realm of 500 or so, and many of these hosts would easily saturate their own upstream (e.g., T1) links, so you'd need a lot of other equally leveraged addresses to take advantage of it. In other words, it's unrealistic to say that a 56k modem or what have you could take down something like Yahoo using its own bandwidth to originate the attack. A T1 or T3 perhaps, but much more is just unrealistic.
I also assert that a smurf attack is not "easy" to trace. It's actually very time consuming and troublesome, especially if the person does something like launch an attack from a machine that is set up, cleaned of all evidence, and abandoned (permanently) and uses a diverse list of broadcasts so that each broadcast address is only used a couple times. Almost every person that has gotten in trouble for such attacks has been detected by their own upstream usage (i.e., highly aberrantbehavior that invites further investigation by their own provider or upstream provider(s)) and/or a result of bragging about their exploits, ala mafiaboy and company. That said, it is a stupid and highly unoriginal attack (but just because it's stupid and foolish doesn't mean it can't be used to great effect) Anyone that launches an attack from their OWN modem or similar traceable equipment is both especially stupid and doomed.
A small point, but negative reinforcement is *not* the same thing as punishment. This is a very common misconception. Negative reinforcement is a concept relating to operant conditioning and learning theory.
Examples?
Positive reinforcement: If a mother gives her child candy for being good, this is positive reinforcement. By rewarding the child, she is reinforceing the child behaving well.
Negative reinforcement: Your car is filthy and it drives you crazy. You decide to clean it out, and it feels great to have a clean car. Cleaning the car removed the adversive stimulus, making you more likely to clean it next time. This mechanism is theorized to be involved in many forms of drug addiction. (Life is difficult, drugs remove anxiety, more likely to use drugs later.)
See the following pages for more details:
What is Negative Reinforcement
Negative Reinforcement, Escape, and Advoidance Learning
Having a front row seat to the whole ordeal, I can say that mafiaboy is only a small part of the overall story, which is far more interesting and would make for a much better book. I'd be glad to tell it in detail if someone offered a book deal.
The real people involved are probably too incapable of doing it themselves, so I figure it'd be better to write it myself and give them a cut of whatever I make.
This is easy.
Mussolini used to be a journalist. He proved that you can directly contradict yourself in different articles and noone would ever notice. Well, not enough people to matter, anyway.
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
The RCMP officers mentionned in the article once busted a scammer operating from Canada; when they seized the computers and server, they brought them to the supplier to "fix them". Thing is, they swapped hard-disks, and the server hard-disk ended-up in a workstation. Needless to say, the tech was really surprised to see a server come up on that workstation...
So, it only shows that the RCMP are royal-class fumblers and it's a miracle that their evidence was able to stand-up in court... (Or the scammers' defense was totally inept - or the court stupid).
It's got nothing to do with OSS. It's intended to ban him from things like exploit scripts and crack generators and the like. Banning him from sharp objects isn't an underhanded shot at Gilette, and banning him from non-commercial software isn't an underhanded shot at OSS.
Vintage computer games and RPG books available. Email me if you're interested.