http://www.canada.com/montreal/news/story.asp?id=3C1DAA77-791C-4754-858F-CF672F47FCE9 SIDHARTHA BANERJEE The Gazette February 23, 2003 He was a Montreal-area teenager with a rudimentary knowledge of computer hacking, but he single-handedly crippled the lucrative U.S. e-commerce market for brief periods in February 2000. In the process, the 15-year-old nicknamed Mafiaboy provided the RCMP with its first and finest example of a high-tech cross-border investigation, an international conference on policing and security was told yesterday. The case also opened the eyes of the federal government, prompting it to get legislation on the table to help combat cybercrime, RCMP Sgt. Marc Gosselin said yesterday. Gosselin, the lead Canadian investigator in the Mafiaboy case, said it's not easy to get evidence in denial-of-service attacks, in which hackers secretly crack into numerous computers, using those "zombie" computers to send multiple requests to a server to try to overwhelm it and shut it down. "The evidence in this type of case is very volatile. It can be there, but when it's gone, it's gone," Gosselin said. Gosselin is hopeful that federal legislation to fight the growing problem of cybercrime, currently in second reading in Parliament, will pass. The new law will require corporations and Internet service providers to save information - including e-mails and hard-drive contents - and hand it over to police. Existing legislation already allows police to obtain warrants obliging Internet service providers to hand over information and tap into computer hard-drives. The RCMP's National Technological Crime Unit has continued to increase in size, but between international and local cases the staff is swamped, Gosselin said. And Christopher Painter, deputy chief of the computer crimes division of the U.S. Justice Department, noted: "Even if it appears to be a domestic crime, often if they are sophisticated, (hackers) will bounce their attacks through several different countries to evade detection or capture." Mafiaboy was not a computer whiz kid, but what the investigation revealed to authorities was that you didn't need an extensive knowledge of computers to cripple the system. "He basically had no hacking skills. He used somebody else's tools that were user friendly," said Gosselin. "He never actually hacked, he was using user IDs and passwords and software to do the job." Mafiaboy was sentenced in September 2001 to eight months in a youth detention centre after pleading guilty to 58 charges. They included five denial-of-service attacks on the Yahoo, CNN, eBay, Dell and Amazon Web sites. Another 52 charges involved illegally accessing computers, including those of universities in the United States and some as far away as Denmark and South Korea. The Mafiaboy presentation was one of the last during a three-day conference organized by the Law Commission of Canada examining the problems of private and public policing in Canada. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Feb 24 2003 - 06:05:05 PST