Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo Hacker 'Mafiaboy' Eight Years On

Posted by CmdrTaco on from the cashing-in-on-your-crimes dept.

An anonymous reader writes "Eight years ago Mafiaboy (Michael Calce) knocked Yahoo offline. Today he he works as a legitimate security consultant and has just published a book documenting his criminal career and offering advice on how people can protect themselves from people like him on the Internet."

20 of 183 comments (clear)

  1. WARNING! by Anonymous Coward · · Score: 5, Funny

    I bought this book, but it intentionally contained too many pages and overflowed my bookcase. It fell off the end, and gave my cat a fatal error. While I was in the back garden burying Muffins, he sneaked into my house and stole all my stuff!

    1. Re:WARNING! by YttriumOxide · · Score: 5, Funny

      I bought this book, but it intentionally contained too many pages and overflowed my bookcase. It fell off the end, and gave my cat a fatal error. While I was in the back garden burying Muffins, he sneaked into my house and stole all my stuff!

      It took me three readings of that to parse that "Muffins" was the name of your cat. My first impression of your post was a lot more surreal.

      --
      My book about LSD and Self-Discovery
      Also on facebook as: DroppingAcidDaleBewan
  2. Re:But i thought... by Anonymous Coward · · Score: 5, Insightful

    Probably because Canada is not part of the US yet?

  3. Words of Wisdom from a Script Kiddie by tecopa03 · · Score: 5, Interesting

    Oh lord.

    Chapter two, "I installed the win32 exe called 'zombie', next I clicked on the Dee DOS button and took out CNN"

  4. Re:7 years ago two planes flew into the Twin Tower by BadAnalogyGuy · · Score: 5, Insightful

    Every time I fly, I am reminded just how much we lost in the years following that day.

  5. Not worth the time by Sun.Jedi · · Score: 4, Insightful

    The excerpt reads like a pre-teen love story.

    I downloaded and then I pressed enter
    I installed and then I was online

    And thats chapter 5, what the hell does he write about (being all of 9 years old) for the first 4 chapters?

    This won't qualify as proper fish wrapping.

  6. Re:But i thought... by Anonymous Coward · · Score: 4, Informative

    It might be flamebait, but it is true. This guy is Canadian, living in Canada. US Federal law ? What about it?
    As to whether he has such a gap in judgement, he was 15 at the time of the hack. Who does not have gaps of judgement at that age?

  7. Re:7 years ago two planes flew into the Twin Tower by RiotingPacifist · · Score: 5, Funny

    I belive its called Giuliani's rule

    --
    IranAir Flight 655 never forget!
  8. Re:Why? by onion2k · · Score: 4, Interesting

    6) Ask your techie friend/relative about switching to Linux, and you can almost completely cross 1, 4, and 5 off this list

    Err... no. Assuming you're running Linux (or OSX, BSD, whatever) 1, 4 and 5 still apply just as much as they do on Windows.

    1) Don't run files whose source you don't trust

    Binaries can be dangerous on Linux, especially if you're a newbie user who runs things as root (and we are talking about newbies here remember). Even compiling your own apps can be dangerous if the source of the source isn't trustworthy.

    4) Avoid going to domains you aren't familiar with, as they could contain exploits which can bot your machine without any interaction - stick to reputable sources of information

    You're not going to be running into self-installing ActiveX malware, but you're in just as much danger from phishing, XSS or browser exploit hacks.

    5) Keep your AV and Firewall up to date

    The firewall issue is obvious. You need one even on a Linux PC. Maybe moreso even because Linux often comes with a raft of server and daemon stuff that Windows doesn't. AV is more contentious - but if you're using the computer for anything important, eg work related, and you don't want to pass viruses on to clients then AV is still a useful tool. I'm certain that me passing on a virus to a client would do more damage to my business than actually having my computer affected by one itself.

    Your operating system is never enough for you to take a liaise faire attitude to security regardless of what you're running.

    --
    http://twitter.com/onion2k
  9. Re:But i thought... by Yvan256 · · Score: 5, Funny

    Hell, I'm 93 and I still have gaps of judgement.

    Oh wait, those are gaps of memory.

    Get off my lawn!

  10. What I always wanted to ask... by information_retrieva · · Score: 4, Interesting

    I always want to ask one of these reformed hackers what, if anything, would have deterred them when they were first getting started. Does anyone know if this book attempts to answer that sort of question?

    1. Re:What I always wanted to ask... by YttriumOxide · · Score: 4, Interesting

      Well, assuming you posed the question to me (I was convicted of telephone fraud (phreaking) once, and discharged without conviction on charges of breaches of the telecommunications act (unlawful entry to a computer system that wasn't my own (a bank))), I would have to answer as follows:

      There is almost nothing you could have done to deter me from those actions. I felt as if I was a part of a "wild frontier", and had control and abilities that very few others possessed (and, I was probably right). The feeling was that of real power - something that most people in their very early teens (when I was arrested for the crimes mentioned) don't often get a lot of... especially as the "geeky kid" at school who got picked on all the time (this was the early 90s in small town New Zealand - not the best place for a geek). Trying to convince anyone to willingly give up that sense of "worth" without getting something equal in return is pretty much impossible.
      It's also worth noting that I was caught twice, for what was hundreds, if not thousands, of criminal activities. I still felt pretty bulletproof (especially after the "discharge without conviction" for the bank crack)

      I made my mistakes, but honestly, I don't regret it even to this day - my current work has nothing to do with security, although I still keep up in those circles and like to hone my skills against my own systems. But, I've also never had any negative consequences other than the court imposed penalty for the phreaking (which was surprisingly minor - especially in relation to the police recommendation). If a kid were to come to me today and ask if he/she should do it, my answer would be that they should do what they feel is right and accept the consequences if they do something illegal and get caught at it. I'm not 100% sure that even means I would try to discourage them...

      Of course, I was a cracker and a phreaker... not a script kiddie. "Mafiaboy" may be a little different.

      --
      My book about LSD and Self-Discovery
      Also on facebook as: DroppingAcidDaleBewan
  11. excerpts.... by apodyopsis · · Score: 4, Insightful
    from the except http://mafiaboybook.com/about-the-book/ from the book...

    "I had heard you could download versions of even the most popular games for free. This was a type of "warez"--pirated software."

    "I realized it was a common occurrence and that it was called punting. Someone knocked me offline by hitting me with so much data that my connection was severed. These punters seemed to have a huge amount of power over others on AOL."

    "I wanted to punt someone. Badly. That's when my real hunt for AOL hacking tools started."

    "I slowly learned how things worked. I eventually began to modify the applications to meet my needs. This is how kiddies become hackers."

    Jesus H Christ! People buy this crap?

    One thing is for certain, the target audience is not to be found on /., though I predict we will all get a good laugh off it.

  12. Re:But i thought... by pegr · · Score: 4, Interesting

    Even as a teenager, I had a strong self-preservation instinct. I knew the difference between a felony and a misdemeanor.

  13. Script kiddie by LizardKing · · Score: 4, Interesting

    Frankly, I'm not surprised that a script kiddie (which is all Mafia boy was) could take Yahoo! down back in 2000. I worked there in 1999 for four or five months, and left in disgust at how poor their engineering was. On my first day I fixed a bug where user input was being used as a format string. This in C code that was written by a "veteran" coder, who clearly couldn't write anything maintainable. There was no documentation (I'm not exaggerating), designs were communicate verbally, hacked together and then forgotten. There was not project management as such, and no middle management - seniority was based simply on who had been there the longest. While this "hacker ethos", of which Yahoo! employees were inordinately proud, may have worked when it was two guys working from a trailer but it was disastrous in a large, international development team.

  14. Re:But i thought... by Anonymous Coward · · Score: 4, Informative

    There are two types of people: people who did crazy shit when they were 15 and

    FUCKING LIARS!!

  15. Start of the script kiddy revolution by hkb · · Score: 4, Informative

    It should be noted by those of us who still vividly remember, that Mafiaboy and YTcracker were relatively skill-less script kiddies, not hackers. Back then, at least.

    --
    /* Moderating all non-anonymous trolls up since 2004 */
  16. Re:But i thought... by gary_7vn · · Score: 5, Informative

    Here is the loophole. In Canada a young offender's record is expunged after a period of time, after which they are allowed exactly the same rights and privileges as any other Canadian. This protects them from the self-righteous, who would seek to punish them - forever. "...the bill would apply only to accused persons "convicted" of the offence, thus excluding from its reach offenders who were found "not criminally responsible" by reason of a mental disorder or who were "found guilty" as young offenders, or who were granted an absolute or conditional discharge under section 730 of the Criminal Code."

  17. Re:But i thought... by SuperSlug · · Score: 4, Funny

    Probably because Canada is not part of the US yet?

    Got to love how Canadians write a statement... that ends with a question mark.

    Probably because Canada is not part of the US yet, eh?

    There fixed it for ya.

    --
    The information wants to be free, I just give it somewhere to go.
  18. Why did I go to college? by penguin_dance · · Score: 4, Interesting

    While the rest of us were going to college, this guy had the formula to quick success.

    Hack into large company web sites
    Get a slap on the wrist
    Become a reformed hacker/security expert
    Write book on exploits
    $PROFIT!

    --
    If you've never been modded as "flamebait" or "troll," you've never tried to argue a minority viewpoint here!