'Mafiaboy' busted in DoS attacks

Royal Canadian Mounted Police say they got their man -- a 15-year-old, actually -- who is believed responsible for February's huge attack on Web sites.

A group of law enforcement agencies from the United States and Canada worked together to arrest a 15-year-old Canadian and charge him with February's high-profile denial-of-service Web attacks.

The teen, whose name was not released due to his age, used the handle "Mafiaboy." He was arrested April 15 and formally charged two days later with two counts of mischief to data, after police searched his house.

In Washington Wednesday, U.S. Attorney General Janet Reno said Mafiaboy must be punished.

"I think that it's important first of all that we look at what we've seen and let young people know that they are not going to be able to get away with something like this scot-free," Reno told reporters on Capitol Hill. "There has got to be a remedy, there has got to be a penalty."

Reno also issued a stern warning to other cybervandal wannabes.

"I believe this recent breakthrough demonstrates our capacity to track down those who would abuse this remarkable new technology, and track them down wherever they may be," she said.

But in what could be a warning to Web sites, authorities said the hacker was not especially skilled technically, yet he was able to cripple a handful of prominent Web sites.

"He had a good knowledge of computers, but he was not what we would call a genius," said Staff Sergeant Jean-Pierre Roy of the Royal Canadian Mounted Police (RCMP) during a news conference Wednesday.

The RCMP said punishment could include 10 years in prison.

An RCMP spokesman said the FBI had contacted them early in February after the attacks were launched.

While awaiting trial, the youth was forbidden from using computers other than at school and ordered not to connect to the Internet. A curfew was also ordered by the court.

Police said the investigation is continuing and more charges may be filed against Mafiaboy or other individuals.

'It is our evaluation that Mafiaboy was not that good, actually.'|RCMP Staff Sgt. Jean-Pierre Roy An FBI official said he did not anticipate pressing charges in the United States at this time.

"Unlike most crimes, cybercriminals know no borders and respect no sovereignties," said Bill Lynn, assistant legal attache for the FBI. "Theirs is a world constrained only by the breadth of the Internet."

Mafiaboy is specifically accused of the four-hour attack on CNN.com on Feb. 8.

Police said the youth boasted of the attacks in chat rooms and other areas.

"Hackers like to brag about their ability; they like to show off that they were good at it and that they are the best," said the RCMP's Roy. "It is our evaluation that Mafiaboy was not that good, actually."

The attacks involved using one computer to launch an attack via 'slave' computers worldwide. The slave computers can be used without their owners' knowledge -- the hacker has the computers send large amounts of data to the target site in a short period of time, essentially overloading the targeted site. It's the equivalent of having millions of people make a phone call to the same number.

Computers at the University of California at Santa Barbara were used in the attack on CNN. ABC News has reported that investigators used logs from UCSB's computers to trace the attacks to Mafiaboy.

Mafiaboy also allegedly participated in chat rooms where he asked other hackers what sites should be attacked next.

The attacks, which took place over three days, eventually brought down several major Internet sites, including Yahoo! Amazon.com, eBay, CNN.com and ZDNet.

The news sent shock waves through the Internet community, exposing how easy it was for someone relatively unskilled in computer knowledge to cause a large amount of damage.

Bruce Schneier, chief technological officer of Counterpane Internet Security Inc., said there is "a lot of vindictiveness in recent punishments" of computer crimes.

"I think that these people should be punished," said Schneier, adding that "by making the laws so onerous because we are scared we are actually hurting ourselves."

Schneier, the author of "Applied Cryptography," likened the current situation to the Wild West when lynch mobs hung horse thieves. "These recent attacks are akin to cow tipping," he said.

Robert Lemos, ZDNet News, and Reuters contributed to this report.