[One has to wonder if Mr. Neal & his team still have jobs in light of recent events with Exodus filing for Chapter 11 on Wednesday? - WK] http://www.zdnet.com.au/newstech/security/story/0,2000024985,20260720,00.htm By John Galvin, Special to ZDNet 26 September 2001 They're not the feds, but they're taking down hackers, organised criminals, script kiddies, and other threats to your company. A report from the front lines. For Charles Neal, a 20-year veteran of the FBI, Mafiaboy was the watershed case for cybercrime. On Monday, February 7, 2000, a 15-year-old from suburban Montreal with the online moniker Mafiaboy launched a weeklong Internet attack on Yahoo, CNN.com, Amazon.com, eBay, Dell, Buy.com, and several others, causing losses estimated in the millions. The hacker hit the companies with what is now commonly known as a distributed denial-of-service attack, which flooded the victims' Internet servers with messages until they collapsed. The teen later told investigators in a taped interview that when he saw the chaos his attack caused he almost wet his pants. Mafiaboy was not a sophisticated hacker. He begged the software now widely available on several Internet hacker sites from other hackers and then used it to break into and gain root access to more than 50 servers, most of them located at American universities. He then used those servers to launch his assault. That morning, calls began coming into Neal's office at the FBI's Los Angeles computer intrusion squad, a group he formed in 1995 that had investigated computer-crime cases including those of Kevin Mitnick and the Solar Sunrise attacks against the Pentagon. Neal sent an agent to the data centre of Exodus Communications, one of the world's largest IP networks, whose corporate customers include many of Mafiaboy's victims. Neal wanted to see what Exodus's server logs would reveal about the attacks. The agent showed up at Exodus but was turned away and told not to come back without a subpoena. The high-tech industry has developed an almost institutional fear of bad publicity, reasoning that covering up attacks is better than letting FBI agents poke around their systems and launch a very public investigation. When Neal found out, he was apoplectic. "These were their clients!" he says. He finally reached Exodus's chief security officer, Bill Hancock, who had started work that day. "I said, 'Bill Hancock! This is Charles Neal of the FBI and you have some very rude people working for you!' " Hancock, who had met Neal at security conferences, told him, "That's all going to change today." Neal's team soon began poring over Exodus's logs, ultimately tracing the attacks to Mafiaboy's home computer. Jill Knesek, the case agent, then flew to Montreal where the Royal Canadian Mounted Police were placing a phone tap on Mafiaboy's house. "There were two kids in the house," remembers Knesek. "And we had to figure out which was actually doing the attacks." What made Mafiaboy so important? It proved to Neal that anybody, even someone with very limited talent, could launch a massive cyberattack. And while Mafiaboy primarily targeted dot-coms, almost every company, and maybe your home, is now online and networked to some extent. The case exposed two trends in cybercrime: The weapons are becoming increasingly easy to use, and the pool of potential victims is expanding. Neal also concluded that maybe the FBI wasn't the best way to combat cybercrime. Had Mafiaboy been smart enough to route his attacks through an offshore country, as most experienced hackers do, Neal's investigation would have been over. "Once it goes overseas it's dead," says Neal. "The FBI can't, by law, investigate any further. If we even want to call a police department overseas we have to call our State Department, which calls the people over there, and on down. It can take months! And we don't have that much time in these cases." That March, then FBI director Louis Freeh flew to Los Angeles to award Neal his 20-year pin. Two months later, Neal, with seven years left until mandatory retirement, resigned from the bureau. He wanted to form a new computer-crime squad, one with a global reach that was part of the private sector, staffed with law-enforcement veterans and technologists. The idea was to respond to cyberattacks, but also to pursue hackers organised criminals, script kiddies (amateurs like Mafiaboy), competing companies, or even foreign countrieslike it would any legal case. Neal envisioned changing the way companies approach cybercrime, encouraging them to seek prosecution instead of living in terminal fear of bad publicity. He landed at Exodus Communications. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 04:42:20 PDT