Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tracking Mafiaboy

Posted by ryuzaki0 on from the lock-him-up dept.

Cruciform writes "The National Post has an article on the police effort to track Mafiaboy two years ago as the DoS attacks raged against Yahoo, E-trade and others. An interesting read." Its a fairly lengthy story with lots of little bits in this tale of a script kiddie.

37 of 271 comments (clear)

  1. article illustrated something about family... by jeffy124 · · Score: 5, Insightful

    the article showed something about a family's influence. Mafiaboy's father was a business type that cared little about his kids, resulting in some problems for them, as shown in Mafiaboy's DoS actions and problems in school (suspensions, expelled from one school, etc). During the investigations of the DoS attacks, they found that the father was trying to hire a hitman to kill a business associate for getting screwed on a deal.

    If anything, it shows why good family life generally fosters good behavior in kids. I wouldnt be surprised if other 5r1p7 k1dd135 out there have similar family life to that of Mafiaboy.

    --
    The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
    1. Re:article illustrated something about family... by Cmdr+Taco+(luser) · · Score: 5, Interesting

      Oh, come on. Did you read the whole article?

      "Knesek recalls the wiretap and a portrait of a dysfunctional family. There were padlocks on the doors of the brothers' bedrooms. Mafiaboy "saw a lot, dealt with a lot, took a lot," recalled Knesek."

      That, plus the part about the father being prosecuted for hiring a hit man, hints that some pretty freaky shit may have been going down in that house. At the very least, the boys were being raised in an ammoral atmosphere; it may have been worse than that. We'll probably never know what other bits of nastiness the feds got from the wiretaps.

      Some years ago, a girl from my high school (years after I graduated) teamed up with a friend and ambushed her parents with a shotgun and an ax. Real messy stuff. Folks went around saying "How could that sweet girl ever do something like that?" It turned out in the trial that, since she could remember, she was abused physically and sexually, shared sexually with other cretins, was the object of homemade porn and was provided with a wide variety of drugs.

      I'm not saying that sort of thing was going on in mafiaboy's case, but I've developed a deep [dis]repect for damages that can be done throught the effects of a "dysfunctional" family setting.

      --
      All things in moderation.
    2. Re:article illustrated something about family... by neuroticia · · Score: 5, Insightful

      It's easy to observe that when children feel as though they are not having enough attention paid to them, they act out. Negative attention is better than feeling invisible. Some kids shoplift, some kids set things on fire, some kids torture small animals to feel as though they have an impact on things. Cracking or malicious-hacking is just another way of attracting attention. In a lot of ways, I'd say it's an even better way of attracting attention because of the impact that it can have, and because it (supposedly) involves some amount of skill.

      If you read the entire article, you'll recall that the boy's brother was bragging about him, and his father was even somewhat proud of his son's 'skill'. Imagine how sweet this might be to a boy who has been ignored most of his life. Yeah. Upbringing and family life have a LOT to do with a kid's motivations for lashing out, be it digital or physical.

      -Sara

    3. Re:article illustrated something about family... by garcia · · Score: 4, Interesting

      The people who modded up were most likely in the same situation as I was.

      They came from good families yet still did drugs, had detention, were violaters, etc.

      Let's take a look at Ecstacy for example. A good majority of the users and dealers are middle to upper class kids that grew up in the suburbs and found something that was illegal and fun.

      Liberals. Bah.

    4. Re:article illustrated something about family... by RatOmeter · · Score: 3, Insightful

      I'm not being an apoligist here, but upper/middle class children often have their own, unique (or not so unique) handicaps.

      Lower income kids might have to deal with: a flawed vision of themselves being inferior to higher income people, exposure to disillusioned/disenfranchised people who've given up on themselves and their peer's ability to succeed, parents who fit the above description or are too busy to think clearly about their children's environment and care.

      Middle/upper income kids might have to deal with: a flawed vision of themselves being superior to lower income people, exposure to jaded/??? people who've long ago given up on the lower class of folk (because they've "proven" they're no good), parents who fit the above description or are too busy to think clearly about their children's environment and care.

    5. Re:article illustrated something about family... by Ryan+Amos · · Score: 3, Interesting

      Middle class families are often just as messed up as everyone else. Friends of mine had parents who didn't speak to eachother, slept in separate rooms. Middle class families often keep up the facade of being normal, which can be even more damaging. Living a lie is harder than admitting you're fucked up. I was fortunate to grow up in a normal family, but many of my friends were not. I still smoked weed and got in trouble at school, but it wasn't because of my family. Family troubles can be a factor in being a troublemaker, but they're not the only cause.

  2. Mususe of the term "script kiddie"? by AirLace · · Score: 3, Insightful
    Funny how the term "script kiddie" is nowadays applied to almost any cracker. Back in the days were men were men and hackers were coders, "script kiddie" was pretty specifically a reference to individuals who used the scripts of others in the security community to bad ends, without really understanding what was going on (winnuke.exe, anyone?). On the other hand, surely this "mafiaboy" character had at least a proficient knowledge of scripting languages and programming to have put together such a massive operation as this? I'd call him a black hat hacker or cracker -- but definitely not "script kiddie".


    By using words like these in the wrong context, we're linguistically painting orselves into a corner.
    This reminds me of something C. S. Lewis once wrote:


    The word gentleman 'originally meant something recognisable; one who had a coat of arms and some landed property. When you called someone 'a gentleman' you were not paying him a compliment, but merely stating a fact. If you said he was not 'a gentleman' you were not insulting him, but giving information. There was no contradiction in saying that John was a liar and a gentleman; any more than there now is in saying that James is a fool and an M.A. But then there came people who said - so rightly, charitably, spiritually, sensitively, so anything but usefully - 'Ah but surely the important thing about a gentleman is not the coat of arms and the land, but the behaviour? Surely he is the true gentleman who behaves as a gentleman should? Surely in that sense Edward is far more truly a gentleman than John?' They meant well.

    1. Re:Mususe of the term "script kiddie"? by Anonymous Coward · · Score: 5, Insightful

      Didn't you read the part where the effabeeeye were watching his 'hacking' activity? It involved using logins/passwords given to him by others and using _hacking tools_ he downloaded off the Internet, and it took him a few attempts to get the commands right. If you use a tool that is created for the sole purpose of hacking, you are a script kiddie. This kid is a script kiddie, nothing more, and he should have been locked up for a while. Stupid teenage shitbag.

  3. simple lesson by Jucius+Maximus · · Score: 3, Insightful
    I read this article this morning ...

    The lesson is that 'MafiaBoy' was just stupid. He went and hacked sites and publicly bragged about it. He even asked people to dictate his next target.

    If you go and rob a store and then brag about how you did it at the bar, you're gonna get caught.

    Stupid stupid stupid...

    1. Re:simple lesson by GigsVT · · Score: 3, Insightful

      It wasn't stupid when you frame it differently. He wanted the attention, he got more attention than he ever bargained for. He was wildly sucessful in accomplishing his goals. He is almost a household name.

      --
      I've had enough abrasive sigs. Kittens are cute and fuzzy.
  4. Good lesson for all by eyegor · · Score: 3, Insightful


    Should be required reading for all script kiddies and wanna-bes.

    It's damn difficult to totally cover your tracks. Unless you're truely elite, if the FBI wants you badly enough, they'll find you and you'll be making some hairy-backed felon a very happy man.

    --

    Don't anthropomorphize computers, they don't like it.
    1. Re:Good lesson for all by Johnny+Mnemonic · · Score: 5, Funny



      It's damn difficult to totally cover your tracks

      Well, Mafiaboy himself sure helped. From the article:
      The administrators at the university produced a copy of the attack tool used, which was registered to a user named Mafiaboy...

      Moral of the story: don't register your hacking software back to yourself. Kinda like "don't sign each counterfeit bill you make".

      --

      --
      $tar -xvf .sig.tar
    2. Re:Good lesson for all by BreakWindows · · Score: 3, Insightful

      Unless you're truely elite, if the FBI wants you badly enough, they'll find you

      or someone else. The FBI isn't infallable, and aren't as amazing as cop shows make them out to be. They rely on informants and the criminal screwing up, just like other police organizations. This kid got caught because he bragged and wanted everyone to know he did it...let's not go patting the FBI on the back too much.

      Sometimes though, when the public wants someone caught bad enough, and there are no leads (or they aren't allowed to get the person who did it), it's time to find the person who didn't do it and convict them. There are plenty of prisoners who pled 'not guilty', and the evidence used against them just doesn't add up, but still found themselves stuffed away and never heard from again because these organizations needed to save face in the public eye.

  5. the interesting part is right at then end by Anonymous Coward · · Score: 3, Interesting

    where he is not allowed to use any software that is not commercially available as part of his sentance. What does free software have to do with this?

    1. Re:the interesting part is right at then end by ImaLamer · · Score: 3, Funny

      So.... he can still download and use warez right?

      --
      Get your Unix fortune now!
    2. Re:the interesting part is right at then end by m_evanchik · · Score: 3, Funny

      MS '98 telnet is better than telnet on RH 7.2 .

      At least in my limited experience.

      Can't work at nyplgate.nypl.org through RH, but I can through MS.

      --

      evanchik.net

    3. Re:the interesting part is right at then end by GigsVT · · Score: 3, Informative

      Can't work at nyplgate.nypl.org through RH, but I can through MS.

      I just tried it, pulled up some records, did some searches, it all seems to work fine for me within gnome-terminal.

      Note that in the UNIX paradigm, telnet does not provide terminal emulation, that is up to the terminal program you run telnet from.

      --
      I've had enough abrasive sigs. Kittens are cute and fuzzy.
  6. Are script kiddies smart, dumb, or just lazy? by S+Nichol · · Score: 4, Interesting

    I read this article in the paper version on Saturday, and it immediately made me think of a person I know. "Mike" is really big on trading "warez" and playing "gamez" (in fact, that is all he is doing these days).

    Having known "Mike" for over 5 years, I can attest that he is not lacking for brains, especially with computers, but he just can't be bothered to apply himself to some productive end.
    He is not especially interested in doing any worthwhile computer training now that he's finished high school. Strangely, his parents complain about this but can't be bothered with doing anything about it.

    "Mike" seems to be typical of the script kiddies I've encountered... generally smart, but can't be bothered to put in the effort to do anything. Is this the experience of everyone/anyone else?

    I'm also wondering if anyone has any tips for weaning people off the "warez d00d" "l33t" trip, ie. actually putting their brains to some productive use. Perhaps an AA style "five step plan"?

  7. Gotta love this part by Anonymous Coward · · Score: 4, Funny

    "The 14-year-old boy who liked basketball and girls would soon capture the attention of the entire online world"

    Surely an interest in basketball and girls would make him ineligable as a hardcore cracker? I mean such wholesome interests, how could this possibly happen?!?

  8. Phew! by rsklnkv · · Score: 5, Insightful

    Good to know he's going to jail! I mean, now he will reform after spending countless hours locked in a room recieving nothing but negative attention. The reign of chaos he was about to bring upon us was narrowly avoided. He must be one of those terrorists. *End sarcasm* This kid is another fine example of the product our society is producing.

    --
    _____ "If liberty means anything at all, it means the right to tell people what they do not want to hear." -- Orwell
    1. Re:Phew! by puppetman · · Score: 3, Funny

      Only if you're Canadian. Blame Canada. Of course, he's actually from Quebec, so blame them.

  9. Judge's ruling silly by tapiwa · · Score: 5, Interesting
    How is this for a ruling by the judge??
    The judge also prohibited him from possessing any software not commercially available and banned him from using the Internet to talk with other hackers and hacking into any other Websites.

    What is commercially available software?? Do GPL products only available for free download count?

    Also, how do you ban someone from talking with hackers??? I think the true definition of what a hacker is was lost on the judge.

    Lastly, why ban someone from doing something which is illegal anyway... hacking into other websites? The ruling should be modded down to -5 reduntant. :-)

    --

    Live today. Tomorrow will cost a lot more!

    1. Re:Judge's ruling silly by Papineau · · Score: 4, Insightful

      Whitout the judge's exact ruling, you can't say for sure if there are loopholes (or problems) with it. Remember it's a recap by a journalist, which he probably interpreted some way or the other.

      "Commercially available": if I sell commercially (or offer to sell commercially, along with a free (beer) version) some cracking tools (with or without a warning about not using them on other networks), can Mafiaboy use them?

      For the "hackers", the judge probably didn't use that word, and it was probably more geared towards IRCing in crackerz (or 31337) chatrooms.

      And your last point... it means if he does it again, he is liable for doing it in the first place, and then for doing it when a judge told him not to do it. I'm not sure about the name of that charge though, but it's more serious (recidivist).

    2. Re:Judge's ruling silly by Permission+Denied · · Score: 4, Insightful
      What is commercially available software?? Do GPL products only available for free download count?

      Spare me the sob story. If it were up to me, I'd keep this kid away from any general-purpose computer and have him complete his studies in juvie the old-fashioned way, with paper and pencil. Perhaps I would have allowed him to use a computer, but only if the computer had no modem, no NIC, no anything - I'll bet this kid never did anything off-line except play games.

      We don't have the judge's actual ruling, only a snippit from a reporter, so we shouldn't even be discussing this - the judge may have given a very specific definition. If that definition excludes some possibly useful and harmless program, well then tant pis; the judge was generous enough allowing the kid anywhere near a computer as this kid has never used his computer for anything useful (Starcraft, IRC and launching DOS attacks are not useful nor educational).

      I think the true definition of what a hacker is was lost on the judge.

      This "true definition" is completely rejected by mainstream America, and in fact, by most of the computing world, both in academia and the business world, both inside and outside of the US. The definition of hacker that you'll find in the New Hacker's Dictionary is an MIT-ism. Nobody outside of MIT ever uses it, and the FSF is so intimately intertwined with MIT that they don't realize this.

      The old-school "hackers" that you're talking about never dwelled in the script kiddie community. RMS was a math prodigy at Harvard; ESR was math and philosophy guy and never took a computer class; Larry Wall was trained as a linguist at Berkeley during the time when BSD was created, but he never touched Unix at Berkeley. And yet you would claim that barring this kid from using a specific set of software is going to stunt his growth?

      So let's be honest: the warez hoarders and the script-kiddies on IRC - nothing useful has ever come out of these communities. All it has done is sully the reputation and the arguments of those who actually do any useful work: when Johannsen claims to a judge that he had a legitimate purpose for writing DeCSS, the judge won't believe him as he (and his peers) have already heard the same argument a thousand times from warez kiddies and the script kiddies trying to "show off" bad security.

      My point here is that there is very little overlap between the kiddies and the "hackers" your talking about - all your insistence on propagating this MIT-ism of "hacker" does is confuse people as to which is which.

  10. inaccurate? by KidSock · · Score: 5, Funny

    By the time it was over, the Yahoo! attack alone would involve enough data to fill 630 pickup trucks with paper.

    But what font size did they use?

  11. Peachy.... by wowbagger · · Score: 4, Insightful

    Just what we need - more ego stroking for Mafiaboy. Doesn't anybody understand that articles like this are what drives these assholes into making these attacks? They do this for the egobo - "Look at me! All these major news outlets are talking about me! Aren't I wonderful?"

    I think one of the single best ways we could discourage this crap would be to take anybody we catch doing this, and cane them on national TV. Show the piss running down their legs, show them crying for their mommies. Then follow up on them in prison - ask them how many times they've been the woman. Make sure they look as uncool as possible. That way, when the other would-be script kiddies see this, they won't think it's cool - they will think it's most uncool.

    (/me continues to whack hornets' nest known as Slashdot)
    There was a good reason for punishments like the stocks - it made everyone in the community see that breaking the rules was BAD, and that BAD things happened to those who broke the rules. Yes, it was cruel to the individuals in the stocks. News flash - IT WAS SUPPOSED TO BE! It tended to make even the lowest miscreant reconsider his actions. I'm sorry if it offends you, but who better to suffer the consequences of negative actions but the moron who committed them!

    Look - if somebody makes an honest mistake, cut them some slack - I'm not for throwing somebody into the stocks because they missed a stop sign, or because they accidentally didn't secure their computer. But if somebody with malice aforethought commits an act against the community, I say "Nuke them 'till they glow, shoot them in the dark, and let $deity sort 'em out".

    --
    www.eFax.com are spammers
  12. Re:P(r)eachy.... by Interrobang · · Score: 5, Insightful

    Hmm, where do I start citing studies that show the negative effects of negative reinforcement (read: punishment). Maybe

    Bonnie, R.J. (1985). The efficacy of law as a paternalistic instrument. Nebraska Symposium on Motivation, 29, 131-211.

    Wilde, G.J.S. (1981). A critical view of countermeasure development and evaluation. In L. Goldberg, Alcohol, drugs and traffic safety. Stockholm: Almqvist and Wiksell, pp. 1145-1159.

    In short, punishment generally causes people to be more anti-social, resentful, angry, vindictive, and prone to committing acts of sabotage. (Hundreds of years of increasingly punitive laws certainly haven't eliminated crime.)

    Pillorying someone never stopped anyone else from doing the same thing (ever read The Scarlet Letter?); it only drove them deeper underground.

    Now enough with this ridiculous "mild punishments don't work, so let's punish them more!" attitude. (That poison made me sick; I'm gonna eat more to see if it'll make me better!) In order to stop someone from behaving in a certain way, you have to stop the causes, not the symptoms. People in occupational safety and health have known about this one for years, and I'm not even going to get into the politics behind prisons...

    --
    I'm not a geek, I'm just a clever script.
  13. Re:Misuse of the term "hacker"? by danamania · · Score: 4, Funny

    Is that your naked body on the entrance to your site?

    No, it's not.

    But with that comment you've quadrupled the normal daily visits I have to my site... all in the last 20 minutes. I think that's a pretty good effort!

    a grrl & her server

  14. Hey, maybe he really was designing a firewall... by puppetman · · Score: 3, Funny

    After all, many firewalls are designed by highschool students who don't show up to class with books/homework, who hate math, can't type ("agents watched him in real time as he attempted hacks and had to retype commands three, four, or five times before he got them right"), and download their tools from the Internet rather than programming them themselves.

    This kid is a serious dimwit.

  15. Was this as big as they think it was? by 0xA · · Score: 3, Insightful
    As the technology bubble neared its bursting point in 2000, a 14-year-old Montrealer calling himself Mafiaboy disabled much of the Internet economy, alarming the White House and the financial markets.

    Okay, obviously this was big news but honestly not many people were exactly surprised where they? The tools that allowd this kid to pull this off had been identified already, the theory was pretty well established. Was knocking out Yahoo for 12 hours really a disruption of the "Internet Economy"?

    The article was interesting, a good read. There was really any surpising information in there, punk toublemaker kid out to cause shit, surprise. THe fact that the author went to great length trying to paint this as some super mega massive disruption or something was very anoying. Yes this was an important event because of the new level of media attention but it was not an especially shocking event in a technical sense. Nobody was surprised it happened.

  16. hacking session by cr@ckwhore · · Score: 5, Funny

    The FBI released a trace of Mafiaboy's hacking session... I've pasted it below

    --
    C:/> hack yahoo.com

    Select hack type:

    1) Denial of Service
    2) Packet Trace
    3) Steal Accounts
    4) Get Root

    Selection: 1

    Enter Name: MafiaBoy

    Proceed with hack #1 by MafiaBoy? [y/n]: Y

    Hacking yahoo.com... please wait
    ...................FBI trace detected!
    *abort*

    C:\> cd 1337

    C:\1337>

    --
    Thats pretty much all of the trace that the FBI released. I wasn't sure about the syntax of the hack command, but I guess this helps.

    --
    Skiers and Riders -- http://www.snowjournal.com
  17. Competent law enforcement? by Anonymous Coward · · Score: 3, Interesting

    One night, Currie and an FBI colleague saw a flurry of traffic going into and coming out of Mafiaboy's residence. Currie and the FBI agent immediately thought they had another denial-of-service attack on their hands. That was a possibility the agents had been facing all along. Figuring out how to conduct an investigation while at the same time trying to prevent another round of attacks was a big task.

    Yup, a DoS attack with enough punch to take down Yahoo. Originating from ... erm ... a dialup line. Hmmmm, sounds plausible to me.

    Ok, sarcasm over.

    The kind of tools s'kiddies use are made to be installed on compromised systems with a lot of bandwith. However, they can be triggered with very little traffic from the cracker (often via IRC since then the s'kiddie only has to make one connection.)

    Currie yanked a few of the data packets from the stream and made a live copy to analyze. If you know what to look for, you can learn a lot from the raw data packets. If it's HTML, or Web traffic, you can tell that. And although it's more difficult, you can also tell if it's e-mail. Ten minutes passed and Currie's anxiety grew. Then, all of a sudden, they noticed data packets containing messages such as "I'm going to kill ya," "Death God" and the like. Mafiaboy wasn't in the midst of another denial-of-service attack against major e-commerce Web sites: He was playing an online game called Starcraft,...

    They knew when he was surfing a web page because they could see the HTML tags? Although it was 'more difficult' they could tell if it was an e-mail? They thought game traffic might be a DoS?

    ffs! Have they not heard of port numbers?

    It would be the first thing I would check! Kinda narrows down the options doesn't it - knowing what kinda traffic you would expect it to be.

    It sounds from the article like they were literally just watching just raw body data from the packets.

    Perhaps they could do with a touch more expertise and some better tools? Then again, maybe it was due to misunderstanding and/or inaccuracy by the journalist - the writer doesn't sound like they quite know what they're talking about.

    Julian

  18. Re:Script Kiddies by lkaos · · Score: 3

    There is a very thin line between a "script kiddie" and a hacker. Don't most professional software development books preach reusing as opposed to reinventing?

    A script kiddie is someone who only is capable of using pre-written exploits.

    A cracker is someone who, although may use existing exploits, has the ability, and uses this ability, to create new exploits.

    Software development books do preach code reuse but it is also understood that a software developer could never survive if they had no ability to write software and instead, just banged on the keyboard hoping something would eventually be created. In programming circles, these people are called "code monkeys" as they are about as useful as a monkey pounding on a keyboard.

    So, script kiddie is to cracker as code monkey is to hacker.

    --
    int func(int a);
    func((b += 3, b));
  19. Yeah, he was a script kiddie and not a hacker. by neuroticia · · Score: 3, Insightful

    Agreed. The article says that the kid had obviously researched his targets rather thoroughly. This takes time, planning, understanding, and an extreme desire for attention.

    He was a script kiddie, though. He took the scripts and apps of other people and used them for what he did. He did not seem to have a thorough understanding of the things he was doing, the article says he had to type commands several times before they'd work. I don't know about you, but even things I use casually are embedded in my fingertips, and having to retype a command isn't a very common occurence. Having to retype it 3-4 times is a non-occurence.

    If the kid had been a real hacker (using the geek-culture definition of the word...) He would have taken that time and desire for recognition and learned new OSes thoroughly, written a program or ten, or taken up a more positive pursuit. Or at the very least, I believe that he would have been too afraid of doing what he did--because he'd know of the limitations he'd face in the future. Being shackled in the computer world would be far too painful a thing for someone who was really into it.

    If you want to play in the Pros, you stay away from drugs. If you want to have your freedom on the internet, you stay away from illegal activities.

    Or you become so damned good at covering your tracks that no one could ever find you.

    -Sara

  20. Not exactly. by FallLine · · Score: 3, Insightful

    This is not quite true. The so-called smurf attack did lend substantial leverage, but nothing in the realm of thousand-fold leverage, never mind tens of thousands. For one, few people configured their networks this way (with >1k hosts on a single broadcast address) even before smurf attacks came into vogue. For another, empirically speaking, I can tell you that the best addresses that you could normally expect to find, even in its hay day, is in the realm of 500 or so, and many of these hosts would easily saturate their own upstream (e.g., T1) links, so you'd need a lot of other equally leveraged addresses to take advantage of it. In other words, it's unrealistic to say that a 56k modem or what have you could take down something like Yahoo using its own bandwidth to originate the attack. A T1 or T3 perhaps, but much more is just unrealistic.

    I also assert that a smurf attack is not "easy" to trace. It's actually very time consuming and troublesome, especially if the person does something like launch an attack from a machine that is set up, cleaned of all evidence, and abandoned (permanently) and uses a diverse list of broadcasts so that each broadcast address is only used a couple times. Almost every person that has gotten in trouble for such attacks has been detected by their own upstream usage (i.e., highly aberrantbehavior that invites further investigation by their own provider or upstream provider(s)) and/or a result of bragging about their exploits, ala mafiaboy and company. That said, it is a stupid and highly unoriginal attack (but just because it's stupid and foolish doesn't mean it can't be used to great effect) Anyone that launches an attack from their OWN modem or similar traceable equipment is both especially stupid and doomed.

    1. Re:Not exactly. by lkaos · · Score: 3

      This is not quite true. The so-called smurf attack did lend substantial leverage, but nothing in the realm of thousand-fold leverage, never mind tens of thousands.

      Ten thousands is not impossible. A thousand fold was not horribly uncommon either (although I guess much lower figures were more common).

      Still though, considering a 56k modem has an uplink of about 3k, using 500 hosts this translates to about 1.5MB which is enough to do some serious damage.

      I also assert that a smurf attack is not "easy" to trace.

      It is easy to trace via upstream usage as it is a horribly uncommon thing to do. After the fact though, I agree that it is quite difficult to trace. Of course, the people who are tracking most of this stuff are pretty dumb so it would be pretty easy to get away with if enough time was put into preparation.

      Of course, as you point out, it's not a very elegant attack.

      --
      int func(int a);
      func((b += 3, b));
  21. Re:P(r)eachy.... by oasisbob · · Score: 3, Informative
    Hmm, where do I start citing studies that show the negative effects of negative reinforcement (read: punishment)

    A small point, but negative reinforcement is *not* the same thing as punishment. This is a very common misconception. Negative reinforcement is a concept relating to operant conditioning and learning theory.

    Examples?

    Positive reinforcement: If a mother gives her child candy for being good, this is positive reinforcement. By rewarding the child, she is reinforceing the child behaving well.

    Negative reinforcement: Your car is filthy and it drives you crazy. You decide to clean it out, and it feels great to have a clean car. Cleaning the car removed the adversive stimulus, making you more likely to clean it next time. This mechanism is theorized to be involved in many forms of drug addiction. (Life is difficult, drugs remove anxiety, more likely to use drugs later.)

    See the following pages for more details:
    What is Negative Reinforcement
    Negative Reinforcement, Escape, and Advoidance Learning