Cold Open
Three, two, one…and we’re live/
Thank you very much, Lou, said Wolf Blitzer. We are in the Oval Office here with President Bill Clinton. Mr. President, thank you so much for doing this historic first-ever online news interview with CNN.com.
It was Valentine’s Day 2000, and President Bill Clinton was waiting for Wolf Blitzer to finish his introduction.
Clinton had given thousands of interviews before. But this interview was being streamed live across the Internet. It was the first time a president had done that.
So, no kidding it was historic.
As Blitzer continued, Clinton thought of other presidential firsts.
Warm body Rutherford B. Hayes was the first president to use a telephone in 1877. Clinton’s fellow presidential horndog, Warren G. Harding, was the first to speak on the radio in 1922. In 1939, FDR, that blue-blooded socialist, made the first televised presidential address.
All of these activities would become common for a president. But the first time a president did them, it meant something. And now, at the dawn of a new millennium, Clinton was following their example.
Clinton had many reasons to be thankful for the Internet, besides this little interview. For one, the dotcom boom was fueling an economic revival that he was happy to take credit for. A strong economy made it much easier for the public to forgive that whole “lying about hooking up with an intern” thing. Not to mention the blue dress.
But the Internet also had a downside. After Wolf Blitzer asked some preliminary questions about the Republican presidential primary and Hillary Clinton’s campaign for a New York senate seat, he turned to a more pressing issue.
Do you think, Mr. President, the federal government can do more for Internet security? Blitzer asked.
Clinton knew the question was coming. Over the past week, someone had been targeting websites like Amazon, eBay, and even CNN.com with crippling Denial of Service attacks, grinding business to a halt and costing millions in lost revenue.
The FBI believed the culprit was an Internet user named Mafiaboy. Was he a terrorist? A criminal? An anarchist? Nobody knew.
I think it's important the American people not overreact to this, Clinton answered. That is, we are into a whole new world with the Internet, and whenever we sort of cross another plateau in our development, there are those who seek to take advantage of it.
In reality, the public, and Clinton, had every reason to overreact. Mafiaboy’s cyberattacks didn’t just inconvenience some online shoppers. Investors in these websites were panicking and selling off shares as fast as they could. Angry CEOs across the tech industry were demanding to know how the attacks happened, and what Clinton would do about it. His staff already cleared the president’s schedule for a summit with these leaders, which was scheduled for tomorrow.
But worst of all, Mafiaboy had exposed fundamental weaknesses in the Internet’s architecture. Confidence in the Internet was shaken. Without it, Clinton’s economy could go up in flames.
All of this made Mafiaboy Public Enemy #1.
A few minutes later, the interview came to an end and Clinton’s staff whisked him away to his next appointment. As they walked, his chief of staff, John Podesta, approached him.
Mr. President, the FBI thinks Mafiaboy is in Canada. Reno is ready to reach out to the Mounties for assistance.
Shit. It would have been so much easier if Mafiaboy were located in the US. At least Canada was likely to cooperate.
Do it, Clinton said wearily. Mafiaboy was in the FBI’s crosshairs. But until he was captured, the Internet wouldn’t be safe.
On this episode: script kiddies, hacker gangs, international manhunts, and Bill Clinton. I’m Keith Korneluk and this is Modem Mischief.
You’re listening to Modem Mischief. In this series, we explore the darkest reaches of the Internet. We’ll take you into the minds of the world’s most notorious hackers and the lives affected by them. We’ll also show you places you won’t find on Google and what goes on down there. This is the story of Michael Calce, aka Mafiaboy.
Act One
It’s late summer in 1995 and Dade Murphy sat down at the desk in his bedroom, slipped on his shades, and got to work.
He picked up the phone and dialed the number for OTV. It was a local TV station in Manhattan, where he and his mother had just moved.
After a few rings, someone answered. Security. Norm speaking.
Norman? This is Mr. Eddie Vedder from accounting, Dade said. I just got a power surge here at home that wiped out a file I was working on. Listen, do you know anything about computers?
Uh, Gee…Norm said.
Right. Well, my BLT drive on my computer just went A-W-O-L. I got this big project due tomorrow for Mr. Kawasaki. If I don’t get it in, he’s gonna ask me to commit seppuku. You know those Japanese management techniques.
Dade asked the guard for the serial number for a modem at OTV, then walked him through how to find it. Norm dutifully read it off, and Dade was in the system.
Dade quickly gained control of OTV’s robotic tape-switching machine. He ejected the tape that was playing the current broadcast—some right-wing talk show called America First—and replaced it with a rerun of The Outer Limits.
SFX: Outer Limits theme.
Dade smirked, sat back, and sipped his Jolt Cola. But then, a message appeared on his screen.
U Have Tread In My Domain & Now U Must Suffer. Who R U
Dade, an elite computer hacker, had just been hacked!
Dade typed his hacker handle, “Crash Override.”
Who wants to know? He asked.
Acid Burn, the other hacker responded.
Acid Burn demanded that Dade log off. Not gonna happen. The fight was on.
Suddenly, the OTV feed switched from The Outer Limits to an old timey swashbuckling movie. Acid Burn’s handiwork. Dade typed furiously. He switched it back, this time to a western. They went back and forth. A World War II movie, a sword & sandals epic, a dinosaur adventure, a fighter plane movie.
Suddenly, another message appeared on Dade’s screen: Connection Terminated. He was kicked offline. Whoever Acid Burn was, they were good.
That’s a scene from the 1995 movie Hackers, starring Johnny Lee Miller as Dade “Crash Override” Murphy and Angeline Jolie as Kate “Acid Burn” Libby.
Here at Modem Mischief, we try to tell hacking stories as accurately as possible. Hackers did no such thing.
Hackers is about as accurate to computer hacking as Star Wars is to astrophysics
Hackers wasn’t kindly reviewed when it was released, and it made just $7.5 million worldwide. Most adults recognize it for what it is: a silly and fun B-movie.
But Hackers wasn’t really made for adults. It was made for preteens and teens. For them, a horny hack-fest like Hackers can change their life.
Like it did with Michael Calce, aka Mafiaboy.
When Hackers came out, Michael was an 11-year-old brat who liked to fuck with people on America Online. He would log onto chatrooms and insult everyone, or he would “punt” them, AOL slang for overloading someone’s modem with so much data it knocked them offline.
After a messy divorce and custody battle, Michael’s father John got him his first computer when he was six, bringing it home from the office where he ran a successful bussing company.
To Michael, it wasn’t a toy. Sure, he played games on it, but he also spent hours learning its inner workings. It gave him a sense of power he never felt before.
Otherwise, when he wasn’t on his computer, Michael was a popular middle schooler who did reasonably well in school, played basketball, and loved hanging out with friends.
Naturally, Michael pirated his copy of Hackers, downloading it over his dad’s slow-as-hell dial-up connection. Immediately, he fell in love. Sure, Angelina Jolie was partly responsible, but Michael was drawn to the hacking itself.
America Online was the kiddie pool of the Internet. Hackers showed Michael there was so much more.
That scene from earlier is Michael’s favorite in the whole movie. While it’s not a particularly realistic depiction of hacking, it has everything that would excite an 11-year-old mind.
First, there’s the TV station hack itself. It’s the ultimate middle-finger to authority and family values.
But the other element of that scene is the hacker battle between Crash Override and Acid Rain. Crash wasn’t just hacking the TV station so he could watch The Outer Limits. He was doing it to flex, to show off his hacking skills.
Crash Override and Acid Rain were elite hackers who could infiltrate any system and manipulate the world around them to their advantage.
Michael wanted to be like them, badly.
On an AOL chatroom, Michael learned about the existence of Internet Relay Chat, or “IRC.” It was an early Instant Messaging application, particularly popular among hackers. They congregated on a series of IRC channels called EFNet.
Michael downloaded IRC. He needed a handle to introduce himself. He was named after the Archangel Michael, so “Archangel” it was. It sounded cool. Maybe not “Crash Override” cool, but cool enough.
Michael needed someone to show him the hacking ropes. So, he began reaching out to hacking crews. He hoped to be taken on as a trainee. But nobody was interested in an 11-year-old punk who only knew AOL.
But Michael was persistent. Finally, a crew called IWC agreed to take him on.
IWC was small and led by a hacker named Drakus. To Michael’s disappointment, they barely had any enemies to speak of. Michael had little hope to participate in the hacker battles like the ones in Hackers.
They mainly specialized in trading pirated games, software, and media. At the time, most Internet users, including hackers, relied on dialup. Obviously, this meant ultra-slow download times.
High-speed broadband did exist in 1995, but it was only available to big institutions like companies and universities. Companies typically had more stringent security. So, hackers would target universities.
The group’s leader, Drakus, gave Michael a simple task: he would run a hacking script that probed university servers for weaknesses. It looked for root access, which would give IWC complete control of the server. This would allow IWC to siphon off its broadband, which they would use for high-speed downloading.
It was grunt work. But it was the only way he could contribute. So, Michael did it. Over time, he built up a collection of more than 100 university servers, all under his control.
This took hundreds of hours of work. Michael regularly spent sleepless nights on the computer. He would catch up on sleep in school during class. He cared less and less about his schoolwork. He even began acting out, talking back to teachers and disrupting class.
When Michael was 13, Drakus suddenly vanished. The other members of IWC freaked out, wondering if he might have been busted by the feds.
Michael wasn’t particularly worried about that. Without Drakus’s leadership, the group quickly disbanded. Michael was alone again. He needed a new crew. Sure, Michael could try to find another small, safe crew like IWC. But he would never get elite status that way. He wanted more.
Michael studied the hacking scene on EFNet. Like any network of criminal gangs, the hacker crews on EFNet had a hierarchy. The big hacker gangs ran entire chat channels. These were like online meeting halls, places where everyone could hang out and boast about their wins.
Symbolically, these channels were turf. Controlling the most popular channel gave you clout. If you didn’t have clout, you were nothing.
But there was one way you could get clout: by taking over one of these channels yourself. The ultimate hacker power play.
The biggest chat thread on EFnet was called #exceed. It had about 3,000 members, and it was run by a group of hackers called Madcrew.
Michael probed the computers belonging to Madcrew members, hunting for weaknesses. Once he found one, he used an application called Hunter to take over their computer connection. Then, Michael used his army of zombiefied university servers to flood the chat channel and create new operator accounts. This gave Michael control of the channel. It only took a few minutes.
The main character in Hackers, Crash Override, real name Dade Murphy, has a signature line he displays on his enemies’ computers after vanquishing them: Mess With The Best, Die Like The Rest.
Michael knew he needed his own signature. He changed the topic message in #exceed’s chat channel.
What’s up, bitchez. I own you now.
Now, everyone knew who Archangel was, and the offers to join new hacker gangs came rolling in. Michael briefly joined up with one group, Alpha, before jumping ship to an even more elite crew, TNT/Phorce, or just TNT.
Michael was still a glorified script kiddie and not a coder. But now, he was part of a bona fide hacking crew, just like in the movie Hackers. The name Archangel no longer fit.
His brother Lorenzo had logged online to surf the web, under the username Mafiaboy. It was an ironic nod to the family’s Italian heritage. But to Michael, it sounded badass. Dangerous, even.
On TNT’s private chat channel, he typed a message: Call me Mafiaboy.
Michael was moving up in the hacker world, but his antics had attracted attention.
In June 1999, Corporal Marc Gosselin of the Royal Canadian Mounted Police got a call. It was the FBI.
Gosselin was a 20-year veteran of the Mounties. He’d started off as a SWAT team member, then transitioned to detective work. He was adept at reading suspects and finding their weaknesses. But he’d only been assigned to cybercrime for the last three years.
A high school in Oregon got hacked and their server was wiped, the FBI agent explained. It came from a Canadian Internet Service Provider.
Gosselin was assigned to the case. He got a warrant for the ISP and got an address for the hacker: a house in suburban Montreal, overlooking a golf course.
Problem was, the house was home to several people: John Calce, his wife Carol, Carol’s two children, and John’s sons Lorenzo and Michael. Gosselin didn’t know which of them launched the Outlawnet attack. All he knew was that the attack originated from the house, not who actually launched it.
At a loss, the FBI called Calce residence, hoping to glean any information they could.
Michael’s father John picked up the phone.
We have reason to believe there is hacking activity going on in your household, said the Fed.
John was taken aback. I’m sorry, but I barely know how to use computers, and there is no one here that would be capable of that. This must be some kind of mistake.
After some more back and forth, the Fed gave up and hung up. With no conclusive proof, Gosselin and the FBI’s case hit a dead end.
John tried to shrug off the incident. He believed the FBI really had make a mistake, but he also didn’t want any more trouble. So, he canceled the family’s Internet access.
This was no problem for Michael, who already hacked several random people’s internet accounts, giving him unlimited access to the web.
The Oregon high school server wipe was the result of carelessness on Michael’s part.
Michael found the server in the summer of 1999. It was a powerful server network, and he could use it to mask his IP address. But after a few months, Michael realized that the server logs were keeping track of every time he logged on. It was like a set of digital footprints leading right to him. He had no choice but to nuke it and move on.
It was an amateur mistake, the kind Crash Override would never make.
Michael didn’t learn how close he’d come to getting caught until much later. If he had, it might have stopped his hacking career in its tracks. But now, he was just getting started.
Act Two
On the night of May 7, 1999, Cao Rongfei got into bed next to his wife, Shao Yunhuan, who was already asleep.
Sleep wasn’t easy to come by lately. Both worked and lived at the Chinese embassy in Belgrade.
For months, the United States had been bombing strategic targets across Serbia, and especially in Belgrade. This was done to weaken the regime of Serbian dictator Slobodan Milosevic, who was conducting a campaign of ethnic cleansing against Kosovo’s Albanian population.
Rongfei was the embassy’s first secretary. His wife Yunhuan worked as a journalist. As Rongfei drifted off to sleep, suddenly there was a loud bang.
SFX: explosion
The roof above him exploded. Shooting pain raced through his face and eyes. He couldn’t see anything.
Yunhuan? Yunhuan? And then, he fell unconscious.
Rongfei woke up in a hospital, his face covered in bandages.
A doctor was explaining what happened. An American stealth bomber hit the Chinese embassy. It was aiming for a similar-looking war supply procurement building 350 yards away.
Yunhuan didn’t make it. Two other embassy employees were dead, and 19 others injured besides Rongfei—he was permanently blinded by shrapnel.
The Americans claimed it was a tragic accident, the result of a faulty map.
China wasn’t having it. Chinese media took pictures of a bandaged, weeping Rongfei, which would accompany newspaper articles about the bombing. Soon, he became a symbol of the tragedy. The country was outraged. The incident was considered a deliberate provocation by the Americans—and it demanded a response.
Four days later, websites for the US Energy Department, the Interior Department, and the National Park Service, were displaying a new message:
Protest U.S.A.'s Nazi action! Protest NATO's brutal action! We are Chinese hackers who take no cares about politics. But we can not stand by seeing our Chinese reporters been killed which you might have know. We won't stop attacking until the war stops!"
For many in American law enforcement, this was a worst-case scenario. The Internet was part of everyday life, but it was dangerously vulnerable to hacking. Since 1991, experts had warned of an “Electronic Pearl Harbor,” or a crippling cyber attack that would grind society to a halt.
This wasn’t that, but the Chinese were showing an increasing willingness to attack America’s Internet.
But in 1999, Michael Calce was barely aware of embassy bombings, or Electronic Pearl Harbors.
On the last day of freshman year, he was expelled from school.
Not that Michael really gave a shit. One high school was as good as another. After leaving Lindsay Place High School, he enrolled at Riverdale High School for tenth grade. He made no attempt to change his behavior. He put little effort into his schoolwork, and he kept talking back to teachers and disrupting class.
But while Michael was spiraling, Mafiaboy was thriving. Recently, Michael and his older brother Lorenzo moved in with their father John. This gave Michael nearly unlimited access to his computer.
Michael’s new hacker crew, TNT, was a lot closer to Michael’s idea of what a hacking crew was. For the members of TNT, it was all about being elite—or “leet” as they called it. They owned several chat channels on EFNet, and other crews were constantly trying to take them over. In 1999, the hackers on EFNet were mostly preoccupied with battling each other, to prove their “leet” status.
Michael was an eager soldier in the hacker wars. True, he wasn’t an elite hacker like Crash Override or Acid Burn–Michael could code, but not well enough to design his own tools. But he was part of a hacker gang.
The hackers’ weapon du jour was the Denial of Service attack. If a hacker wanted to take down a rival, they could bombard their rival’s server with information requests, so many that the overwhelmed server couldn’t respond.
But in the fall of 1999, a new kind of Denial of Service attack emerged online. More powerful programs could corral entire networks of servers to issue the same Denial of Service attack, increasing the power of the data stream exponentially. The kind of server network just like Michael’s.
This would come to be known as a Distributed Denial of Service attack, or DDoS attack.
He called his networks of computers zombies. A DDoS attack was like packing a room with zombies until none can go in or out
With DDoS attacks, Michael saw a way to end these hacker wars permanently. He wanted to create the most powerful DDoS program possible, one that he could launch from the comfort of his own bedroom. It was meant to be an awesome display of power that would deter other hackers from fucking with TNT ever again. Best of all, it would prove once and for all that Michael was elite.
Michael named the project “Rivolta,” after the Italian word for “Revolt.”
Michael knew he could never write such a program himself. So, he convinced another TNT member, Sinkhole, to write it for him.
Michael wouldn’t be unleashing his new weapon on another hacking crew. That wouldn’t be devastating enough
Michael needed to make a statement. He wanted to take out the most popular website on the Internet. At the time, this was the search engine Yahoo.com.
On Monday, February 7, 2000, Michael loaded up his program, aimed it at Yahoo, set it on a timer, and went to school. He wasn’t expecting it to work—he’d never tested it on a site like Yahoo before.
By afternoon Montreal-time, it was morning in San Jose, California, headquarters of Yahoo.
David Filo was in his office monitoring the company’s web traffic. Filo is a software programmer and electrical engineer, as well as one of Yahoo’s co-founders. Around 10:20 a.m., Filo noticed something strange.
Normally, it took Yahoo 1.6 seconds to load a web page. Now it was taking six. Filo kept refreshing the page, but it got slower and slower
Filo summoned three of his top engineers, and they got on the phone with Global Center, the hosting company that hosted Yahoo’s servers.
At first, the Global tech thought a router had failed. But then, they examined the incoming traffic.
Yahoo’s servers were being bombarded with millions and millions of packets of meaningless data, everything from diagnostic reports to requests for page views. It amounted to about 1 gigabyte of data a second.
It was like a tidal wave of data, a company spokeswoman would later say.
The Global tech tried to figure out where this data was coming from. There were more than 50 origins.
Yahoo was down. Millions of users couldn’t search the web, or access their email, or update their fantasy baseball rosters. And that was costing the company money by the second.
Are any of our servers unaffected? Filo asked the Global tech.
The Global tech found one on the east coast.
Reroute all Yahoo traffic there, Filo said.
This allowed Yahoo to slowly come back online. Filo and his team worked with Global to block off the tidal wave of meaningless data, and by that afternoon Yahoo was back.
Sure, the site was only down for an hour. But that alone had cost the company millions of dollars in revenue. Worse, Filo and his team had no idea who was responsible for the attack. They didn’t know what they wanted, and there was nothing stopping it from happening again.
Michael returned home at 4 p.m. Montreal-time and logged onto his computer.
The Internet was full of reports about the Yahoo attack. Project Rivolta was an international news story.
It was time to take a victory lap.
Michael logged onto a popular EFNet channel called #shells.
‘Sup, fuckers. He typed. Know that Yahoo attack? That was yer boi Mafiaboy. Told ya I was leet.
Bullshit, someone responded. The rest of the chatroom agreed. Michael might have scored some wins in the hacking scene, but taking down the Internet’s biggest website? Nobody thought he could do it.
After some more name calling, someone booted Michael out of the chat room.
Michael was furious. What was the point of taking down Yahoo if nobody would give him credit for it?!
Then, the next day, the website Buy.com was hit by a DDoS attack. The press was assuming the same culprit was behind it, but Michael had nothing to do with it. Now, here was some copycat, trying to prove that anyone could do what Mafiaboy had done.
Michael took it as a challenge.
That afternoon, Michael chose his next target: the online auction site eBay. He launched his attack, took it down within minutes, and held it down for more than an hour.
Michael logged back onto #shells. Everyone was talking about the eBay attack. Michael knew there was no point taking credit for it. Instead, he issued a challenge.
Yo, he wrote. What website would be impossible to bring down?
Someone suggested CNN.com. It had some of the highest traffic on the web and more than a thousand affiliated sites, all run on state-of-the-art servers.
Michael quickly launched his attack. He went back onto #shells.
Check CNN.com he wrote.
The chatroom freaked out. Mafiaboy’s legend was being born before their eyes.
However, not everyone on #shells was impressed. Like the FBI Special Agent Bill Swallow.
The series of DDoS attacks on American businesses had the US government and law enforcement in a panic, to put it mildly.
This was less than a year after the Chinese embassy bombing and retaliatory hacks. America had plenty of enemies in the world: China, Iraq, and Russia, just to name a few.
In the days after Yahoo, Buy.com, and eBay went down, the American government braced itself for the Electronic Pearl Harbor it had been repeatedly warned about.
These attacks were so devastating and so thorough that they had to be the work of a foreign adversary. Nobody anticipated the truth: that it was all just a 15-year-old trying to prove he had balls
So, when Special Agent Bill Swallow saw Mafiaboy’s boasts, at first he wasn’t buying it.
Swallow had infiltrated the EFNet hacking community for more than a year. He knew Mafiaboy as a loudmouthed script kiddie who liked to boast, someone who wanted to be elite but didn’t have the chops. Certainly not enough to take down Yahoo.
But watching Mafiaboy take down CNN in real time changed his mind. Now, here was their first lead.
In the following days, Michael continued knocking off high-profile websites like E*Trade and Dell.com.
For Michael, the adrenalin rush and ego boost of the past several days had been intoxicating. But now it was starting to wear off. Again, Michael hadn’t planned on any of this, and at 15, it was easy to get swept up in the moment.
Michael knew it was possible that hacking could get him in trouble. Hell, the main character in Hackers, Crash Override, was arrested and fined for taking down more than a thousand computers, when he was still in elementary school.
Michael had always figured that since his hacking was usually confined to the hacking community itself, law enforcement wouldn’t notice, or care.
But now, the more Michael thought about it, the more danger he seemed to be in. He had spent days boasting online about the attacks as Mafiaboy. Now, that felt too risky. He realized that people on EFNet could be anyone. Some were starting to ask questions.
A short time later, he removed his hard drive from his computer. He rubbed magnets all over it, then doused it in water. Not satisfied, he smashed it to bits with a hammer. Finally, he went to a nearby lake and chucked the fragments into the water.
Michael hoped it would never be found. But it was already too late to start covering his tracks.
Act Three
In April 2000, Michael’s father John Calce was led into a conference room inside the Royal Canadian Mounted Police headquarters, in west Montreal. He wasn’t in handcuffs, but that was only due to his privileged status as a wealthy business owner.
He sat down. Across the table was Corporal Marc Gosselin, the same Mountie who had zeroed in on the Calce household over the Oregon high school hack almost a year before.
Are you gonna tell me why I’m here? John demanded.
Mr. Calce, we have evidence that you were conspiring to hire a hit man to eliminate a business associate, Gosselin responded.
What?! John was dumbfounded. What evidence?
Gosselin produced a tape player and pressed play. The tape played a wiretapped recording of a phone call between John and some friends.
John was complaining about a business deal with an associate that had gone south over a contract dispute. Recently, the associate had placed a lien on John’s business.
Give him a good beating or something, John’s friend suggested on the tape. Something to scare the guy into removing the lien.
Oh, he’ll shit his pants for sure, John heard himself say. But then you open a can of worms, you know?
That’s it? John said to the Mountie. That’s all you’ve got? I was just venting! I never actually planned to hurt anybody.
We take threats of violence very seriously, Gosselin said.
This is about my son, isn’t it? John shot back.
You want to talk about your son’s hacking activities, go ahead, Gosselin responded.
John knew then to shut up.
The Mounties had picked up John and Michael on the same night. Their arrests were two months in the making.
In the days following the attacks on Yahoo and the other websites, the FBI assembled a team of its best cybersecurity investigators. They included Charles Neal, the head of the investigation into the notorious hacker Kevin Mitnick—whom we covered in episode 3. There was also Jill Knesek, another Mitnick investigator.
By now, it was clear that Mafiaboy wasn’t a terrorist. Like Mitnick, he was a youthful troublemaker.
That didn’t make his crimes any less serious. Mafiaboy had exposed dangerous vulnerabilities in the Internet. Sure, he wasn’t a serious criminal. But he’d shown serious criminals how to potentially extort online businesses.
And now, they were going to make damned sure he was going to pay for it, if for no other reason than to discourage others from trying it again.
The FBI discovered the source of the DDoS attacks and passed it along to the Mounties. The case was assigned to Corporal Marc Gosselin. When he discovered a phone number linked to one of Mafiaboy’s online accounts, he remembered it from the Oregon high school investigation.
Most likely, he was looking at the same hacker. And he wasn’t about to let Mafiaboy slip away again.
On February 18, FBI Special Agent Jill Knesek arrived to coordinate with Gosselin on the case. That led to the wiretaps on the Calces’ home, and those put John right here in the police station, answering questions about a supposed plot to hire a hitman.
It was an obvious pressure tactic. The Mounties released John that day, and eventually dropped all charges.
Michael wasn’t so lucky.
In Hackers, Crash Override and his crew are pursued by a Secret Service agent. They turn the tables on him and use their hacking skills to make his life miserable. They cancel his credit cards, reroute a phone sex hotline to his office, and so on.
When Michael first realized he was in trouble, on the other hand, he did what most 15-year-olds would do in real life: he told his dad, who got a lawyer. The lawyer urged Michael to keep his head down and expect an arrest.
It finally came two months later.
The judge agreed to let Michael out, under several conditions. He couldn’t use computers. He couldn’t see his friends, even though they had nothing to do with his case. And he couldn’t get in trouble at school.
In the coming months, the Canadian Department of Justice would be compiling evidence and deciding what charges to bring against Michael. In the meantime, he had to go back to Riverdale High School and continue his education like nothing was wrong.
At first, nobody outside of Michael’s family and friends knew his secret. But shortly after his arrest, the Mounties held a press conference announcing it. They didn’t reveal Michael’s name, since he was a minor, but they did announce that he was a student at Riverdale High School.
Reporters raced to the school with cameras and badgered students, asking them if they knew who Mafiaboy was. Soon, they discovered Mafiaboy’s real identity.
His parents pulled Michael out of school until the media attention died down.
That would take a while. Repeatedly, law enforcement and cybersecurity officials made media appearances to discuss Mafiaboy.
All of them, including Gosselin and Knesek, were making sure to point out that Mafiaboy was nothing more than an arrogant little script kiddie.
That pissed Michael off. Earlier, the feds thought the attacks were the work of sophisticated foreign hackers. Now, they were calling him a script kiddie. Which was it?
He wanted to tell his side of the story, to show that he knew what he was doing with a keyboard.
But for now, he had to keep a low profile and stay out of trouble.
That wasn’t easy for Michael, even under normal circumstances. He racked up infraction slips and finally got an in-school suspension. Michael’s lawyer worked out a deal to have Michael drop out of high school and work at a steakhouse until his legal ordeal concluded.
Michael spent the summer before what would have been his junior year in high school in limbo, waiting for the Canadian and American justice systems to decide what to do with him.
Finally, in September 2000, Crown Prosecutor Louis Miville-Deschenes made the announcement: Michael was facing 64 charges in total.
Some of the charges were related to the attacks on prominent websites. But most of them were related to Michael accessing university computers and using them to launch the attacks.
Michael’s attacks had cost those websites an estimated $1.7 billion dollars in lost revenue.
The evidence against Michael was overwhelming. Sure, he’d destroyed his hard drive, but the Mounties recorded 7.6 gigabytes of incriminating Internet traffic. They also had the wiretapped phone conversations in which Michael discussed the hacks. They even claimed to have an informant from IRC who relayed Michael’s chat transcripts to them.
Michael pleaded guilty to 56 of the counts. All that was left was to determine the sentence.
Since Michael was 15, the court appointed a social worker, Hanny Chung, to conduct a psychological profile. Michael had to win Chung over or he was facing jail time.
To Michael, Chung was a middle-aged square who had little working knowledge of computers, hacking, or the crimes Michael had committed. How could Michael be expected to explain to him what he had done?
Chung wanted to know why Michael had done it. Michael came up with a plausible-sounding story: according to Michael, he was only trying to help websites like Yahoo by pointing out their security flaws. It had nothing to do with being an elite hacker. He figured Chung wouldn’t know any better.
Then, Chung asked whether he knew what he was doing when he launched the attacks.
Michael could have said no. But he couldn’t resist.
Michael walked Chung through how he masterminded Rivolta. How he and Sinkhole designed the DDoS program to inflict maximum damage, and how he’d studied Yahoo’s architecture to attack its weak points. He relished retelling his exploits, even if the tech went over Chung’s head.
When it came time for Chung to testify, he told Judge Gilles Ouellet that he didn’t buy the “security testing” defense. He also didn’t find Michael remorseful for his crimes. If the sentence were lenient, Chung warned, Michael would be likely to reoffend.
In the end, the judge sided with Chung. Michael got eight months, plus probation. Since it was his first offense and it wasn’t violent, he’d be spending his time at a group home. By the time he got out, he’d be 19 years old.
Act Four
On their way out of the courthouse, Corporal Gosselin approached Michael and offered him his business card.
Once you get out, maybe you can help us, Gosselin said. Think about it.
As Gosselin walked away, Michael thought about the past few months. Gosselin had repeatedly told the press that Michael was an amateur hacker, a script kiddie in way over his head. This offer proved it had all been lies, another pressure tactic designed to get inside Michael’s head.
Which…Michael had to admit was pretty effective.
But in the parking lot, Michael tore up the card. He’d never work for the cops.
The stay in the group home had a sobering effect on Michael. Away from computers and the influence of the EFNet community, he began to think about how much time hacking had taken up in his life. He thought about his future, which at the moment didn’t look promising.
As the months wore on, Michael decided to leave destructive hacking behind. One he got out, he resumed his education and got a degree. Today, he works as a cybersecurity expert who helps protect companies against hackers.
Michael Calce was part of the second generation of hackers. The first generation inspired movies like War Games and Hackers, which provided the template for what an elite hacker should be.
Only, Michael didn’t try to become an elite hacker for the same reasons those hackers did–to access forbidden knowledge. He did it because it gave him a sense of power that was difficult to resist.
Whether he was a hacker mastermind or a kid amped up on caffeine and power, his Project Rivolta did cause more than a billion dollars in damage, and did expose the Internet’s vulnerabilities.
Michael became Mafiaboy at a time when Distributed Denial of Service attacks were just beginning to be developed as a tool in a hacker’s arsenal. He didn’t create them, and he had a shaky understanding of how they worked, but he was still able to use them to devastating effect.
Mafiaboy and Project Rivolta revealed the DDoS attack’s destructive potential.
Nation-states use them as weapons of war. In 2009, the North Korean government used a DDoS attack to disable several American government websites, including the White House.
Criminal organizations use DDoS attacks as well. In some cases, they’re used to overwhelm websites to extort their owners into paying a ransom fee.
The arrival of smartphones, tablets, and other interconnected devices allows hackers to issue even more powerful DDoS attacks. In 2016, hackers harnessed a network of more than 100,000 devices to generate a data stream of 1 Terabyte per second. With that, they hit the infrastructure company Dyn with a DDoS attack, taking down sites like Reddit, Etsy, Spotfiy, The New York Times, and CNN.
Mafiaboy might be gone, but Mafiaboy’s legacy is still with us today. I’m Keith Korneluk and you’re listening to Modem Mischief.
CREDITS
Thanks for listening to Modem Mischief. Don’t forget to hit the subscribe or follow button in your favorite podcast app so you don’t miss an episode. This show is an independent production and is wholly supported by you, our listeners and the best way to support the show is to share it. And another way to support us is on Patreon. For as little as $5 a month you’ll receive an ad-free version of the show plus monthly bonus episodes exclusive to subscribers. Modem Mischief is brought to you by Mad Dragon Productions and is created, produced and hosted by me: Keith Korneluk. This episode is written and researched by Jim Rowley. Edited, mixed and mastered by Greg Bernhard aka Marlon Dumbo. The theme song “You Are Digital” is composed by Computerbanditl. Sources for this episode are available on our website at modemmischief.com. And don’t forget to follow us on social media at @modemmischief. Thanks for listening!