Experts Cite Canadian Teen in Web Attacks

University computer yields clues in case

Two California security analysts said they have provided the FBI with information the agency is using to track down one of the suspected attackers in the recent distributed denial-of-service attacks.

Michael Lyle, chief technology officer at Recourse Technologies Inc. in Palo Alto, Calif., said his company passed along information about a computer cracker named MafiaBoy who had posted messages on Internet Relay Chat (IRC) inquiring about which sites to attack.

According to Lyle, MafiaBoy is suspected of attacking sites owned by ETrade Group Inc. in Menlo Park, Calif., and Cable News Network (CNN) in Atlanta by breaking into academic machines, including at least one at the University of California, Santa Barbara (UCSB).

Method of Attack

Lyle said MafiaBoy allegedly exploited a hole in the WU-FTP file exchange software at UCSB and then used the breach to insert the Tribe Flood Network tool that prompts captured computers to carry out distributed denial-of-service attacks. He said the method of attack was less sophisticated than those used in the earlier assaults against Yahoo Inc. and eBay Inc. "The original breaking in could have been some time ago," said Lyle.

Fred Cost, vice president of marketing at Recourse, said authorities suspect that MafiaBoy is a 15-year-old Canadian boy who is now being investigated by the Royal Canadian Mounted Police, which has been investigating the records of Internet Direct Business Solutions, a Canadian Internet service provider in Toronto.

The FBI hasn't confirmed that it's investigating the alleged Canadian cracker. Lyle and Cost said that while they keep their ears close to IRC and other discussion areas favored by those interested in distributed denial-of-service attack tools, evidence leading to suspects in the other incidents doesn't appear to be as strong.

"Listening to the hacker community, there have been no credible claims for responsibility for those attacks," said Lyle. "There is nothing I actually believe."

UCSB officials reported that a Unix computer in a university research lab was used to help launch a distributed denial-of-service attack against CNN.com during the Web onslaught (News, Feb. 14).

Copyright © 2000 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon