MafiaBoy, the hacker who took down the Internet

Reading Time: 6 Minutes

In 2000, a high school student named Michael Calce, aka MafiaBoy, paralyzed the websites of e-commerce, and media giants including eBay, Amazon, CNN, Dell, and Yahoo with a series of denial-of-service attacks (DDoS).

Early years

Michael Calce was born in the West Island area of Montreal, Quebec, Canada. 

At a very young age, his parents got divorced, and he eventually moved to live with his mother, while his father had also his custody on the weekends.

The young Michael, at around the age of 6 felt isolated from his friends, and his father make sure to preoccupy him with a personal computer he brought from work

The digital world instantly had a hold of him. In his own words,

“There was something intoxicating about the idea of dictating everything the computer did, down to the smallest of functions”.

The computer gave him a sense of control and command which nothing in his world operated that way.

Over the first few weeks of using the computer, Michael went from not knowing anything to using DOS commands. He spent countless days on manuals gaining knowledge and putting it into work. 

Few years later he got his first free trial of AOL, and it was his first time on the Internet. A few days later, the 9-year-old managed to hack AOL’s systems so he could stay up online past the 30-day trial period, pretty remarkable for his age.

First steps into Hacking 

As a teenager, Michael began chatting with people using AOL’s chat function.  He was getting kicked off from the chat rooms, in other words, “punting”, where someone would have knocked him offline by hitting him with so much data that his connection was severed. 

It didn’t bother him, but instead, he was intrigued by the idea that an individual was able to “attack” someone else, regardless of the distance between them, using the Internet.

After gaining the knowledge needed, he was making fun by “punting” people who got on his nerves in the chat.

Michael was one of the first members that got involved in the first online hacking communities. As he got more and more involved in online hacker groups his hacking skills and knowledge got even deeper. 

When joined the IWC (a hacker’s group), he found out that other people online had the power to shut down the computer, erase data, build malicious tools, steal personal information, disrupt credit ratings, and much more. 

Michael was taught by the leader of the group and other members on how the IRC network works, and how to exploit certain vulnerabilities in order to compromise machines or networks, ideally with root access. 

During the next couple of months, and all of a sudden, the leader of the group vanished into thin air leaving Michael and the members of IWC worried about what happened to him and how to continue running the group. 

Eventually, Michael decided to leave the group as the backbone of IWC was gone and no other seemed to know what to do next.

He then proceeded to join another hacking group, the TNT/PHORCE group which was even bigger than what IWC used to be. TNT was considered the elite among the other hacking groups on IRC.

It was the first time that he used his alias, MafiaBoy, which was originated from his brother, who was downloading music illegally under the same alias. 

After learning and practicing on small targets for some months, Michael finally broke to Outlawnet Inc, an ISP in Oregon which its network was operated by students at Sisters High School.

Using their server, he was able to spoof his IP address and route himself through Outlawnet, then enter an IRC chat room and make it appear as he was connected from anywhere, he wanted. He used that server also to cover his tracks. 

He managed to hack over a handful of university networks and then by harnessing their combined computing power, he attacked outside websites.

In other words, he was able to perform DDoS attacks using the university networks to overwhelm with traffic outside websites by just clicking enter on his keyboard. 

Project Rivolta – The attacks

As time passed, Michael had enough using the tools of other hackers and wanted more. He had the idea to build his own powerful DDoS tool with the help of his fellow hackers to establish dominance for himself and his hacking group in the cyberworld.

After a couple of months of developing their tool in combination with Michael’s compromised machines on various networks, it was time to test it on a major, well-known target. 

On February 7, 2000, and while still being a High School student, Michael launches the first DDoS attack using his tool on Yahoo!. The attack was a part of a series of attacks under the project name Rivolta, meaning “uprising” in Italian.  At the time, Yahoo!, was a multibillion-dollar company and the top search engine. He managed to shut down their website for an hour. 

The next day someone also shut down Buy.com in response to the attack. Michael took it as a message to him, as someone was challenging him, suggesting that anyone could do what he did on Yahoo!. He saw it as a contest and armed with his powerful botnet, he chose his next target, which was eBay.

On the next day, on February 8th, he launched his attack on eBay, which fell harder and faster than Yahoo!. 

While chatting with his fellow hackers on IRC, one suggested that CNN would be impossible to bring down because of its advanced networks, etc. MafiaBoy took it again as a challenge and managed to shut down CNN’s and a couple of days later he took down Dell’s website as well. 

After people on the IRC chats saw that CNN was down, he would then push for another suggestion from them.  Their suggestion was Amazon.com, which he attacked over the next week and took it down rather easily.

Meanwhile the attacks were on the first page of every news media.

Aftermath

The FBI and the Canadian police department first notice Michael when undercover agents in the IRC chatrooms found out that MafiaBoy was claiming that he was responsible for the attacks. After that, he became the chief suspect. 

Agents began searching the Internet for clues about his identity and soon found out an account in the name of MabiaBoy registered to an ISP in Canada. The data from the Dell attack also pointed to another ISP in Montreal and started to look as though Mafiaboy was located in Canada.

They managed to track him down when they executed warrants at Delphi Supernet and TotalNet in Montreal, the two ISP’s that had linked to multiple Mafiaboy accounts.  By connecting the attacks from the incident at Outlawnet in Seattle, soon realized what it was about the TotalNet account information. It had the same telephone number and address. 

After a couple of days of combining the information they found, they started monitoring his house and eventually arrested Michael.

He initially denied responsibility but later pleaded guilty in January 2000 to most of the charges brought against him, 55 in total. He got charged with 55 out 66 counts of mischief in connection with last year’s denial-service attacks. The cost of all the damages he caused was estimated at $1.1 billion dollars.

His lawyer insisted that he was only a child that was running unsupervised tests to help the companies with their security whereas trial records indicated otherwise.

While testifying at a hearing before members of the United States Congress, Winn Schwartau, a computer security expert said that “Government and commercial computer systems are so poorly protected today they can essentially be considered defenseless – an Electronic Pearl Harbor waiting to happen.”

On September 12, 2001, after eight months of open custody, the Montreal Youth Court sentenced him to 8 months in a youth detention center, one year of probation, restricted the use of the Internet, and a small fine of $1000 Canadian dollars.

 Later Years

Michael left his criminal hacking self behind and went on then to help companies identify security flaws in their systems and design better security features. 

At the age of 31, he started his own cyber-security company, Optimal Secure. He is now using his skills for the greater good, and focusing on the financial sector in Montreal, Toronto, and Vancouver performing penetration testing for local companies.

In a recent interview Michael said that “ back then, he and many of his compatriots hacked more out of curiosity than anything else, while many of today’s generation of hackers have crime, or even espionage, in mind.”

The fact that some of the largest websites in the world could be rendered inaccessible by a 15-year-old kid created a worldwide scare back then, creating a sense of no protection against such attacks. 

Many executive people though, gave credit to Michael for the significant increase in online security that took place over the next decade.