How I Cracked the Internet and Why It’s Still Broken
Catching up With Mafiaboy. And He’s Got Some Advice for You.
The book is the story of Michael Calce’s involvement in hacking, from his early adventures on AOL, launching the attacks on Yahoo, CNN and eBay in 1999 to the resulting investigation, trial and sentencing that followed. The second part of the book covers a bit of his life afterwards. But it is mostly on how hacking has changed since his Mafiaboy days and ways for users to protect themselves online.
When I first came across the book I had to google “MafiaBoy” as, while the name sounded familiar, I couldn’t recall who he was. In short, besides his age and the high profile of his targets, his story isn’t that unique: “teen hacks website” is almost a cliche at this point with everything from James Bond to Doctor Who featuring young computer geniuses who are up to no good. So it’s worth asking beyond who was MafiaBoy, what exactly did he do, and does it matter nearly ten years on.
Who is he?
Michael Calce is an Italian Canadian who grew up in Montreal, Canada. He got started on a PC in the early 1990s and drifted into hacking initially though looking for games to play, before discovering AOL (American Online) and from there, to the Internet. Most of the book covers his Archangel/Mafiaboy (incidentally, the ‘Mafiaboy’ handle was first used by his older brother to download music) days. It ends with his release from a group home in 2002.
Since his release, he’s followed, fellow one-time black-hatter, Kevin Mitnick’s trajectory: doing time than going into the computer security business, writing a computer security column in Le Journal de Montréal as well as consulting work. That writing shows in the book as when he explains the underground economy and threats to PCs in plain English, and, it seems, without a lot of hyperbole — maybe the inflated numbers thrown around at his trial are remembered?
What did he do?
The question of whether Michael was just a “script kiddie” or the expert cracker, as early police press-releases dubbed him, seem to be a bit ambiguous. He worked with other, more experienced coders. Calce seemed to have come up with the idea of something he called an “MDDoS” (Mega-Distributed-Denial of Service) attack which boils down to being able to launch an attack on a target by chaining together many compromised computer networks. For this, he says he worked with another coder whose interest was in building the software as a challenge but had no interest in personally using it.
How was Michael caught? It seems to be a combination of him bragging on IRC (Internet Relay Chat, an early online messaging system), which led to an interest in a dormant hacking case from several years back, possibly an informer or mole either online or someone in Michael’s family or friends, and finally, his father’s house being bugged. It was a combination of old and new investigative techniques that brought the RCMP to his dad’s door at 3 am in February 2000.
In the end, he pleaded guilty to 56 criminal charges and received, likely because of his age — 15 at the time of the attacks — and lack of a criminal record, eight months in a group home plus a year’s probation.
The second part of the book is about Internet security and a warning that his brand of pranksters who fought each other on IRC channels in the 1990s are far less dangerous than the less-visible but more numerous, criminally-minded hackers. The latter engage in extortion, identity theft and other profitable ventures today.
The subtitle of the book “How I Cracked the Internet and Why It’s Still Broken” should have been “How I Cracked the Internet and How It’s Still Broken”, as the second part of the book, Mafiaboy 2.0, does a good job explaining the state of security on the Internet. There isn’t a lot of ‘why’ covered in this book, apart from one, at his trial, of the Crown’s expert witness, Allan Paller, admitting that Michael’s attacks could have been blocked, but this would have involved equipment updates, i.e. money.
The mystery to me is why no-one had taken down Yahoo before Michael did in 1999? Was it that those capable of it also realized the attention it would cause? Was he just better at assembling botnets than his competitors on IRC? Was the coder he worked with that good? This wasn’t answered in the book.
In the end, the book does a fair job explaining how Michael drifted into hacking, what he eventually did and how the Internet has changed since 2000. While the book is not quite a page-turner, there’s a gentle humour, primarily through Michael’s dealing with father, such as when he explains the rules about cigars and eating, that keep the story from being too dry.