|Former hacker Michael Calce, AKA “Mafiaboy”
Photo: Sean Michael Kerner
TORONTO — In 2000, 15-year-old Canadian Michael Calce, better known by his online hacking alias as Mafiaboy, attacked high-profile Web sites — including CNN.com, Yahoo, eBay, Amazon.com, Excite and E*trade — and took them offline, causing over $1 billion in losses. He was convicted and spent five years away from the Internet.
Now Mafiaboy’s back, and he has a warning for the industry: The Internet is still broken.
Speaking here at the IT360 conference, Calce reflected on what he did nearly ten years ago and provided a few ideas on how security should be improved today.
According to Calce, you need to look no further than the Conficker worm, and the worry generated by its expected activation last week, to see why things haven’t changed much since 2000.
“I think it’s important to pay attention to the fact that it didn’t do anything on April 1,” Calce told the capacity crowd. “I think it was just part of the ploy that something would only happen … I’m worried now that [because] something didn’t happen, it will be forgotten.”
Calce added that he’s concerned that someone still has access to the thousands of computers that Conficker had infected, and is still adding to the botnet. As a result, Calce is confident that we will see more of Conficker in the future.
“I think it was just a ruse, letting people think that something would happen — and then nothing,” Calce said. “I think it played out perfectly for whoever created it.”
Worse, Conficker may only be the tip of the iceberg, with Calce arguing that attacks today like Conficker are actually easier to execute than they were in his day.
The Mafiaboy attacks were the first widespread, distributed denial of service (DDoS) attacks on the Internet, and they required that Calce write his own custom tools. He also noted that back in 1999 and 2000, most people were also on dialup Internet connections, which meant there wasn’t as much always on-bandwidth to exploit.
Nowadays, however, fledgling hackers can readily avail themselves to premade tools and scripts to launch all manner of attacks. And with the number of persistent broadband connections proliferating, the number of PCs that can potentially be targeted in attacks or harnessed for botnets is also greater than ever.
The motivation of hackers has also changed. Calce argued that he was just a 15-year-old kid, exploring the Internet to see what he could do — typical for hacking of the day, which he described as more about showing off to hacker rivals. Today, however, the motivation is money and attackers are interested in trying to get as much monetary gain as possible.
“I didn’t have criminal intent — I was just interested in shutting down sites to see if it would work. I didn’t think about the financial losses, totaling $1.7 billion from my action. It’s astounding to me,” Calce said. “My overall motive was exploration and taking out my opposing hacking group.”
Now the attackers are far more organized, and aren’t necessarily kids like Calce had been. Today’s hackers also can have ties around the globe.
Despite the changes, Calce argued that that the Internet remains just as unsecured as it had been when he was hacking. He said that there are a consistent stream of buffer overflow and zero-day exploits
How to protect yourself
Users can still take some precautions to better ensure their safety. Calce told the audience that hackers succeed because they rely on users to be naïve, and reminded the audience of the importance of patching and running up-to-date antivirus software.
Beyond that, Calce argued that Internet itself needs better software and protocols.
“Unless we rebuild the Internet and its various protocols, it will always be them striking first — then us patching,” Calce said.
In his view, a government entity needs to step in and certify all code that runs on the Internet. “The IT community alone is not enough to handle this problem,” Calce said. “We need to make sure that a certain standard is met that will reduce the risk of IT breaches.”
And in spite of all the industry effort put into fixing security breaches, Calce said that vulnerabilities will continue to proliferate simply because the Internet itself is growing too rapidly.
“We’re advancing too quickly for our own good, and we’re creating new tech without fixing existing technology and making sure that it’s secure first,” Calce said. “Vendors are not making sure security is the No. 1 priority, and to me, that’s crazy.”