[ISN] Meet the world's baddest cyber cops

From: InfoSec News (isnat_private)
Date: Thu Sep 27 2001 - 02:14:52 PDT

  • Next message: InfoSec News: "[ISN] DoJ press release on Brian West"

    [One has to wonder if Mr. Neal & his team still have jobs in light of
    recent events with Exodus filing for Chapter 11 on Wednesday?  - WK]
    By John Galvin, Special to ZDNet
    26 September 2001
    They're not the feds, but they're taking down hackers, organised
    criminals, script kiddies, and other threats to your company. A report
    from the front lines.
    For Charles Neal, a 20-year veteran of the FBI, Mafiaboy was the
    watershed case for cybercrime. On Monday, February 7, 2000, a
    15-year-old from suburban Montreal with the online moniker Mafiaboy
    launched a weeklong Internet attack on Yahoo, CNN.com, Amazon.com,
    eBay, Dell, Buy.com, and several others, causing losses estimated in
    the millions.
    The hacker hit the companies with what is now commonly known as a
    distributed denial-of-service attack, which flooded the victims'
    Internet servers with messages until they collapsed. The teen later
    told investigators in a taped interview that when he saw the chaos his
    attack caused he almost wet his pants.
    Mafiaboy was not a sophisticated hacker. He begged the software now
    widely available on several Internet hacker sites from other hackers
    and then used it to break into and gain root access to more than 50
    servers, most of them located at American universities. He then used
    those servers to launch his assault.
    That morning, calls began coming into Neal's office at the FBI's Los
    Angeles computer intrusion squad, a group he formed in 1995 that had
    investigated computer-crime cases including those of Kevin Mitnick and
    the Solar Sunrise attacks against the Pentagon. Neal sent an agent to
    the data centre of Exodus Communications, one of the world's largest
    IP networks, whose corporate customers include many of Mafiaboy's
    victims. Neal wanted to see what Exodus's server logs would reveal
    about the attacks.
    The agent showed up at Exodus but was turned away and told not to come
    back without a subpoena. The high-tech industry has developed an
    almost institutional fear of bad publicity, reasoning that covering up
    attacks is better than letting FBI agents poke around their systems
    and launch a very public investigation.
    When Neal found out, he was apoplectic. "These were their clients!" he
    says. He finally reached Exodus's chief security officer, Bill
    Hancock, who had started work that day. "I said, 'Bill Hancock! This
    is Charles Neal of the FBI and you have some very rude people working
    for you!' " Hancock, who had met Neal at security conferences, told
    him, "That's all going to change today."
    Neal's team soon began poring over Exodus's logs, ultimately tracing
    the attacks to Mafiaboy's home computer. Jill Knesek, the case agent,
    then flew to Montreal where the Royal Canadian Mounted Police were
    placing a phone tap on Mafiaboy's house. "There were two kids in the
    house," remembers Knesek. "And we had to figure out which was actually
    doing the attacks."
    What made Mafiaboy so important? It proved to Neal that anybody, even
    someone with very limited talent, could launch a massive cyberattack.
    And while Mafiaboy primarily targeted dot-coms, almost every company,
    and maybe your home, is now online and networked to some extent. The
    case exposed two trends in cybercrime: The weapons are becoming
    increasingly easy to use, and the pool of potential victims is
    Neal also concluded that maybe the FBI wasn't the best way to combat
    cybercrime. Had Mafiaboy been smart enough to route his attacks
    through an offshore country, as most experienced hackers do, Neal's
    investigation would have been over. "Once it goes overseas it's dead,"
    says Neal. "The FBI can't, by law, investigate any further. If we even
    want to call a police department overseas we have to call our State
    Department, which calls the people over there, and on down. It can
    take months! And we don't have that much time in these cases."
    That March, then FBI director Louis Freeh flew to Los Angeles to award
    Neal his 20-year pin. Two months later, Neal, with seven years left
    until mandatory retirement, resigned from the bureau. He wanted to
    form a new computer-crime squad, one with a global reach that was part
    of the private sector, staffed with law-enforcement veterans and
    technologists. The idea was to respond to cyberattacks, but also to
    pursue hackers organised criminals, script kiddies (amateurs like
    Mafiaboy), competing companies, or even foreign countrieslike it would
    any legal case. Neal envisioned changing the way companies approach
    cybercrime, encouraging them to seek prosecution instead of living in
    terminal fear of bad publicity.
    He landed at Exodus Communications.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 04:42:20 PDT