A 15-year-old hacker, known online as "Mafiaboy", was charged by Canadian police on Wednesday with mischief in one of the biggest cyber attacks in history.
The charges relate to the jamming of the CNN.com Web site and up to 1,200 CNN-hosted sites for four hours on February 8.
Mafiaboy, who cannot be named under a Canadian law that protects the identities of juveniles charged with crimes, was arrested on Saturday and formally charged on Monday, the Royal Canadian Mounted Police told a news conference.
Police Inspector Yves Roussel said investigators were able to track the 15-year-old boy in part because he bragged about his alleged exploit in messages sent to Internet chat rooms.
"This individual, using the nickname Mafiaboy, would have publicised on many occasions that he was the person responsible for those attacks," Roussel said.
"The prosecution intends to demonstrate before the court that Mafiaboy is responsible for the denial-of-service attack that was launched for more than four hours on the 8th of February against the CNN site and all the sites that are hosted by this company - and we are talking roughly 1,200 of those," Roussel said.
The Mounties charged Mafiaboy with two counts of mischief to data, which carries a maximum sentence for juveniles up to two years in detention and a C$1,000 ($675) fine.
Mafiaboy has been released but his bail conditions include not using a computer except for academic purposes and under the supervision of a teacher.
He is also prohibited from connecting to the Internet or frequenting stores that sell computers or computer paraphernalia. Police seized all of the computers and related material found at the boy`s home.
Police said the investigation into the series of cyber attacks that locked up some of the Internet`s most popular Web sites in February continues and there could be other arrests.
The "denial-of-service" attacks in early February shut down such Web sites as Yahoo!, Amazon.com, eBay, BUY.COM, Excite and E-Trade. Mafiaboy was not charged in connection with the attacks against the sites.
The February attacks alarmed Internet users across the globe, cost Web sites millions of dollars in revenue and shook the electronic commerce industry because of the apparent ease with which major sites were made inaccessible.
The Mounties and FBI declined to say whether they had identified other suspects in the wider investigation involving those sites.
"We had to do something to prevent further actions from Mafiaboy. That is why we arrested him last weekend," Roussel said.
"However, the investigation is ongoing and there is literally tons of information to scrutinise. There is a possibility that other people might be arrested," he added.
Police would not comment on whether Mafiaboy acted alone in the Web assault on CNN`s site or was part of a group. They also would not divulge how many computers he may have used.
In Washington, US Attorney General Janet Reno said on Wednesday that Mafiaboy must face punishment.
"I think that it is important first of all that we look at what we have seen and let young people know that they are not going to be able to get away with something like this scot-free," Reno told reporters on Capitol Hill. "There has got to be a remedy, there has got to be a penalty."
Reno said the US government continued to work with industry on that incident and others, now that law enforcement has shown it can crack cyber-attack cases.
"I believe this recent breakthrough demonstrates our capacity to track down those who would abuse this remarkable new technology, and track them down wherever they may be," she said.
In the February Web site assaults, attackers meticulously obtained remote control of computers around the world. They then used the computers to bombard the targeted Web sites, flooding them with so much data that legitimate users were temporarily denied access or service.
Police refused to provide any details that would identify Mafiaboy, or comment on speculation that he attends a suburban Montreal high school. The Mounties` Inspector Roussel downplayed Mafiaboy`s computing hacking abilities, saying he likely did not have to devise any special programs to gain access to targeted computers.
"It is our evaluation that Mafiaboy was not that good, actually. He had a good knowledge of computers, however, he was not what we could call a genius in that field," Roussel said.
William Lynn, an FBI agent who is assistant legal attache at the US embassy in Ottawa, said investigators were not surprised to discover that Mafiaboy was a juvenile.
"In our profiling of these types of matters it is common for us to consider this as a possibility," he told reporters. John Vranesevich, founder of the security Web site AntiOnline.com, said he believed the attack on CNN was a copycat attack, and that the action against other sites such as Yahoo, E-Bay and Amazon were carried out by someone older and more sophisticated.
"MafiaBoy is `an` attacker, but he is not `the` attacker,`` Vranesevich told Reuters in a interview, saying the CNN attack was very haphazard and unskilful. "He did not use any of the usual techniques to cover his tracks, in fact he bragged about it."
Jeffrey Johnson, chief executive of Meta Secure-com Solutions, an Atlanta-based electronic commerce security firm, said that in such Web attacks, hackers usually use several "zombie" computers to which they had already illegally gained remote control to flood the target site with incoming streams of nuisance data.
Johnson said Mafiaboy had been well known in the hacker underground and in a popular Internet chat room for about two years. Mafiaboy stood out from others because he often bragged in the online chat room about how he planned to take down a few Web sites.
"He was looking for bragging rights. He was doing it to show that he has power," Johnson said.
Share